TAG | Browser minefield: 637 million potential disasters waiting to blow up |
|
| by Stephen Withers | |
| Thursday, 03 July 2008 | |
|
Page 2 of 3 Internet Explorer suffered in the study from the continued use of version 6 at many sites. By the end of the study period, only 52.5 percent of IE users were on version 7. The rest may have had a good reason for not upgrading (the report points to applications with an embedded IE object), but that doesn't help with security.The authors conclude that Firefox's auto-update mechanism is the most efficient method for delivering updates as it polls for the availability of patches rather than relying on a schedule or user intervention. But the browser itself isn't the whole story. As the researchers point out, most browsers are used with one or more plug-ins, with Flash, Adobe Reader, Java, Windows Media Player, QuickTime and Shockwave each present on at least half of all browser installations. Unless plug-ins are kept up to date, even an otherwise up to date browser can be vulnerable to remote exploits. So what's to be done? Apart from improving auto-update mechanisms, the report recommends browsers should prominently display (eg in the toolbar) the number of days since an update was first missed, along with the current number of uninstalled patches. Since most of the popular browsers (IE is the exception) send detailed version information to web servers, popular sites (Google?) could insert a similar warning on their pages. What about plug-ins? How could the industry make it easier for us to keep them up to date for safer surfing? See page 3. |
| < Next story in category | Previous story in the category > |
|---|
