Browser minefield: 637 million potential disasters waiting to blow up

Stephen Withers
Thursday, 03 July 2008 03:42

Your IT - Home IT

637 million users are open to security exploits that have already been blocked by developers, making them easy targets for drive-by download attacks. A joint study by ETH Zurich, Google and IBM has found over 40 percent of web users are running unpatched or outdated browsers

The analysis was based on Google's search and web application server logs from January 2007 to June 2008. This is significant for three reasons: Google attracts around 75 percent of web search users (so the numbers can reasonably be seen as representative - we're not talking about a small sample here), the company's use of cookies made it possible to identify most return visits, and the period was long enough to provide a good indication of the patterns involved.

You probably won't be surprised to learn which browsers were kept up to date and which weren't.

83.3 percent of Firefox users were found to be running the most secure version. At the other extreme, less than half (47.6 percent) of Internet Explorer users were up to date.

Two main factors seem to be at work. To Firefox's benefit, the browser makes it very quick and easy to install updates without the user having to initiate the process (depending on the settings). Consequently, the researchers found most users updated Firefox within three days of a new public release. The main reason people seem to have for not keeping Firefox up to date is the desire to keep using add-ons that may not work with the latest version.

So what's the story with Internet Explorer and the other big browsers? Pease read on.