Stephen Withers
Thursday, 03 July 2008 04:42
Your IT -
Home IT
Page 2 of 3
Internet Explorer suffered in the study from the continued use of version 6 at many sites. By the end of the study period, only 52.5 percent of IE users were on version 7. The rest may have had a good reason for not upgrading (the report points to applications with an embedded IE object), but that doesn't help with security.
Users of the other browsers - Safari and Opera as well as Firefox - adopted new major versions far more quickly. The takeup of Apple's Safari 3 was particularly rapid, exceeding 60 percent within three months of its release.
The authors conclude that Firefox's auto-update mechanism is the most efficient method for delivering updates as it polls for the availability of patches rather than relying on a schedule or user intervention.
But the browser itself isn't the whole story.
As the researchers point out, most browsers are used with one or more plug-ins, with Flash, Adobe Reader, Java, Windows Media Player, QuickTime and Shockwave each present on at least half of all browser installations.
Unless plug-ins are kept up to date, even an otherwise up to date browser can be vulnerable to remote exploits.
So what's to be done?
Apart from improving auto-update mechanisms, the report recommends browsers should prominently display (eg in the toolbar) the number of days since an update was first missed, along with the current number of uninstalled patches.
Since most of the popular browsers (IE is the exception) send detailed version information to web servers, popular sites (Google?) could insert a similar warning on their pages.
What about plug-ins? How could the industry make it easier for us to keep them up to date for safer surfing? See
page 3.
LATEST HEADLINES FROM YOUR IT
