Network News

X My Profile
View More Activity
Posted at 7:00 AM ET, 07/ 1/2008

Forty Percent of Web Users Surf With Unsafe Browsers

By Brian Krebs

A comprehensive new study of online surfing habits released today found that only 60 percent of the planet's Internet users surf the Web with the latest, most-secure versions of their preferred Web browsers.

The study, conducted by researchers from Google, IBM and the Communication Systems Group in Switzerland, relied on data from server logs provided by Google for search requests between Jan. 2007 and June 2008. The researchers found that of the 1.4 billion Internet users worldwide at the end of March 2008, 576 million surfed with outdated versions of Web browsers.

The researchers also concluded that as a group, Mozilla Firefox users were the most likely to be using the latest, most secure and stable version of the browser: 83.3 percent of Firefox users were found to have the latest version installed at any given time. That's notably more than Web surfers using the latest versions of Safari (65.3 percent), and Opera (56.1 percent).

Only 47.6 percent of Microsoft Internet Explorer users browsed with the latest, most secure version (IE7), although for the purposes of this study the researchers automatically lumped all IE6 users into the "insecure users" camp. As a side note, I have to agree with this classification; anyone still using IE6 as their primary browser without adopting some other mitigation steps (such as running Windows under a limited user account) is playing Russian roulette with the security of their system and data.

The report concluded that Firefox users were more likely to be using the latest version because Mozilla's patch process is the quickest and most painless (no arguments there). Firefox downloads updates automatically and prompts the user to install them immediately. If the user declines the update, the patches are installed the next time the browser is started. Opera checks for a new version on startup, but requires the user to manually download and re-install the browser. Safari relies on an external Apple-updater that checks for new updates at regular intervals, and IE is updated roughly once every 30 days, when Microsoft issues patches on the second Tuesday of the month.

"We believe the auto-update mechanism as implemented within Firefox to be the most efficient patching mechanism of the Web browsers studied," the researchers wrote.

The researchers didn't seek to learn what percentage of browser users had insecure plug-ins installed. That's because the study was limited to data logged by Google's Web servers and the "USER-AGENT" fields passed by each browser (data that includes the application version, host operating system, default language and other information). Plug-in data generally isn't stored in that field.

Had they found a way to measure the number of browsers running outdated plug-ins, such as those for Flash Player, Java, QuickTime and Adobe Reader, it's a safe bet that the share of users surfing the Web with fully-patched browsers would be far below 60 percent (probably closer to 15 or 20 percent).

The researchers may have also conducted one of the broadest survey of browser market share to date. They found that by mid-June, IE (6 + 7) was the browser used by 78 percent of Internet surfers, while Firefox earned a 16 percent market share. Just three percent of Web users surfed with Safari, and Opera users made up about one percent.

By Brian Krebs  | July 1, 2008; 7:00 AM ET
Categories:  From the Bunker, Latest Warnings, Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Data Breach Reports Up 69 Percent in 2008
Next: Amazon: Hey Spammers, Get Off My Cloud!

Comments

It's a safe bet to say that most of the older IE users are in corporate environments that have yet to or have no plans to deploy IE7. I've seen organizations that are still using IE5 across the board (shaking head). One of the reasons for this is the use of Intranets that rely on ActiveX controls and/or certain functions/behaviors of the older browsers. To upgrade would require them to also upgrade their Intranets and possibly other integrated systems.

Also, while Firefox is updated quickly, deploying those updates as such in a corporate setting is next to impossible due to the nature of having to test the updates to ensure they don't break some critical functionality. That's why Microsoft went to the montly patch cycle to begin with, to satisfy corporate admins.

Anyway, for home users there is little excuse for not staying current with any and all software. In today's computing environment, everyone has to stay on the ball to thwart the bad guys. Otherwise, you're only making it harder on yourself and easier for them.

Posted by: TJ | July 1, 2008 7:52 AM | Report abuse

The ZoneLabs product, ForceField, turns the IE and FireFox browsers into virtual browsers (sandboxed). This supposedly makes those browser sessions impervious to keylogging and surreptitious downloading of malware when you visit an infected site. It doesn't protect you if you choose to (or fall for) intentionally downloading malware.

Posted by: ResistMalware | July 1, 2008 9:40 AM | Report abuse

And here I thought this was going to say that IE's market share was down to 40%. We can dream, I guess.

Posted by: KR | July 1, 2008 9:53 AM | Report abuse

Generally speaking, I wonder if Firefox users tend to be more computer security conscious than IE users, and hence more likely to keep software up-to-date.

Posted by: EL | July 1, 2008 3:46 PM | Report abuse

If IE7 wasn't so crappy maybe more people would be using it.

I use Firefox 2 99% of the time, using IE6 for one forum that only has RTF in IE, and for 'Patch Tuesday' of course.

Posted by: Keith R Warner | July 1, 2008 7:28 PM | Report abuse

I use relatively recent versions of browsers, but, in general, I do not update my Windows OS for the simple reason that Microsoft's downloads are often more dangerous than what they supposedly fix. Since adopting this strategy, I have had far fewer computer problems and my software doesn't "break."

Posted by: Stephen Cohen | July 1, 2008 8:15 PM | Report abuse

I run Firefox with all the latest and greatest plug-in versions. I run IE 6 only when necessary, which is rarely indeed. I can't stand IE, or Microsoft software generally and only use the O.S. regularly. If another O.S. ran the software that I wanted to use, I'd use it instead, especially as they have discontinued XP.


Posted by: Robert17 | July 2, 2008 3:01 AM | Report abuse

Shouldn't the article tittle say that 100% surf the web with unsafe browsers as they all have security issues. Patch one issue and other issue arises. I've tried all browsers available and all have their issues. Many use Firefox not because of its features or security but because they hate Microsft yet they still have to revert to using IE for certain sites as Firefox tends to have issues with some sites.

Posted by: Mars | July 2, 2008 12:15 PM | Report abuse

Mars> Many use Firefox not because of its features or security but because they hate Microsft yet they still have to revert to using IE for certain sites as Firefox tends to have issues with some sites.

Complete and utter nonsense.

I use Firefox because compared to IE it's hands down the superior browser, in features, flexibility, and security, and has been so for years. The *only* site I need IE for is Microsoft Update, which, of course, I visit primarily to keep IE patched, to the extent possible. Online banking, youtube, gmail, eBay, amazon, etc. I do entirely in Firefox on Linux (doing financial transactions of any kind with Windows, let alone IE, is Russian roulette), and have no problems whatsoever.

Posted by: antibozo | July 3, 2008 4:03 AM | Report abuse

I use Firefox for security reasons. The 'No Script' add-in, by defaults, stops all scripts running on all sites unless specifically authorized by the user (on a site by site basis).

If I mis-type a URL and end up at a bad place, the chances of that site firing up a malicious script on my machine are a lot lower. IE has nowhere near this degree of control.

This is common sense decision, not some 'fan boy', anti Microsoft, knee jerk reaction.

Posted by: Pajoh | July 9, 2008 12:53 AM | Report abuse

Another gem, Bk! Thanks. What I wonder is how long people are going to feel OK living with this threat of malware around them all the time. Malware has to be dealt with and eradicated and that can't be done by beefing up one's defences - not with the systems prevalent today. Malware will only disappear if it's obviously no longer a profitable enterprise. The conclusion is unequivocal.

Posted by: Rick | July 10, 2008 10:17 AM | Report abuse

@Mars:

No one has to use IE. No one. End of discussion. That's just ludicrous. Most browsers can reset their user agent so it's not an issue. IE however is a BIG issue. Merely stating IE is needed is a step in the wrong direction.

Posted by: Rick | July 10, 2008 10:19 AM | Report abuse

Just the last 2 days, when using even the IE7, have been over swamped to say the least with ads taking over the browser window. Talk about pop ups; so away with that nonsense, scans revealed ads coming from all kinds of advertising companies taking over the browser and bringing up ad sites. So, now I have downloaded Firefox... goodbye other browsers. Thanks. Judy

Posted by: Judy LaMont | August 16, 2008 11:18 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2013 The Washington Post Company