40% of surfers don't bother with browser security updates
The study, conducted by researchers from Google, IBM and the Communication Systems Group in Switzerland, relied on data from server logs provided by Google for search requests between Jan. 2007 and June 2008. The researchers found that of the 1.4 billion Internet users worldwide at the end of March 2008, 576 million surfed with outdated versions of Web browsers.
The researchers also concluded that as a group, Mozilla Firefox users were the most likely to be using the latest, most secure and stable version of the browser: 83.3 percent of Firefox users were found to have the latest version installed at any given time. That's notably more than Web surfers using the latest versions of Safari (65.3 percent), and Opera (56.1 percent).
Only 47.6 percent of Microsoft Internet Explorer users browsed with the latest, most secure version (IE7), although for the purposes of this study the researchers automatically lumped all IE6 users into the "insecure users" camp. As a side note, I have to agree with this classification; anyone still using IE6 as their primary browser without adopting some other mitigation steps (such as running Windows under a limited user account) is playing Russian roulette with the security of their system and data.
The report concluded that Firefox users were more likely to be using the latest version because Mozilla's patch process is the quickest and most painless (no arguments there). Firefox downloads updates automatically and prompts the user to install them immediately. If the user declines the update, the patches are installed the next time the browser is started. Opera checks for a new version on startup, but requires the user to manually download and re-install the browser. Safari relies on an external Apple-updater that checks for new updates at regular intervals, and IE is updated roughly once every 30 days, when Microsoft issues patches on the second Tuesday of the month."We believe the auto-update mechanism as implemented within Firefox to be the most efficient patching mechanism of the Web browsers studied," the researchers wrote.The researchers didn't seek to learn what percentage of browser users had insecure plug-ins installed. That's because the study was limited to data logged by Google's Web servers and the "USER-AGENT" fields passed by each browser (data that includes the application version, host operating system, default language and other information). Plug-in data generally isn't stored in that field.
Had they found a way to measure the number of browsers running outdated plug-ins, such as those for Flash Player, Java, QuickTime and Adobe Reader, it's a safe bet that the share of users surfing the Web with fully-patched browsers would be far below 60 percent (probably closer to 15 or 20 percent).
The researchers may have also conducted one of the broadest survey of browser market share to date. They found that by mid-June, IE (6 + 7) was the browser used by 78 percent of Internet surfers, while Firefox earned a 16 percent market share. Just three percent of Web users surfed with Safari, and Opera users made up about one percent.
RELATED INFO:
Almost half of malicious sites tied to 10 networks
Mozilla patches nine security flaws in Thunderbird
Copyright 2011. Site powered by Bitdefender