On TV.com: No LOST Promos? No Problem.
BNET Business Network:
BNET
TechRepublic
ZDNet

July 1st, 2008

Study: 637 million Google users surfing with insecure browser

Posted by Ryan Naraine @ 1:19 pm

Categories: Adobe, Apple, Arbitrary Code Execution, Browsers, Data theft, Firefox, Flash, Malware, Microsoft, Mozilla, Phishing, Responsible disclosure, Vulnerability research, Zero-day attacks

Tags: Google Inc., Mozilla Firefox, Apple Safari, Web Browser, Web Browsers, Internet, Ryan Naraine

637 million Google users surfing with insecure browserAccording to a new study from researchers at Google, IBM and ETH Zurich, there are about 637 million Google users surfing the Internet with a vulnerable Web browser.

Using data from Google search queries and security vulnerability aggregator Secunia, the study (HTML or PDF) found that a whopping 45 percent of Google users “were not using the most secure Web browser version on any working day from January 2007 to June 2008.”

[ SEE: Techmeme discussion ]

The researchers used the most recent major versions of Internet Explorer 7 (IE7), Firefox 2 (FF2), Safari 3 (SF3) and Opera 9 (OP9) as the benchmark version for the most secure Web browser measurements and suggests that the auto-update mechanism in Mozilla Firefox is working well to keep users up to date.

We discovered that at most 83.3% of Firefox users, 65.3% of Safari users, 56.1% of Opera users, and 47.6% of Internet Explorer users were using the latest most secure browser version on any day between January 2007 to June 2008. For the latest version analysis of Safari, we only considered the date range Dec 2007 to June 2008, when Safari version 3 became widespread.

However, despite the single-click integrated auto-update functionality of Firefox, rather surprisingly, about 17% Firefox users (one out of six) continue to surf the Web with an outdated version of the Web browser.

The entire report is a valuable read on the state of browser security but, as Brian Krebs points out, the conclusions should be considered conservative since it does not include information on vulnerable plugins (think Flash Player, Adobe Reader, Java, QuickTime, etc).  Also, bear in mind that these numbers only represent Google users.  In China, for example, Google is the number two search provider behind Baidu, meaning that a large percentage of Web users are not included.

More from Asa Dotzler and Hackademix.

* Image source:  laihiu’s Flickr photostream (Creative Commons 2.0).

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 49 Talkback(s)
You missed One! Study Thy Enemies
I have VMs that I use to study virus and sites that try to invade on my "turf" and steal my data, or use my host to further their ultimate goals.... (Read the rest)
Posted by: khongphutu@... Posted on: 07/29/08 You are currently: a Guest | | Terms of Use
Laziness, ignorance or apathy  betelgeuse68 | 07/01/08
Laziness, ignorance or apathy  fr0thy2 | 07/01/08
or perhaps just good judgement?  Tivolier | 07/02/08
Pretty much describes your life...  socialism=nowhere | 07/03/08
Try Yellow Journalism  Duke E. Love | 07/03/08
That bird in the active Tech Pros ad is pretty  fr0thy2 | 07/01/08
Have to take your word for it  flatliner | 07/01/08
RE: Hasve to take your word for it  bfilipiak@... | 07/02/08
Touche!  thx-1138_@... | 07/02/08
IE6  itpro_z | 07/01/08
That's sad...  eMJayy | 07/02/08
True... But...  dbisse@... | 07/02/08
You have Misunderstood  mejohnsn | 07/02/08
IT departments that do not give XP users Admin privileges  MinorityReport | 07/02/08
...surprisingly no admin privilege...  radu.m | 07/02/08
Admin Privileges  blarman_z | 07/07/08
WEB Security Appliance at the perimeter...  dunn@... | 07/02/08
RE: Study: 637 million Google users surfing with insecure browser  dbisse@... | 07/02/08
It's easy to avoid.  joe.smetona@... | 07/02/08
An alternative or complement  mhenriday | 07/03/08
RE: Study: 637 million Google users surfing with insecure browser  haz113k | 07/02/08
Nothing about upgrading is easy for most users  MinorityReport | 07/02/08
"I have yet to meet a business laptop user with Vista for an OS"  Alan(UK) | 07/02/08
What?  RS9 | 07/02/08
Candidly, I can't help wondering if signature RS9  mhenriday | 07/03/08
Try This for Vulnerability  sportscenterisnext | 07/02/08
Moving to more security.  joe.smetona@... | 07/02/08
This is the same argument..  RS9 | 07/02/08
I've heard that before (many times)  joe.smetona@... | 07/02/08
Something that should be noted  tracy anne | 07/02/08
I personally find the study vague  nilotpal_c | 07/02/08
RE: Study: 637 million Google users surfing with insecure browser  levinson | 07/02/08
Is it Insecure or UNsecure  ted185@... | 07/02/08
Based on what I'm seeing...  RS9 | 07/02/08
Well DUH!  geminate7@... | 07/02/08
Invest?  SpikeyMike | 07/03/08
Laziness, ignorance or apathy  Know1 | 07/02/08
Schools!  sir4taye@... | 07/02/08
W/o admin rights -  SpikeyMike | 07/03/08
RE: Study: 637 million Google users surfing with insecure browser  ahmed.hasan@... | 07/02/08
Keep your computer and browser up-to-date  erniem1970@... | 07/03/08
You're not doing them any favors  SpikeyMike | 07/03/08
RE: Study: 637 million Google users surfing with insecure browser  dominus_excelsis@... | 07/03/08
Could lightweight Linux user account for the Firefox and Opera stats?  roystonlodge | 07/03/08
Are you ho's?  Duke E. Love | 07/03/08
Scunia and Businesses  safesax2002 | 07/04/08
RE: Study: 637 million Google users surfing with insecure browser  Thempleton | 07/05/08
What Safari update?  Master Dave | 07/21/08
You missed One! Study Thy Enemies  khongphutu@... | 07/29/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads