World of Insecure browsing

If you are surfing the web through a browser that isn't up to date then you fall under the pool of those 40% internet surfers who are more prone to malicious attack. Almost 59% people use the latest version of their internet browsers and they are safer compared to the above mentioned 40%. The numbers are disturbingly high for anyone working in IT security.


These figures are revealed as the result of a comprehensive study conducted by researchers at The Swiss Federal Institute of Technology, Google and IBM Internet Security Services. The researchers performed their analysis using Google's database of user information. The data between January 2007 and June 2008 was gathered for the analysis.


It was found during the research that although software vendors provide patches for security problems, users take days, weeks or months for updating their applications. However it was concluded that it's not solely the fault of users since the vendors haven't exactly made patching easy. Mozilla's Firefox was declared the best due to its auto-update feature, which tells users about the availability of a new patch and offers a one-click way to upgrade. According to the study, most Firefox users are up to date within three days. The updating features and installation wasn't found quick and easy for other browsers, such as Opera and Safari.


Who stays where?
IE7 is the oldest browser taken in the study but only 52.5 percent of the users surfing the web with Internet Explorer were using IE7. In spite of Microsoft's repeated and emphatic pleas to upgrade, 47.5 % IE users were still presumably using IE6. Firefox users were considered the best in upgrading, with 92.2 percent of Firefox users now using version 2 (Firefox 3.0 was not taken into account since the data gathered was between January 2007 and June 2008). 90.1 % of Opera users were using Opera 9 while 70.2 % of all Safari users currently running Safari 3.


Threats and recommendations
Web browsers are considered a weak link in the IT security chain. It becomes easy for hackers to gain control of a personal computer due to the software vulnerabilities. In the cases of hacking, hackers can perform malicious acts such as stealing personal data or turning PCs into spam-spewing drones.


The group suggested that auto-updates are a very good thing, and recommended that the feature be included in all browsers. The study recommended that corporate businesses should adopt URL Filters, or filters designed to prevent company employees from even touching websites carrying malicious content. One interesting recommendation is that the software industry follow the same type of labeling system as used by the food industry. If adopted, web browsers would be dated with a "Best before" label, and would automatically flag the user when the browser "expired."

Chart Source: SFIT

No comments: