The 18 month study, by researchers at the Swiss Computer Engineering and Networks Laboratory, IBM and Google, found that 83.3 per cent of Firefox users, 65.3 per cent of Safari users, 56.1 per cent of Opera users, and 47.6 per cent of Internet Explorer (IE) users were using fully patched browsers.
“For years the software industry has promoted one security best practice over all others: always use the most recent version of the installed software and instantly apply the latest patches,” said the authors of the paper “Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the "insecurity iceberg"”
“With today’s hostile Internet and drive-by download attack vectors, failure to apply patches promptly or missing them entirely is a recipe for disaster; exposing the host to infection and possibly subsequent data disclosure or loss.”
Browser patching is becoming increasingly important as the majority of the internet malware currently in circulation enters user’s systems via poorly patched browsers.
The research also found that IE users were also the slowest to upgrade their browsers. Nineteen months after the release of IE7 barely half of IE users had upgraded (52.5 per cent) compared to 92.2 per cent of Firefox users.
The researchers recommend that software companies should introduce autoupdating of browsers as an automatic system and should time stamp older browsers with a “best before” date similar to the food industry.
The researchers also criticised Microsoft’s monthly patch cycle approach.
“While Microsoft’s operating system auto-update functionality encompasses the Internet Explorer update mechanism even if the browser is not in use, the fact that patch updates (for both Internet Explorer 6 and 7) are typically only made available on a monthly basis means that updates are released less frequently (when compared to Firefox), which can result in a lower short term patching effectiveness,” they said.
The study also gave an up to date picture of browser market share, with IE getting 78 per cent, Mozilla’s Firefox at 16 per cent, Apple’s Safari at 3 per cent and Opera managing just 0.8 per cent.
Firefox users shown to be safer
By Iain Thomson on Jul 8, 2008 9:04AM