637 million browser users at risk

A group of researches on Tuesday said 637 million Web users are surfing with outdated Internet browsers and therefore at greater risk of Web-based attacks.

Using data collected from Google Web searches and security firm Secunia, the researchers, Stefan Frei (of ETH, Zurich), Thomas Dübendorfer (Google), Gunter Ollmann (IBM ISS), and Martin May (ETH, Zurich), analyzed the browsers used in a new report. They did so in an effort to understand why so many recent attacks by criminal hackers have been aimed at the browser, and why those attacks have been so successful.

Overall the authors found that roughly 40 percent of users were using insecure versions of Web browsers. Among the least compliant were users of Internet Explorer, which currently dominates the Internet browser market.

The data was collected in mid-June 2008. The users were scattered among 78 percent Internet Explorer users, 16 percent Firefox, 3 percent Safari, and 0.8 percent for Opera. Of these, 52 percent were running the latest version of Internet Explorer, 92 percent for Firefox, 70 percent for Apple, and 90 percent for Opera.

With such data, there is much to debate and discuss. What are your thoughts Neowin?

View: News.com

Report a problem with article
Previous Story

Competition inquiry delays broadcasters' online service

Next Story

Sony: A New Focus

20 Comments

Commenting is disabled on this article.

Al Gore is gonna be ****ed, he never intended the internet for botnets.

Seriously though, is anybody surprised that most end users don't bother with updates? Anybody who's worked a day of support knows that it's like pulling teeth to get people to update even if it will fix the immediate problem them have, let alone some abstract risk they don't understand.

Simple, other browsers should be more like Firefox and Opera. Browsers shouldn't rely on operating system updates and should be independently auto updated by the browser itself. Semi off topic but the browsers should also be updated regardless of authenticity of the operating system license.

A lot of people like a one place updater like microsoft update on windows or apt-get on debian/ubuntu. It makes life easier and in my mind beats having a separate updater for each program

The reason theres so many out-dated versions of Internet Explorer is because the non-tech savvy people (like us here) do not know how to update their browsers or don't feel the need to. Also, Microsoft doesn't give easy-updates unlike FireFox and Opera. FireFox (what I use) has a pop-up that basically says "Your version is out of date. Click here to upgrade" and downloads the files and updates them with no hassle at all. This is the different.

That is true IE dosn't have a version checker, but all IE updates is push through Windows Update so there no need to add that feature in IE.

(RedFlow said @ #6)
The reason theres so many out-dated versions of Internet Explorer is because the non-tech savvy people (like us here) do not know how to update their browsers or don't feel the need to. Also, Microsoft doesn't give easy-updates unlike FireFox and Opera. FireFox (what I use) has a pop-up that basically says "Your version is out of date. Click here to upgrade" and downloads the files and updates them with no hassle at all. This is the different.

When I originally got my IE 7 it was provided through Microsoft Update (formerly Windows Update). As is the case for the following three IE 7 downloads I had to get after reformatting on separate occasions. It's been a long time now since IE 7 was released, and the only way people wouldn't have it through Updates is if they purposely chose to not acquire it, and then hid it from view.

Of course they could also not have Updates turned on, and there are variety of reasons for that.

IMO, Microsoft makes it very easy for people to get updates. How much use of the tool that MS provided people actually make use of is their own decision... especially since everything is enabled by default.

Warning: Any and all Internet users at risk at any time in any part of the world with any browser on any operating system.

Our entire university still uses IE6. seriously. Get with the program carleton X-P
on that note, a lot of companies are not upgrading to IE7 either.... hmmm....

That's because people hate the way IE7's UI changed. If they could opt for the IE6 look & feel everything would be fine, but Microsoft insisted on jamming their ****tarded UI down everybody's throats.

(Airlink said @ #4.1)
That's because people hate the way IE7's UI changed. If they could opt for the IE6 look & feel everything would be fine, but Microsoft insisted on jamming their ****tarded UI down everybody's throats.

Our Uni still has IE6 too, It’s because some “legacy web apps” don’t work in IE7 or Firefox. Don’t ask me what they are, it’s just what we get told at Uni.

The UI of IE7 is a great improvement over IE6 in my opinion.

(Airlink said @ #4.1)
That's because people hate the way IE7's UI changed. If they could opt for the IE6 look & feel everything would be fine, but Microsoft insisted on jamming their ****tarded UI down everybody's throats.

Exactly why I still use IE6, when using Windows, that is.
Also hate the fact IE7 is to brain dead to remember usernames at sites in between restarts.

(InsaneNutter said @ #4.2)

Our Uni still has IE6 too, It’s because some “legacy web apps” don’t work in IE7 or Firefox. Don’t ask me what they are, it’s just what we get told at Uni.

The UI of IE7 is a great improvement over IE6 in my opinion.

This caused by laziness and bad management, microsoft gave these company admins and collage admins the opportunity to opt-out of updates, and swicth off updating computers across whole networks with one tick of a checkbox. Once they opt-out, it stays that way until something very bad happens.

(Deviate_X said @ #4.4)

This caused by laziness and bad management, microsoft gave these company admins and collage admins the opportunity to opt-out of updates, and swicth off updating computers across whole networks with one tick of a checkbox. Once they opt-out, it stays that way until something very bad happens.


what i figured

I'm running firefox 1.5, awesome browser!
And ******* alert: "Gunter Ollmann (IBM ISS)" yeh well in my mind since IBM took over ISS its gone right down, my firewall support (for imho the best firewall on Earth that I use for my server and PC) will end and no more updates will released, under a month left or so ?

I'm not sure how they could tell what security patches people had installed, but I can tell you one reason why many people aren't using the latest version of IE: backward compatibility (or the lack thereof) in newer browsers. My company still primarily runs IE6 because of a few legacy web-apps that don't work with IE7/FF. I think you'd find that this is a common situation.