Firefox Users Most Secure on Internet, Study Reveals

[p858snake]

Firefox Users Most Secure on Internet, Study Reveals

Mozilla Firefox fans might rest a little easier these days after a study released Tuesday revealed that its users are most secure on the Internet.

The study "Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the "insecurity iceberg," was a collaborative effort conducted by researchers at The Swiss Federal Institute of Technology, Google and IBM (NYSE:IBM) Internet Security Services. The research offers a comprehensive analysis of Web browsers, particularly in the area of security. The study's aim was to analyze Web browser preference and behavior for people using the Internet.

Altogether, the study found that less than 60 percent (59.1) of people use up-to-date, fully patched Web browsers. Failure update browsers exponentially increases the chance for remote attacks executed by hackers, the study found.

In recent years, the Web has become the vehicle for malicious attacks, which have enabled cyber criminals to execute code that shuts down a system or takes complete control of a user's PC. Unlike years past, hackers now are creating new malware specifically to gain access to user's personal and financial information, with the aim of committing identity theft or selling it on the black market.

The study concluded that of the hundreds of millions of users accessing Web browsers worldwide, more than 600 million were at risk of attack for not running the latest, most secure Web browser version as of June 2008.

Firefox users were far and away the most likely to use the latest version, with an overwhelming 83.3 percent running an updated browser on any given day. However, despite Firefox's single click integrate auto-update functionality, 16.7 percent of Firefox users still continue access the Web with an outdated version of the browser, researchers said.

The study also revealed that the majority of Safari users (65.3) percent were likely to use the latest version of the browser between December 2007 and June 2008, after Safari version 3 became available.

Meanwhile, Microsoft (NSDQ:MSFT)'s Internet Explorer users ranked last in terms of safe browsing. Between January 2007 and June 2008, less than half of IE users -- 47.6 percent -- were running the most secure browser version during the same time period.

Opera ranked slightly higher than IE, with about 56 percent of users who said that they have applied the latest version of the browser to their computer. Of the four browsers surveyed, Opera ranked last in popularity, with a just 11 million users that comprise .8 percent of the marketshare.

Altogether, Safari has captured only 48 million users, equaling about 3.4 percent of the market -- a user base far surpassed by Firefox's 227 million and IE's 1.1 billion, encompassing 16.1 percent and 78.3 percent of the market respectively.

Researchers initiated the study to highlight the growing global problem of Web exploitation and the increasing number of users who log onto various Web browsers.

Among other things, the researchers aimed to address the growing number of threats launched by attackers in recent years that exploit Web vulnerabilities with stealthy and silent attacks for financial gain.

"Profit motivated cyber"criminals have rapidly adopted Web browser exploitation as a key vector for malware installation," researchers state. "As popularity of this attack vector has blossomed, there have been frequent reports of hundreds of thousands of Web sites succumbing to mass-defacement, where the defacement often consists of an embedded iFrame. These iFrames typically include content from servers hosting malicious JavaScript code designed to exploit vulnerabilities accessible through the user's Web browser and subsequently to initiate a drive-by malware download."

The researchers also stated that attacks have become so sophisticated that they are able to spread malicious code to numerous users by infecting "legitimate" high trafficked and popular Web sites, underscoring the need for users to apply the latest browser patches and updates when surfing the Internet.

Researchers also advised that in light of a more dangerous security landscape and the barrage of Trojans, botnets and other malware, users need to use the most recent version of the installed software and immediately apply the latest patches as they become available.

"With today's hostile Intent and drive-by download attack vectors, failure to apply patches promptly or missing them entirely is a recipe for disaster; exposing the host to infection and possibly subsequent data disclosure or loss," they said.

Source: Channel Web

[Berserk87]

just read this before you posted it.

interesting news indeed...

obviously there will always be that group of people that dont upgrade, mostly just because of lack of knowledge.

[zhangm Supervisor]

And then there are businesses that willingly sacrifice security updates to stay with a "known version" of software. Its a shame how many people are stuck with IE6 because their IT departments are too lazy to push out IE7 with the latest updates. :/

[Setnom]

^^ Yeah, even if they don't want to switch from IE to Firefox, they should definitively upgrade to version 7.

[x-byte]

Its a shame how many people are stuck with IE6 because their IT departments are too lazy to push out IE7 with the latest updates. :/

It's not because they're lazy. The company may have software that doesn't work well with IE7, or an internal web page/service that isn't compatible.

And it's no wonder why FF user are most secure. The browser urges you to update whenever an update is available.

[zhangm Supervisor]

It's not because they're lazy. The company may have software that doesn't work well with IE7, or an internal web page/service that isn't compatible.

These developers have had since mid 2005, when IE7 was first released for testing purposes, to get things working properly. They're clearly aren't being paid enough...or are being paid too much for what they do.

[DreadBoat89]

i was wondering if it was a must as a website designer to code for ie6 still... but with these numbers, over half don't use ie7... so it seems like a must >.>

[Joel]

And then there are businesses that willingly sacrifice security updates to stay with a "known version" of software. Its a shame how many people are stuck with IE6 because their IT departments are too lazy to push out IE7 with the latest updates. :/

So the businesses should pay to upgrade their software that was developed for IE6, when IE6 is still freely available and updated? Where's the ROI?

[tsupersonic]

doh

[portauthority]

These developers have had since mid 2005, when IE7 was first released for testing purposes, to get things working properly. They're clearly aren't being paid enough...or are being paid too much for what they do.

Get a job and see if your attitude changes.

Where are the Opera fanboys? :rofl:

[+Gary7 Subscriber²]

So the businesses should pay to upgrade their software that was developed for IE6, when IE6 is still freely available and updated? Where's the ROI?

There is none, that is why most major corporations are not moving to Vista. Some companies are still using W2K.

[PiracyX]

Firefox may be more secure than the earlier IE6 and only slightly ahead of IE7, but it is far from the most secure browser out there.

[x-byte]

These developers have had since mid 2005, when IE7 was first released for testing purposes, to get things working properly. They're clearly aren't being paid enough...or are being paid too much for what they do.

Some have software since the 90's still. It's not that "easy" for all companies to adapt to new technologies.

[+Gary7 Subscriber²]

Firefox may be more secure than the earlier IE6 and only slightly ahead of IE7, but it is far from the most secure browser out there.

Then what Is?

[Aerrow]

Cool. Like x-byte says the browser asks you if you want to update. Whereas with Internet Explorer you could have IE3 and they wouldn't care.

Then what Is?

Read this

www.populartechnology.net/2006/01/opera-is-faster-more-secure-and-more.html

[+Gary7 Subscriber²]

Cool. Like x-byte says the browser asks you if you want to update. Whereas with Internet Explorer you could have IE3 and they wouldn't care.

Read this

www.populartechnology.net/2006/01/opera-is-faster-more-secure-and-more.html

The blog you were looking for was not found.

That is where your link sent me.

[spenser.d]

Meh. I've been running IE7 on my XP Laptop without running AV for months now and haven't run into any problems whatsoever.

-Spenser

[Doli]

Meh. I've been running IE7 on my XP Laptop without running AV for months now and haven't run into any problems whatsoever.

-Spenser

Not every virus is going to come out and announce itself, "Im here! oh snap lets do some damage".

[PiracyX]

Then what Is?

cough....Opera :)

[+Gary7 Subscriber²]

Meh. I've been running IE7 on my XP Laptop without running AV for months now and haven't run into any problems whatsoever.

-Spenser

How would you know without an AV program??

[Doli]

cough....Opera :)

I do like Opera but you have to offer a bit more proof then "cough"

[Dance.]

I do like Opera but you have to offer a bit more proof then "cough"

burp.. Opera!

[Slimy]

How would you know without an AV program??

By scanning with online websites. By monitoring your computer. An AV program isn't the only way to know you're not infected.

[+Gary7 Subscriber²]

By scanning with online websites. By monitoring your computer. An AV program isn't the only way to know you're not infected.

Yes I know that, I wanted a reply from Spenser though.

[Doli]

By scanning with online websites. By monitoring your computer. An AV program isn't the only way to know you're not infected.

Online scanners cant prevent stuff from getting in, they only detect and remove.

burp.. Opera!

yea... funny?