Out-of-date, vulnerable browsers put users at risk

Many users are waiting a month or more to apply important security updates that can protect them from exploits and malware.

Is your browser up to date? According to the results of a new survey from security software vendor Kaspersky, nearly a quarter of the browsers currently in use are out of date. Surfing the Web with a vulnerable browser is a recipe for disaster.

The Web browser has evolved to become the primary software used on many PCs. People access their email, surf websites, create documents and spreadsheets, access cloud-based file storage and sharing sites, and share with others on social networking sites -- all through the browser. Attackers no this as well, which is why it is exceptionally risky to use a browser with known vulnerabilities.

Kaspersky gathered anonymous data through its cloud-based Kaspersky Security Network. Kaspersky researchers analyzed the browser usage data from millions of customers around the world, and uncovered some concerning trends.

  • 23% of browsers are not current: 14.5% are still using the previous version, while 8.5% are using even older, obsolete versions.
  • When a new version of a browser is released, it can take nearly 10 days for it to surpass the previous version in usage, and an average of about a month for a majority of users to upgrade.

The major browsers all have automatic update mechanisms in place. The easiest way to make sure your browser is current is to enable the automatic updates and let them do what they're meant to do -- keep your browser up to date without requiring you to manage the process yourself.

There are some valid reasons for holding off on upgrading to a new browser version. Some users might feel like new versions just add arbitrary features -- bells and whistles -- they simply don't care about, so they choose to stick with the browser they're already comfortable with. Some users have been burned in the past by updating to a new version and finding out the hard way that some sites or plug-ins no longer work as expected -- if at all.

Justifications aside, it's important to apply browser updates as quickly as possible. Why? Because attackers can craft new exploits and malware to attack vulnerabilities in a matter of hours. Users can't afford to shop online, check bank account balances, or access other sensitive data using a browser with known vulnerabilities.

As Kaspersky points out, the data also reinforces the need for users to have effective, up to date security software in place. Andrey Efremov, Director of Whitelisting and Cloud Infrastructure Research at Kaspersky Lab, said, "That means millions of potentially vulnerable machines, constantly attacked using new and well-known web-born threats. This is strong evidence of the urgent need for proper security software which is able to react to new threats in a matter of minutes, not days or even weeks."

With the holiday shopping season getting ready to kick off, millions of users will be researching gift ideas, and making holiday gift purchases online. Attackers have marked their calendars as well, and there will almost certainly be a spike in Web-based attacks. It's even more important during the holiday season to make sure you keep your browser, and your security software up to date.

This story, "Out-of-date, vulnerable browsers put users at risk" was originally published by PCWorld .

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies