Your web browser provides a window onto the Internet, but unless you are timely in updating the client you use then, say researchers with security vendor Kaspersky Lab,that window may be cracked and allow a draft of insecurity to blow through into your network, your computer and your data.
With the majority of online threats coming from the direction of the web, vulnerabilities in web browser clients are increasingly being used in order to infect networks and compromise data integrity. It's why the so called 'zero-day' exploits are so valuable within the cybercriminal community. While zero-days are hard, if not impossible, to defend against the unfortunate truth of the matter is far more people are leaving themselves exposed to attack simply by not keeping their browser clients updated.
Although full version upgrades tend to add a host of new features and improve the functionality of the browser, and as such grab the attention of what you might call the 'lazy updater', the same is not true of minor point upgrades. Yet these minor upgrades are, more often than not, far more important in the overall scheme of things and certainly when it comes to keeping your systems secure. It's the point upgrades that address plug the vulnerability gaps that are uncovered, that provide the enhanced security measures required to keep your data safe.
Using data on browser usage trends from a staggering 10 million randomly selected Kaspersky Security Network customers from various regions across the world, Kaspersky Lab has produced a report that analyses actual usage of web browser software by consumers. At the time of the analysis, across some 700 million launch events, Kaspersky Lab looked at 36 major versions of five web browser clients. The research provided some results that could be filed under 'hardly earth-shattering news' such as the fact that both Internet Explorer and Mozilla Firefox are continuing to lose market share to Google Chrome. However, there were a few more interesting surprises, especially when it comes to the 23% of users who do not have the latest version of a browser client installed.
Kaspersky Lab is quick to point out that this report is based on real usage statistics rather than just collating the user agent IDs seen by web servers to tally the most popular browser clients. Because of the methodology used to get the data for this report, Kaspersky Lab explains that it means users could have an up-to-date version of Google Chrome which they use day to day but equally also have an outdated copy of Internet Explorer installed which keeps a security hole open for potential attackers.
Of the 23% of users with an old version of a browser installed, 14.5% are running the previous version but a further 8.5% have an 'obsolete' client. When a new version of a browser is released, it takes on average a month before most users upgrade to the new client. One interesting statistic, given that users with alternative clients are often thought to be the more technically savvy and therefore most likely to upgrade almost religiously, was that 80.2% of Internet Explorer users had the latest version installed compared to 79.2% of Google Chrome users and just 66.1% of those running Mozilla Firefox. Yet the most notable examples of obsolete browsers are Internet Explorer 6 and 7, with a combined share of 3.9% which represents hundreds of thousands of users worldwide.
Andrey Efremov, Director of Whitelisting and Cloud Infrastructure Research at Kaspersky Lab, says “Our new research paints an alarming picture. While most users make a switch to the most recent browser within a month of the update, there will still be around a quarter of users who have not made the transition. That means millions of potentially vulnerable machines, constantly attacked using new and well-known web-born threats. This is strong evidence of the urgent need for proper security software which is able to react to new threats in a matter of minutes, not days or even weeks.”
You can read the full 'Global Web Browser Usage and Security Trends' report here.