Researchers from Google, IBM and the Communications Systems Group in Switzerland released a study Monday that shows only 60 percent of Web users are surfing with patched, updated browsers.
They estimated that only 576 million of 1.4 billion Internet users worldwide used the most secure  browsers. The data came from Google's server logs between January 2007 and last month.
Mozilla users are most likely to be using the latest versions of their browsers, with 83 percent of Firefox users patched. By contrast, only 63.3 percent of Safari users and 56.1 percent of Opera users have the latest versions. Microsoft Internet Explorer users ranked at the bottom with only 47.6 percent using the most secure version of IE7.
"We believe the auto-update mechanism as implemented within Firefox to be the most efficient patching mechanism of the Web browsers studied," the researchers wrote.
Confirming the Data
Security-research firm Sophos came to similar conclusions with its Endpoint
Assessment Test. The free online scanning service checks for security
vulnerabilities. It looks for missing Microsoft security patches, disabled client firewalls, or missing security-software updates.
After five weeks, Sophos compiled the findings, and the results showed that a whopping 81 percent of the corporate endpoints tested had failed one or more of these basic checks.
"Sadly, the Web is becoming more dangerous," said Carole Theriault, a senior security associate at Sophos. In fact, Sophos finds an infected Web page every five seconds. And almost 80 percent of these are legitimate sites.
"Sites become infected due to lax security, either due to poor maintenance or lack of understanding of the threat," Theriault said. "And this does not just affect small mom and pop sites."
Last week Sophos warned about a tennis-related Web site infected with malware, and on Wednesday it warned about Sony PlayStation Web pages.
Remedying the Problem
Web surfers are a major target for attackers. If you use a poorly protected computer and land on a site with malicious code, you seriously increase your chances of getting infected, Theriault said. "Basically, surfing the Web from a PC without the latest antivirus and security patches is about as safe as hanging out in the south pole in your birthday suit," she quipped.
Why is the problem so bad? Because hackers are actively looking to infect users and steal valuable information. Vendors are desperate to give customers a safe browsing experience and issue security patches regularly, but those only work if people download and install them, Theriault said.
Sophos recommends these safeguards:
Sign up for notifications from your browser vendor about new security patches and install them right away.
Consider turning off scripts so they don't run by default when a Web page loads.
Use up-to-date antivirus software and configure your firewall as tightly as you can without destroying the usability of your computer.
"Don't fall for unsolicited e-mails trying to lure you in with free stuff or great deals -- stick to well-reputed Web sites," Theriault said. "There is no silver bullet here, but these tips will certainly make you a much less attractive and vulnerable target."
|
Patch Tuesday Will Tie MS Record
Google Apps Controls Mobile Devices
Cloud-Computing Growth Expected
Google Attack Highlights Black Market
