Study: 40 Percent of Web Surfers Using Leaky, Vintage Browsers

If the food industry ran its business like the Internet browsing software industry, then consumers would be hurling lawsuits like bad tomatoes at the companies that give us Internet Explorer, Firefox and Safari.

The comparison is existent in a wide-ranging new study showing that approximately 40 percent of the Internet surfing public -- 576 million users -- browsed the Web using outdated and/or unpatched software, putting themselves and the computing public at risk.

The Methodology

Researchers from Google (Nasdaq: GOOG), IBM Internet Security Systems (Nasdaq: ISSX) and Switzerland's Communications Systems Group conducted the study.

Researchers examined surfing habits in June 2008 using data provided by Google. Seventy-eight percent of the users were running Microsoft (Nasdaq: MSFT) Internet Explorer, 16 percent used Mozilla Firefox, 3 percent ran Apple (Nasdaq: AAPL) Safari and less than one percent surfed using Opera. Most of the Web surfers at risk are using old, outdated versions of Internet Explorer.

Web-Based Threats Now a Priority

Two experts with computer security companies interviewed by TechNewsWorld seconded most of the study's findings, saying Web-based threats are now the top problem for IT professionals and consumers.

"This is not one problem, this is many, many problems," said David Perry, director of global education for Trend Micro (Nasdaq: TMIC). "We're not just talking one patch. You would need 100 to 150 patches. It's a very complicated landscape."

Web browsers started becoming problematic with the advent of multimedia on Web sites and the rise of Web 2.0 applications, Perry told TechNewsWorld. "[The browsers] are built to automatically execute code they find on the Web page, and people have found a way to make that code do things they want to do," like stealing personal information or setting up a computer as a "zombie," spewing out spam or malicious software code.

"The browser is one of the top attack vectors in use today," Ben Greenbaum, senior research manager at Symantec (Nasdaq: SYMC) told TechNewsWorld. "Almost every major attack involves the browser at some point."

Applications and plug-ins are also targeted, Greenbaum said, since many of those can involved outdated or nonsecure code even if running on an updated browser.

Browser Companies Must Become Security Experts

The solutions for bad browsers must focus on more research and responsibility by both software companies and those who use their products, both Perry and Greenbaum noted.

"The vendors have to get into the security research business," Perry said. "They don't just build a browser nowadays, they have to hire scientists to do the research so that they understand the vulnerabilities they are patching."

The updating process needs to be easier for consumers to understand, Greenbaum commented. "Some browsers have auto-update features; some do not. Some are enabled by default; some are not. The user does not want this to be a concern, but regardless, they still need to be protected.

"The first line of defense should be making sure all known vulnerabilities are addressed. That's partially the user's responsibility, but vendors could do a much better job," he added.