When it comes to proper browser patching, many users are not up to snuff, according to newly released data from Qualys. Qualys, which is a service provider of on-demand solutions in the arenas of IT security risk and compliance management, recently reported on the state of browser security at the RSA Conference in San Francisco. Using its BrowserCheck service, Qualys found that approximately eight out of every ten web browsers being used by consumers are vulnerable to attacks.
The statistics on browser vulnerability are alarming, particularly when you consider that the possibilities of attack exist from bugs that have already been patched. In other words, 80 percent of browsers are simply lacking at least one patch that should have been updated. When asked about the surprisingly high percentage of unpatched browsers, Qualys' CTO Wolfgang Kandek said, “I really thought it would be lower.”
The statistics released by Qualys were tabulated using BrowserCheck, which scans machines operating under the Windows, Mac, and Linux platforms. BrowserCheck also scans 18 popular browser plug-ins, such as Flash and Reader from Adobe, Windows Media Player and Silverlight from Microsoft, Java, Quicktime, Shockwave, and more.
BrowserCheck data compiled since June 2010 revealed that anywhere between 65 percent and 90 percent of machines scanned by the service had at least one outdated component. The outdated component could have been the browser itself or one of the 18 plug-ins. The aforementioned statistic of 80 percent vulnerability among browsers applied to January 2011.
A deeper look into the BrowserCheck data shows that plug-ins are most responsible when it comes to being outdated. Approximately 30 percent of plug-ins are listed as having never been patched. Meanwhile, only 10 percent of PCs never received Microsoft patches. While 80 percent of browsers were reported as being unpatched in January 2011, that number drops to just 25 percent if plug-ins are excluded.
In terms of plug-ins, Java was listed as the most vulnerable or outdated, while Adobe's Reader and Apple's Quicktime came in second and third, respectively. Other plug-ins with high vulnerabilities include Flash, Shockwave, Windows Media Player, and Silverlight, in that order.
If the statistics released by Qualys say one thing, it's that users are updating their browsers more regularly than their plug-ins. This is probably due to a few reasons. First, many browsers update themselves. While Google's Chrome updates itself silently, browsers like Firefox or Internet Explorer update themselves automatically. Another probable reason for better updating among browsers versus plug-ins is recognition. Many users know their browsers, but some may not even know that certain plug-ins exist. This poses a danger to many users, as hackers have recognized the lack of knowledge as the perfect opportunity for exploitation.
As for improving the problem with browser vulnerability, Kandek believes there are two solutions. The first would be to have a single updater that handles browser patching as well as plug-ins. This would get rid of some of the confusion that comes with the updating process. The second solution would come with the release of more functional browsers that support HTML5. Since HTML5 can handle audio and video processing, it would eliminate the need for several plug-ins.
For more on this topic, visit http://www.pcworld.com/article/219905/bulk_of_browsers_found_to_be_at_risk_of_attack.html
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting News Articles
More By wubayou