Security researchers from ETH Zurich (The Swiss Federal Institute of Technology) and Google have shown in a first-of-kind study that more than 600 million Internet users have vulnerable Web browsers and are therefore easy targets of attacks.

The researchers’ paper entitled "Understanding the Web Browser Threat" shows that as of June 2008, only 59.1% percent of Internet users worldwide use the latest major version of their preferred Web browser. The study revealed that 637 million Internet users worldwide who use Web browsers are either not running the latest version of their preferred browser or have not installed the latest patches.

These users are vulnerable to exploitation due to their web browser’s "built-in" vulnerabilities, but they are only the tip of the iceberg. The proliferation of insecure and unpatched plug-in technologies increase this number further.

The study’s most important finding is that technical measures now in place do not sufficiently guarantee browser security, and that users’ awareness must be further developed. Most users are unaware that they are not using their browser’s latest version. It must be made clear to Web browser users that outdated software is associated with significantly higher risk. The researchers therefore suggest that, as a critical component of software, a "best before" date be instituted, as is done in the food industry. Software updates must also be made easier to find.


Source: Global Security Mag