600 million internet surfers at high risk from attack

Over 600 million internet users are using vulnerable web browsers, according to security researchers from IBM and Google.

This is due to the fact that many users were not using the most recent version of their chosen browser, which were at high risk as they were vulnerable to popular download attacks.

The study said 45.2 per cent of web users neglected to update their browsers, adding up to 637 million internet users worldwide who were either not running the latest version or had not installed the latest patches, which made users vulnerable to attack.

The research paper Understanding the browser threat', also involving researchers from ETH Zurich, said that only 59.1 per cent of internet users worldwide were using the latest major version of their preferred web browser.

The researchers said that the high download rate of the latest version of Firefox 3.0 was good news as it would be protected from the latest attacks. Firefox users were most attentive when it came to having the most recent browser version 92.2 per cent surfed with Firefox 2, the latest version before 3.0.

It was a completely different story with Internet Explorer, with only 52.5 per cent of Microsoft Internet Explorer users using the latest and most secure Internet Explorer 7 to surf the net.

Firefox users were also the best when it came to installing patches with 83.3 per cent of Firefox users using the latest major version of the web browser. This decreased to 56.1 per cent of Opera users and a low 47.6 per cent of Internet Explorer users who were not fully patched.

Gunter Ollman, director of security strategy for IBM Internet Security Systems, said of Internet Explorer users' vulnerability on his blog: "I think it may be a little unfair for many IE users to be grouped in the less diligent' bucket because they're stuck to using IE5 or IE6 for compatibility with their corporate applications."

"But quite frankly, in this climate of commercial mass-defacements, unfair' isn't going to keep them safe," he wrote.

The data was found by analysing USER-AGENT data collected by Google's web search and application servers around the world.

Researchers said that the most important finding from the study was that technical measures weren't enough to ensure web browser security and user awareness needed to be massively stepped up.

They said that most internet users were not aware they were using an outdated or unpatched browser, and that this was significantly risky. They suggested that software updates needed to be easier to find, and that a best before' date be implemented, similar to how the food industry works.

Ollman said: "I suspect that reactions to the concept will be quite mixed. Proponents of the concept may see dollar signs a built-in expiry date may result in more users updating to new versions of their software for a premium price."

"Meanwhile, opponents could argue that it would confuse users and just become a revenue vehicle for software vendors and the hardcore opponents may just argue that it's the user's fault, so why pander to them in the first place?"

"Personally, I think it's a great way of helping raise the visibility of risk to users as they surf the web and not just for web browsers, but for all types and classes of software."