Up-to-date fully patched web browsers are hugely important when it comes to keeping your PC secure, as vulnerabilities in browsers allow for personal data theft. However, research has identified that only 59 percent of web users ensure they have the latest and most secure version of their chosen web browser.
The research, which was undertaken by the Swiss Federal Institute of Technology, Google and IBM Internet Security Services, found that although software vendors provide patches for security problems, it can take days, weeks or months before people update their applications. In the meantime, those users are at risk.
But it's not entirely the fault of users, since web browser vendors haven't exactly made patching easy, said Stefan Frei, a doctoral student at the Institute, which is known as ETH Zurich, and one of the report's authors. The web browser is still fairly young technology, and the industry has yet to settle on a dominant, well-tested design, he said.
Microsoft's Internet Explorer, however, only tells web servers what major version a person is using, such as IE6 or IE7. The researchers relied on data from people who have installed a tool on their PC called the Personal Software Inspector from Danish security company Secunia that can detect incremental versions of IE, Frei said.
Firefox users were the best at upgrading: 83.3 percent are using the latest version (the study just looked at Firefox 2.0). For Apple's Safari, 65.3 percent use the latest version; 56.1 percent for Opera and 47.6 percent for Microsoft's Internet Explorer.
Mozilla's Firefox came out on top due to its auto-update feature, which tells a user a new patch is available and offers a one-click way to upgrade. Within three days, most Firefox users are up to date, the study said.
Frei recommends that all browser makers put in an auto-update feature since the process now is cumbersome and slow.
Opera users are told there is a new version, but they have to go to Opera's website and go through the same installation process as if they had initially downloaded the browser for the first time, Frei said.
Safari uses an external updater that only polls for updates at certain intervals. Microsoft's updates are distributed on the second Tuesday of the month. Those gaps in time between when a vulnerability is publicly disclosed and a person patches are crucial, as they're an open window for an attack.
The problem with lax patching falls squarely on the shoulders of the application vendors, users often simply can't visually tell if their browser needs to be upgraded, Frei said.
NEXT PAGE: Can 'expiration dates' solve the problem?