We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,678 News Articles

41% of web users have out-of-date browsers

Unpatched browsers offer increased security risk

Up-to-date fully patched web browsers are hugely important when it comes to keeping your PC secure, as vulnerabilities in browsers allow and steal personal data. However, new research has identified that only 59 percent of web users ensure they have the latest and most secure version of their browser.

Stefan Frei, a doctoral student at the ETH Zurich, advocates that software vendors take a cue from the food industry and put an 'expiration date' right on top of the browser to let people know the browser's state. For example, a warning could appear beside the address bar: '145 days expired, three patches missing'

"It's a non-technical suggestion," Frei said. "We think it's the same as having a speed limit on a motorway."

Even search engine companies such as Google could display the same warning above search results, as the browser version is transmitted to its servers when someone performs a query, Frei said.

Alternatively, security companies could make application version scanning part of their consumer products, which they have done for some enterprise-level software, Frei said.

But the problem of out-of-date browsers pales in comparison to the quagmire of plug-ins, which add extra functionality to the browser, such as Adobe's Flash and Apple's QuickTime multimedia program.

On average, people have between six to 10 plug-ins, many of which come from different vendors with different patching regimes and schedules, Frei said.

"The browser is the bread, and even if the bread is fine, if the ham is rotten, you have a problem," Frei said.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

Just one software vulnerability in a plug-in can put a person's PC in danger. Frei is proposing that an organisation such as a national Computer Emergency Response Team create a service where browsers can verify if it has the latest version of a plug-in.

Besides Frei, the study was also conducted by Thomas Dübendorfer of Google, Gunter Ollmann of IBM Internet Security Systems and Martin May from ETH. The study will be presented at the Defcon security conference next month in Las Vegas.

Visit Broadband Advisor for the latest news and reviews about the internet and internet tools, and to use PC Advisor's independent broadband speed checker


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...