Page last updated at 09:42 GMT, Tuesday, 8 July 2008 10:42 UK

Online risk due to browser flaws

Firefox users tend to have the most up to date browser

Almost half the online population is at risk because users have not installed security updates to their browsers, says a study.

The Swiss Institute of Technology, Google and IBM conducted the study and found 600 million users had not updated their browsers.

"Failure to apply patches promptly or missing them entirely is a recipe for disaster," the report said.

Cyber criminals are frequently using websites to attack users, it added.

The report authors recommended that a "best before" date, similar to the food industry, should be introduced to browsers, helping to educate users about the need to "refresh" their browser.

Browsers are often "patched" by software providers to tackle recently discovered flaws and security holes.

Criminals exploit these holes with malicious code hidden in websites to hijack machines.

Internet Explorer 78%
Firefox 16%
Safari 3%
Opera 1%
*Source: Swiss Institute of Technology

The study said Firefox users tended to use the most up-to-date versions, while Internet Explorer users were the slowest to update their browsers.

More than 83% of Firefox users were using the latest, most secure browser version, compared to 65% of Safari users, 56% of Opera users and 47% of Internet Explorer users.

The study said that not using the latest version of a browser was only one part of the security issues faced by net users.

'Insecurity iceberg'

Dubbed the "insecurity iceberg", the study said many users were at risk due to vulnerable plug-ins.

Plug-ins are small programs which extend the features and functionality of some browsers.

"Vulnerable plug-ins that are accessible (and exploitable) through the web browser extend the insecurity iceberg and form the part hidden below the water surface," the report authors noted.

The study said users were not updating to the latest version of a browser or plug-in fast enough.

"Our measurement confirmed that web browsers which implement an internal auto-update patching mechanism do better in terms of faster update adoption rates than those without," it said.

The study commended the "single-click" update feature of Firefox's browser as the "most efficient" patching mechanism.

Firefox download record official
03 Jul 08 |  Technology
Paypal to block 'unsafe browsers'
18 Apr 08 |  Technology
New search powers lead Firefox 3
26 Feb 08 |  Technology

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific