Firefox Users Most Secure on Internet, Study Reveals
The study "Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the "insecurity iceberg," was a collaborative effort conducted by researchers at The Swiss Federal Institute of Technology, Google and IBM Internet Security Services. The research offers a comprehensive analysis of Web browsers, particularly in the area of security. The study's aim was to analyze Web browser preference and behavior for people using the Internet.
Altogether, the study found that less than 60 percent (59.1) of people use up-to-date, fully patched Web browsers. Failure update browsers exponentially increases the chance for remote attacks executed by hackers, the study found.
In recent years, the Web has become the vehicle for malicious attacks, which have enabled cyber criminals to execute code that shuts down a system or takes complete control of a user's PC. Unlike years past, hackers now are creating new malware specifically to gain access to user's personal and financial information, with the aim of committing identity theft or selling it on the black market.
The study concluded that of the hundreds of millions of users accessing Web browsers worldwide, more than 600 million were at risk of attack for not running the latest, most secure Web browser version as of June 2008.
Firefox users were far and away the most likely to use the latest version, with an overwhelming 83.3 percent running an updated browser on any given day. However, despite Firefox's single click integrate auto-update functionality, 16.7 percent of Firefox users still continue access the Web with an outdated version of the browser, researchers said.
The study also revealed that the majority of Safari users (65.3) percent were likely to use the latest version of the browser between December 2007 and June 2008, after Safari version 3 became available.
Meanwhile, Microsoft's Internet Explorer users ranked last in terms of safe browsing. Between January 2007 and June 2008, less than half of IE users -- 47.6 percent -- were running the most secure browser version during the same time period.
Opera ranked slightly higher than IE, with about 56 percent of users who said that they have applied the latest version of the browser to their computer. Of the four browsers surveyed, Opera ranked last in popularity, with a just 11 million users that comprise .8 percent of the marketshare.
Altogether, Safari has captured only 48 million users, equaling about 3.4 percent of the market -- a user base far surpassed by Firefox's 227 million and IE's 1.1 billion, encompassing 16.1 percent and 78.3 percent of the market respectively.
Researchers initiated the study to highlight the growing global problem of Web exploitation and the increasing number of users who log onto various Web browsers.
Among other things, the researchers aimed to address the growing number of threats launched by attackers in recent years that exploit Web vulnerabilities with stealthy and silent attacks for financial gain.
"Profit motivated cyber"criminals have rapidly adopted Web browser exploitation as a key vector for malware installation," researchers state. "As popularity of this attack vector has blossomed, there have been frequent reports of hundreds of thousands of Web sites succumbing to mass-defacement, where the defacement often consists of an embedded iFrame. These iFrames typically include content from servers hosting malicious JavaScript code designed to exploit vulnerabilities accessible through the user's Web browser and subsequently to initiate a drive-by malware download."
The researchers also stated that attacks have become so sophisticated that they are able to spread malicious code to numerous users by infecting "legitimate" high trafficked and popular Web sites, underscoring the need for users to apply the latest browser patches and updates when surfing the Internet.
Researchers also advised that in light of a more dangerous security landscape and the barrage of Trojans, botnets and other malware, users need to use the most recent version of the installed software and immediately apply the latest patches as they become available.
"With today's hostile Intent and drive-by download attack vectors, failure to apply patches promptly or missing them entirely is a recipe for disaster; exposing the host to infection and possibly subsequent data disclosure or loss," they said.