Nearly a quarter of worldwide internet users are still running outdated browsers, creating huge gaps in online security, a study has revealed.
Out of a random sample of 10 million customers, security firm Kaspersky found 23% were using browsers that are not enabled with the latest security features.
Nearly two-thirds of these are using the previous version of a browser, while the rest are using obsolete versions.
Browsers are continually updated to defend against the latest security threats, but most internet users still take a month to upgrade and the rest take considerably longer, analysis of web usage patterns through the cloud-based Kaspersky Security Network revealed.
With cyber criminals increasingly exploiting vulnerabilities in web browser applications or outdated plug-ins, not updating browsers can have serious security implications for users, security researchers warn.
Read more about browser security
- Will Firefox security improve with browser plug-in check?
- Web browser security features make attacks harder
- Forced browsing: Understanding and halting simple browser attacks
- Web browser security comparison: Are Firefox security issues legit?
- Chrome browser warns users before downloading malicious files
- Web browser attacks aimed at plug-ins despite rise in flaws, IBM finds
According to the findings, the most popular browser was Internet Explorer (IE), used by 37.8% of users, followed by Google Chrome (36.5%) and Firefox (19.5%).
While 80.2% of IE users were using the most recent browser in August 2012, followed by 79.2% of Chrome users, 66.1% of FireFox users and 78.1% of Opera users, 3.9% were using obsolete browsers IE 6 and 7, representing hundreds of thousands of users worldwide.
“Our new research paints an alarming picture. While most users make a switch to the most recent browser within a month of the update, there will still be around a quarter of users who have not made the transition,” said Andrey Efremov, director of whitelisting and cloud infrastructure research at Kaspersky.
“That means millions of potentially vulnerable machines, constantly attacked using new and well-known web threats. This is strong evidence of the urgent need for proper security software which is able to react to new threats in a matter of minutes, not days or even weeks,” Efremov said.
Researchers said that, although the study is mainly made up of consumer user data, corporations should pay particular attention to the results because as employees’ abilities to install updates are limited, using obsolete software is a common, and potentially dangerous practice in business environments.
According to the study report, if users are unable to update software by themselves, it has to be done in a centralised way. Alternatively, businesses could allow employees to install and update certain programs, while maintaining restrictions for unwanted software.