As the world’s most popular search engine, Google record the user agent client version data from the billions of web searches made by an estimated 75% of Internet users, and is therefore one of the organisations most likely to be able to provide an assessment of the current state of web browser security (Microsoft’s MSRT also has excellent data, but only for the ~450 million users regularly running Windows Automatic Updates). However, for obvious privacy reasons, this data has not been made available to the public.
An interesting survey was released yesterday by Google Switzerland, IBM ISS and the Computer Engineering and Networks Laboratory of the University of Zurich, which provides the first systematic study of the browser data from around 1.4 billion Google users during the first half of 2008. They analysed Google’s client version data and correlated this with vulnerability data from sources such as Secunia’s PSI, in an attempt to assess how many vulnerable browsers were in circulation at a particular time.
The results are very interesting, with Internet Explorer taking 78% (1.1 billion) of the browser share and Firefox getting 16% (227 million). Drilling down deeper into the IE market share shows roughly half of IE users have now moved to IE7, whilst most FF users run the latest release. More worryingly, less that 50% of IE uses had the most secure version of their browser (rising to 83% in FF). For the month of June 2008, the authors suggest that over 45% web surfers (roughly some 637 million people) accessed Google with a browser that contained unpatched security vulnerabilities.source: http://www.ukhoneynet.org
No comments:
Post a Comment