Slashdot Mirror

← Back to Stories (view on slashdot.org)

80% of Browsers Found To Be At Risk of Attack

Posted by ryuzaki0 on from the zomg-we're-all-gonna-die dept.

CWmike writes "About eight out of every 10 Web browsers run by consumers are vulnerable to attack by exploits of already-patched bugs, a security expert said Thursday. The poor state of browser patching stunned Wolfgang Kandek, CTO of Qualys, which presented data from the company's free BrowserCheck service Wednesday at RSA. 'I really thought it would be lower,' Kandek said. BrowserCheck scans Windows, Mac and Linux machines for vulnerable browsers, as well as up to 18 browser plug-ins, from Adobe's Flash to Windows Media Player. When browsers and plug-ins are tabulated together, between 90% and 65% of all consumer systems scanned with BrowserCheck since June 2010 reported at least one out-of-date component. In January 2011, about 80% of the machines were vulnerable. The most likely plug-in to require a patch: same as last year, Oracle's Java."

5 of 196 comments (clear)

  1. Uhmm NO by Monty845 · · Score: 4, Informative

    So first I needed to enable javascript for the site. Now it wants me to allow some random website to install a plugin so that it can tell me if my security is up to date... yeah if it can't detect a security vulnerability without me going through a bunch of hoops and ALLOWING it to install on my system, I'm going with the whole thing is BS.

  2. Re:Slashvertisement by tgeller · · Score: 5, Informative

    That's exactly what I thought. "Company A announced Company A's findings using Company A's nifty new tool. Try Company A's tool for yourself!" There may be valuable information here. Without independent third-party review, we don't know.

    --
    Tom Geller
  3. Re:Plug-ins Bad. Here's ours by bunratty · · Score: 5, Informative

    You can use Mozilla's Plugin Check. No installation required.

    --
    What a fool believes, he sees, no wise man has the power to reason away.
  4. Re:I would have thought this closer to 100% by Skarecrow77 · · Score: 4, Informative

    My wife has a shirt that says "Social engineering" on the front, and on the back it says "Because there is no patch for human stupidity".

    My wife is awesome.

  5. Re:Java?!?!? by mswhippingboy · · Score: 3, Informative

    Java was supposed to run in its own sandbox and therefore wouldn't be a security issue according to the original SUN PR bullshit.

    This is actually true. However, when user just mindlessly click through the security dialog on unsigned applets that warn that resources outside the sandbox may be accessed it defeats the whole sandbox protection mechanism.

    I guess it gets back to the old adage "Make it foolproof and only a fool will use it.".

    --
    Sometimes the light at the end of the tunnel is the headlight of an oncoming train.