Slashdot Mirror

← Back to Stories (view on slashdot.org)

80% of Browsers Found To Be At Risk of Attack

Posted by ryuzaki0 on from the zomg-we're-all-gonna-die dept.

CWmike writes "About eight out of every 10 Web browsers run by consumers are vulnerable to attack by exploits of already-patched bugs, a security expert said Thursday. The poor state of browser patching stunned Wolfgang Kandek, CTO of Qualys, which presented data from the company's free BrowserCheck service Wednesday at RSA. 'I really thought it would be lower,' Kandek said. BrowserCheck scans Windows, Mac and Linux machines for vulnerable browsers, as well as up to 18 browser plug-ins, from Adobe's Flash to Windows Media Player. When browsers and plug-ins are tabulated together, between 90% and 65% of all consumer systems scanned with BrowserCheck since June 2010 reported at least one out-of-date component. In January 2011, about 80% of the machines were vulnerable. The most likely plug-in to require a patch: same as last year, Oracle's Java."

7 of 196 comments (clear)

  1. Slashvertisement by suso · · Score: 4, Insightful

    Not getting enough hits? Slashvertisement can work for your company too. Call today!

    1. Re:Slashvertisement by Anonymous Coward · · Score: 2, Insightful

      This is a slashvertisement, but at least it was for something useful this time. I just patched 3 browsers based on the results.

  2. I would have thought this closer to 100% by mswhippingboy · · Score: 3, Insightful

    Since new exploits are identified each day.

    --
    Sometimes the light at the end of the tunnel is the headlight of an oncoming train.
    1. Re:I would have thought this closer to 100% by SudoGhost · · Score: 4, Insightful

      I would have thought it closer to 100% since about 100% of browsers are used by people, which are the biggest security flaws in any system.

  3. Updating Java by Anonymous Coward · · Score: 5, Insightful

    Perhaps people would be more keen to update their Java version if the installer didn't keep trying to spring a surprise 'Install Yahoo! Toolbar' move on them on EVERY patch.

  4. Java, obvious by Bobfrankly1 · · Score: 3, Insightful

    The most likely plug-in to require a patch: same as last year, Oracle's Java."

    Of course, this has nothing to do with the fact that new versions of Java tend to break existing java based applications and utilities. You can use the new version of Java, or you can use the older one that works with your mission critical enterprise tools.

  5. Not even remotely surprised by jimicus · · Score: 3, Insightful

    I've been saying this for some time: Windows (and to a lesser extent OS X) needs an API so updates are centralised, configured and installed from a single interface.

    OS X has the app store. Linux distributions have repositories. Both of these solve this problem very neatly, and it's a lot easier to keep everything up to date. But I don't think centralised distribution is necessary - just an API call so you can say to the operating system "this is the name of the application, this is an RSS feed where updates are published, this is the key with which updates will be signed, this is how frequently you should check for updates" would probably solve most of the problems.

    The mess we have right now is the reason why there is always something on a PC that needs updating.