Slashdot Mirror

← Back to Stories (view on slashdot.org)

80% of Browsers Found To Be At Risk of Attack

Posted by ryuzaki0 on from the zomg-we're-all-gonna-die dept.

CWmike writes "About eight out of every 10 Web browsers run by consumers are vulnerable to attack by exploits of already-patched bugs, a security expert said Thursday. The poor state of browser patching stunned Wolfgang Kandek, CTO of Qualys, which presented data from the company's free BrowserCheck service Wednesday at RSA. 'I really thought it would be lower,' Kandek said. BrowserCheck scans Windows, Mac and Linux machines for vulnerable browsers, as well as up to 18 browser plug-ins, from Adobe's Flash to Windows Media Player. When browsers and plug-ins are tabulated together, between 90% and 65% of all consumer systems scanned with BrowserCheck since June 2010 reported at least one out-of-date component. In January 2011, about 80% of the machines were vulnerable. The most likely plug-in to require a patch: same as last year, Oracle's Java."

9 of 196 comments (clear)

  1. Slashvertisement by suso · · Score: 4, Insightful

    Not getting enough hits? Slashvertisement can work for your company too. Call today!

    1. Re:Slashvertisement by tgeller · · Score: 5, Informative

      That's exactly what I thought. "Company A announced Company A's findings using Company A's nifty new tool. Try Company A's tool for yourself!" There may be valuable information here. Without independent third-party review, we don't know.

      --
      Tom Geller
  2. Isn't that? by Wolvenhaven · · Score: 4, Funny

    The exact percentage of IE marketshare?

    --
    Orwell was an optimist.
  3. Uhmm NO by Monty845 · · Score: 4, Informative

    So first I needed to enable javascript for the site. Now it wants me to allow some random website to install a plugin so that it can tell me if my security is up to date... yeah if it can't detect a security vulnerability without me going through a bunch of hoops and ALLOWING it to install on my system, I'm going with the whole thing is BS.

  4. Re:I would have thought this closer to 100% by SudoGhost · · Score: 4, Insightful

    I would have thought it closer to 100% since about 100% of browsers are used by people, which are the biggest security flaws in any system.

  5. Updating Java by Anonymous Coward · · Score: 5, Insightful

    Perhaps people would be more keen to update their Java version if the installer didn't keep trying to spring a surprise 'Install Yahoo! Toolbar' move on them on EVERY patch.

  6. Re:Plug-ins Bad. Here's ours by bunratty · · Score: 5, Informative

    You can use Mozilla's Plugin Check. No installation required.

    --
    What a fool believes, he sees, no wise man has the power to reason away.
  7. Re:I would have thought this closer to 100% by Skarecrow77 · · Score: 4, Informative

    My wife has a shirt that says "Social engineering" on the front, and on the back it says "Because there is no patch for human stupidity".

    My wife is awesome.

  8. Re:Java, obvious by mswhippingboy · · Score: 4, Interesting

    While I don't doubt the sincerity of your post, I certainly have had a different experience. I've been working with Java in large enterprise settings for over 15 years, with hundreds of stand-alone and web applications and I can't think of a single instance where upgrading to a newer version of Java caused an existing application to break. I know of one recent upgrade that broke Eclipse, but it was quickly regressed and the problem was really in Eclipse, not Java.

    I guess I've just been lucky.

    --
    Sometimes the light at the end of the tunnel is the headlight of an oncoming train.