Web browser exploitation has been an increasing phenomenon
in recent years, and according to the latest estimations, approximately 637
million users worldwide are not using the most secure Web browser version and
are therefore vulnerable to drive-by-download attacks.
A study released on Tuesday and conducted by researchers at
The Swiss Federal Institute of Technology, Google and IBM Internet Security
Services, revealed that a large number of the remotely exploitable
vulnerabilities, which have been multiplying since the year 2000, are
associated with Web browsers.
Furthermore, cyber-criminals have adopted Web browser
exploitation as a key vector in malware installation, which means all users
that don’t use the latest most secure Web browsers and plug-ins to surf the Web
are at great risk.
In June 2008, over 600 million users worldwide were exposed
to Web browser vulnerabilities, and even the pages of some prestigious
institutions or organizations have been the victims of malware attacks (this
was the case of the United Nations (un.org), the UK government (.gov.uk.) and other similar entities).
The researchers based their analysis on the global user base
provided by Google’s Web search and application sites. The processed data
consisted of a daily assessment between January 2007 and June 2008 of over 75%
of Internet users, based on Google search queries.
Web browsers have evolved a great deal in recent years, and
they became more resilient to security threats. But as vulnerabilities
multiply, all updates and patches for browsers incorporate vital security
fixes, which is why users are recommended to use the most recent version of the
installed software and apply the latest patches.
Users can choose from four major browser technologies at
this point, which according to TheCounter.com are as follows: Microsoft Internet Explorer (used by 78% of
Internet users), Mozilla Firefox (16%), Apple Safari (3%) and Opera (1%).
Measurements ending March 2008 have shown that out of the
1,408 million Internet users worldwide, only 59.1% or 832 millions were using
the latest major version of their Web browser (no matter what the browser was),
while the rest chose to surf the Internet without the latest major browser
version.
The researchers found that between January 2007 and June 2008,
83.3% of Firefox users, 65.3% of Safari users, 56.1% of Opera users, and 47.6%
of Internet Explorer users were using the latest most secure browser version.
Despite the fact the developers are trying to incorporate
the easiest, fastest, one-click update functionality to their browsers, users
continue to ignore them and use out-of-date versions that put them at risk.
The numbers indicated large number of users using outdated
versions: 16.7% of Firefox users (one out of six users), 43.9% of Opera users,
52.4% of Internet Explorer users continue to ignore the warnings and rely on
superseded versions of their Web browsers.
The assessment on the number of Internet users that are at
risk could be in fact just a fraction of the real number, the study warns.
Today, Internet users are being offered a better degree of
protection against threats that target insecure and vulnerable Web browsers. Despite
the fact that these technologies are not 100% efficient against all threats,
they are essential to reduce the number of potential attacks.
There is no such thing as the perfect browser, but there are
a lot of things users can do to avoid being exploited, starting with updating
their software accordingly. Firefox’s automatic update was found to be the most
effective, compared with manual update reminders of other browsers.
The researchers believe that in addition to the protection
technologies that need to keep up with browser exploitation threats, there is
also a need for better strategies in the near future, in order to increase both
host protection and user awareness.
