Browser security is the hot area of study right now. Last week I wrote a piece in the blog on man-in-the-browser attacks, describing why it is so important that you use a secure browser. If you haven't read it, you should. But back to the study.
The study looked mainly at two things: the security "holes" or exploits that currently exist, and the effectiveness of the update strategies used by the 1.4 billion users of the four main browser developers - Mozilla (Firefox), Microsoft (IE), Opera (Opera) and Apple (Safari).
Firefox, which uses a completely automated update strategy, won the day with 83.3% of users patched up to the latest version, compared to less than 50% of IE users. IE users chose to ignore patches far more often because of IE's "permanently put-off this update" approach - leaving them more open to browser-based attacks.
As the ArsTechnica overview of the report states:
"Firefox and Opera are both credited for including an auto-update feature, but the team notes that "Firefox’s auto-update was found to be way more effective than Opera's manual update download reminder strategy." How effective? way more effective."
We like Firefox at Authentium. Authentium's SafeCentral end-to-end transaction security solution utilizes a specially-hardened version of Firefox 3 in conjunction with our system-level hardening technologies and a secure DNS system.
If you're thinking of downloading FF3, or upgrading, I'd recommend you go over to the site and get yourself a really secure browser.
Note: the ARS article was entitled "40% of Surfers Don't Bother With Browser Security Updates" - for us and all the other people working in risk mitigation, the fact that there are half a billion unpatched browsers out there is one scary fact.
No comments:
Post a Comment