Browser Insecurity
This excellent paper measures insecurity in the global population of browsers, using Google’s web server logs. Why is this important? Because browsers are an increasingly popular attack vector.
The results aren’t good.
…at least 45.2%, or 637 million users, were not using the most secure Web browser version on any working day from January 2007 to June 2008. These browsers are an easy target for drive-by download attacks as they are potentially vulnerable to known exploits.
That number breaks down as 577 million users of Internet Explorer, 38 million of Firefox, 17 million of Safari, and 5 million of Opera. Lots more detail in the paper, including some ideas for technical solutions.
EDITED TO ADD (7/2): More commentary.
greg • July 3, 2008 7:55 AM
“…including some ideas for technical solutions.”
Thats nice. Many papers don’t seem to get as far as suggesting solutions.