Firefox users slowest to update browser, Kaspersky Lab finds

One in four runs out-of-date versions

Nearly one in four PC users run out-of-date or obsolete versions of the most popular browsers for a month or longer with Mozilla Firefox users the slowest to update their software, Kaspersky Lab has found.

The company looked at the browsers installed on a random 10-million sample of its antivirus user base, finding that Internet Explorer was marginally the most common default browser on 37.8 percent of users. Chrome scored 36.5 percent, Firefox took 19.5 percent, Opera 6 percent and Safari a vanishing fraction of a percent (Kaspersky's customers are overwhelmingly PC users).

Finding 36 different browser versions installed, the company noticed that across browsers only 77 percent of users were running the latest installation of a given browser.

Of the 23 percent that had not updated, 14.5 percent were using an older version (for instance Chrome v21 or v22 instead of v23) with a stubborn 8.5 percent using what could be classed as 'outdated' software (i.e. at least several months old).

This phenomenon varied from browser to browser although comparisons are hard to make because of timing differences in the upgrade cycle when the survey was carried out in August 2012.

Chrome and IE were the most rapidly updated with around 80 percent up-to-date, leaving Firefox users a bit behind on 66 percent. Revealingly, however, older and potentially vulnerable versions of Firefox were found on a surprisingly high 22.7 percent of machines.

Chrome users were the fastest to upgrade, Firefox the slowest. IE's numbers were complicated by the inability of users on the still-popular Windows XP to upgrade beyond version 8.

Drawing hard conclusions about the individual browsers was difficult beyond noting that a hardcore of users of each program seem reluctant to upgrade at all. The absolute percentages might look small - only 3.9 percent of IE's base use the hugely insecure Explorer 6 or 7 - but that might still be tens or hundreds of thousands of uses worldwide.

It could also be that some users install several browsers and then only upgrade the one they use most frequently; few realise that this represent a security risk.

"Our new research paints an alarming picture. While most users make a switch to the most recent browser within a month of the update, there will still be around a quarter of users who have not made the transition," said Kaspersky Lab's director of whitelisting and cloud infrastructure research, Andrey Efremov.

"That means millions of potentially vulnerable machines, constantly attacked using new and well-known web-born threats. This is strong evidence of the urgent need for proper security software which is able to react to new threats in a matter of minutes, not days or even weeks," he said.

Brower security has improved with faster patching by vendors, including of plug-ins, but it appears that for whatever reason patching is not enough on its own. Some users just do not update.

The need to update browsers, a function now turned on by default in all programs, remains a fact of life. Only days ago, Mozilla issued its second browser security fix in a short period, patching 16 flaws.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal Techsecuritymozillakaspersky lab

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts