Press Release

Kaspersky Lab Report: 23% of Users are Running Old or Outdated Web Browsers, Creating Huge Gaps in Online Security

Research reveals that when a new version of a browser is released, it takes more than a month for most users to make the upgrade.

November 8, 2012 - Woburn, MA - Web browsers are the most widely used pieces of computer software, installed on nearly every computer. The majority of current cyber attacks come from the web, utilizing vulnerabilities in the web browser applications themselves, or outdated plug-ins within the browser. Therefore, it is extremely important for consumers to keep their choice of web browser up-to-date, with the latest security fixes and new protection features. Using anonymous data collected from the cloud-based Kaspersky Security Network, Kaspersky Lab analyzed web browser usage patterns of its millions of customers around the world, and made some alarming discoveries.

Main Findings:

  • 23% of users are running old or outdated web browsers, creating huge gaps in online security: 14.5% have the previous version, but 8.5% still use obsolete versions.
  • 77% of Kaspersky Lab’s customers use up-to-date browsers (the latest stable or beta versions).
  • When a new version of a browser is released, it takes more than a month for most users to make the upgrade. Cybercriminals can move to exploit known browser vulnerabilities within hours.

Additional Findings:

  • Internet Explorer is the most popular browser (37.8% of users), closely followed by Google Chrome (36.5%). Firefox is in third place with 19.5%.
  • The proportion of users with the most recent version installed (August 2012): Internet Explorer – 80.2%; Chrome – 79.2%; Opera – 78.1%; Firefox – 66.1%.
  • Transition periods (time required for the majority of users to switch to the most recent version): Chrome – 32 days; Opera – 30 days; Firefox – 27 days.

Another important discovery of the survey is which particular versions of browsers are most frequently used by Kaspersky Lab customers. As noted in our main findings above, our statistics show that 23% of users have not installed the latest version of their browser of choice. Of these 23%, almost two-thirds (14.5%) have the previous version of a browser, and the remaining 8.5% use obsolete versions. That means nearly 1 out of every 10 Internet users is using a woefully outdated web browser to check bank accounts and other personal information.

The most notable examples of obsolete browsers are Internet Explorer 6 and 7, with a combined share of 3.9%, which represents hundreds of thousands of users worldwide. Since three browsers (Opera, Chrome and Firefox) were updated shortly before August 2012, their update speed was calculated, defined as the number of days required for the new browser version to reach the same market share as the previous version. It takes from five to nine days for a new version to surpass the market share of its predecessor, and approximately one month for the majority of users to make the switch.

What Does it Mean?

This survey of consumer activity clearly shows that while the majority of Internet users are diligently updating their web browsers in a timely fashion, there are still tens of millions of users that expose themselves by not updating these crucial applications.

While this report is primarily comprised of consumer user data, corporations should pay particular attention to the results of this research, since consumers usually have more freedom in updating installed software such as browsers. As employees’ abilities to install updates are limited, using obsolete software is a common, and potentially dangerous, practice in business environments. Kaspersky Lab offers an efficient solution which makes it possible to discover and allow updates of outdated or vulnerable software, in full compliance with security policies.

Andrey Efremov, Director of Whitelisting and Cloud Infrastructure Research at Kaspersky Lab, said: “Our new research paints an alarming picture. While most users make a switch to the most recent browser within a month of the update, there will still be around a quarter of users who have not made the transition. That means millions of potentially vulnerable machines, constantly attacked using new and well-known web-born threats. This is strong evidence of the urgent need for proper security software which is able to react to new threats in a matter of minutes, not days or even weeks.”

About the Research

Kaspersky Security Network is used to exchange data between Kaspersky Lab customers and the company’s experts in real time. It helps to rapidly detect and block new and unknown threats, but is also used to update Kaspersky Lab’s Whitelisting database, containing information about legitimate products. The database is used to speed up the process of system scans and to supply information for technologies – Safe Money and Automatic Exploit Prevention – that explicitly protect legitimate and frequently attacked software. The data collected is completely anonymous and represents the real usage of legitimate software by Kaspersky Lab customers.

Due to strict privacy policies enforced by the majority of businesses, data from corporate endpoints with Kaspersky Lab’s security solutions installed is not collected.

The full “Global Web Browser Usage and Security Trends” report, which includes secure web-browsing tips and recommendations for consumers and businesses alike, is available here

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its 15-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for consumers, SMBs and enterprises. The company currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2011. The rating was published in the IDC report "Worldwide Endpoint Security 2012–2016 Forecast and 2011 Vendor Shares (IDC #235930, July 2012). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2011.