Kaspersky Lab Report: 23% of Users are Running Old or Outdated Web Browsers, Creating Huge Gaps in Online Security
reveals that when a new version of a browser is released, it takes more than a
month for most users to make the upgrade.
November 8, 2012 - Woburn, MA - Web browsers are the
most widely used pieces of computer software, installed on nearly every
computer. The majority of current cyber attacks come from the web, utilizing
vulnerabilities in the web browser applications themselves, or outdated
plug-ins within the browser. Therefore, it is extremely important for consumers
to keep their choice of web browser up-to-date, with the latest security fixes
and new protection features. Using anonymous data collected from the
cloud-based Kaspersky Security Network, Kaspersky Lab analyzed web browser usage
patterns of its millions of customers around the world, and made some alarming
users are running old or outdated web browsers, creating huge gaps in online
security: 14.5% have the previous version, but 8.5% still use obsolete
Kaspersky Lab’s customers use up-to-date browsers (the latest stable or beta
When a new
version of a browser is released, it takes more than a month for most users to
make the upgrade. Cybercriminals can move to exploit known browser
vulnerabilities within hours.
Explorer is the most popular browser (37.8% of users), closely followed by
Google Chrome (36.5%). Firefox is in third place with 19.5%.
proportion of users with the most recent version installed (August 2012): Internet
Explorer – 80.2%; Chrome – 79.2%; Opera – 78.1%; Firefox – 66.1%.
periods (time required for the majority of users to switch to the most recent
version): Chrome – 32 days; Opera – 30 days; Firefox – 27 days.
discovery of the survey is which particular versions of browsers are most frequently
used by Kaspersky Lab customers. As noted in our main findings above, our statistics
show that 23% of users have not installed the latest version of their browser
of choice. Of these 23%, almost two-thirds (14.5%) have the previous version of
a browser, and the remaining 8.5% use obsolete versions. That means nearly 1
out of every 10 Internet users is using a woefully outdated web browser to
check bank accounts and other personal information.
The most notable
examples of obsolete browsers are Internet Explorer 6 and 7, with a combined
share of 3.9%, which represents hundreds of thousands of users worldwide. Since
three browsers (Opera, Chrome and Firefox) were updated shortly before August
2012, their update speed was calculated, defined as the number of days required
for the new browser version to reach the same market share as the previous
version. It takes from five to nine days for a new version to surpass the
market share of its predecessor, and approximately one month for the majority
of users to make the switch.
What Does it Mean?
This survey of
consumer activity clearly shows that while the majority of Internet users are
diligently updating their web browsers in a timely fashion, there are still
tens of millions of users that expose themselves by not updating these crucial
While this report is
primarily comprised of consumer user data, corporations should pay particular
attention to the results of this research, since consumers usually have more
freedom in updating installed software such as browsers. As employees’
abilities to install updates are limited, using obsolete software is a common,
and potentially dangerous, practice in business environments. Kaspersky Lab
offers an efficient solution which makes it possible to discover and allow
updates of outdated or vulnerable software, in full compliance with security
Andrey Efremov, Director of Whitelisting and Cloud Infrastructure Research
at Kaspersky Lab, said: “Our new
research paints an alarming picture. While most users make a switch to the most
recent browser within a month of the update, there will still be around a
quarter of users who have not made the transition. That means millions of
potentially vulnerable machines, constantly attacked using new and well-known
web-born threats. This is strong evidence of the urgent need for proper
security software which is able to react to new threats in a matter of minutes,
not days or even weeks.”
About the Research
Kaspersky Security Network is used to exchange data between Kaspersky Lab
customers and the company’s experts in real time. It helps to rapidly detect
and block new and unknown threats, but is also used to update Kaspersky Lab’s
Whitelisting database, containing information about legitimate products. The
database is used to speed up the process of system scans and to supply
information for technologies – Safe Money and Automatic Exploit Prevention – that explicitly protect legitimate and
frequently attacked software. The data collected is completely anonymous and
represents the real usage of legitimate software by Kaspersky Lab customers.
Due to strict privacy
policies enforced by the majority of businesses, data from corporate endpoints
with Kaspersky Lab’s security solutions installed is not collected.
full “Global Web Browser Usage and Security Trends” report, which includes
secure web-browsing tips and recommendations for consumers and businesses
alike, is available here
About Kaspersky Lab
Kaspersky Lab is the world’s largest
privately held vendor of endpoint protection solutions. The company is ranked
among the world’s top four vendors of security solutions for endpoint users*.
Throughout its 15-year history Kaspersky Lab has remained an innovator in IT
security and provides effective digital security solutions for consumers, SMBs
and enterprises. The company currently operates in almost 200 countries and
territories across the globe, providing protection for over 300 million users
worldwide. Learn more at www.kaspersky.com.
company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue
by Vendor, 2011. The rating was published in the IDC report "Worldwide
Endpoint Security 2012–2016 Forecast and 2011 Vendor Shares (IDC #235930, July
2012). The report ranked software vendors according to earnings from sales of
endpoint security solutions in 2011.