About 80% of users' browsers contain leaky components.
Approximately eight out of ten web browsers launched by users are vulnerable to attacks through exploits, a security specialist said today.
The poor state of the browser error correction process is displeased with Wolfgang Kandek, Technical Director for Security at Qualys, who presented BrowserCheck research data presented at the RSA conference in San Francisco .
" Honestly, I really thought that the numbers would be lower ," said Kandek, stunned by the results, that about 80% of browsers and frequently used components are irrelevant and insecure.
BrowserCheck scans computers running Windows, Mac OS X, Linux for vulnerable browsers, including plug-ins such as Adobe Flash / Reader, Oracle Java RE, MS Silverlight and Windows Media.
Since the beginning of June 2010, approximately 65-90% of users' browsers had at least one unsafe component. In January 2011, this indicator stopped at 80%.
Worse, 30% of browser plug-ins were not permanently protected, and, regarding Microsoft Windows, about 10% did not receive updates at all.
When scanning browsers without plug-ins, only a quarter of the scanned machines had unprotected web browsers on board.
Kandek read the results as evidence that browser updates often remain on users' conscience.
Unlike most plug-ins, browsers update themselves without the user's knowledge, like Google Chrome, or at least check for updates, like MS Internet Explorer or Mozilla Firefox.
On scanned machines, the most outdated module was Oracle Java, which needed to be updated by 40% of machines, then Adobe Reader went from 32%, and Apple closed the top three QuickTime from 25%
Java RE was last year in the first place, which allowed Kandek to conclude:
“I bet that most users don't even know that they have Java RE, and how they installed it.” Some authors of the exploits even acknowledge that Java RE is one of the best goals in their toolkit. ”
Although Oracle usually releases updates for Java RE on a quarterly basis, an extraordinary emergency patch was released last week to correct a critical error.
Kandek stated that he sees two solutions to the current situation:
“A single source of updates would be preferable,” he said, hinting that Microsoft would take over the work to release third-party patches. "The many mechanisms for updating plug-ins confuse users who are difficult to master even one."
The second solution is the latest browsers and their functionality in the field of HTML5 development, specifications that can process audio, video, run applications, that is what third-party modules like Flash, QuickTime or WMP are doing now.
"Expansion of HTML5 functionality in browsers will help get rid of the entire bloated plugin fleet," the specialist said.
He also said that he fully supports Google, which took care of updating Flash along with Chrome, as well as introducing its PDF viewer into the browser.
The poor state of the browser error correction process is displeased with Wolfgang Kandek, Technical Director for Security at Qualys, who presented BrowserCheck research data presented at the RSA conference in San Francisco .
" Honestly, I really thought that the numbers would be lower ," said Kandek, stunned by the results, that about 80% of browsers and frequently used components are irrelevant and insecure.
BrowserCheck scans computers running Windows, Mac OS X, Linux for vulnerable browsers, including plug-ins such as Adobe Flash / Reader, Oracle Java RE, MS Silverlight and Windows Media.
Since the beginning of June 2010, approximately 65-90% of users' browsers had at least one unsafe component. In January 2011, this indicator stopped at 80%.
Worse, 30% of browser plug-ins were not permanently protected, and, regarding Microsoft Windows, about 10% did not receive updates at all.
When scanning browsers without plug-ins, only a quarter of the scanned machines had unprotected web browsers on board.
Kandek read the results as evidence that browser updates often remain on users' conscience.
Unlike most plug-ins, browsers update themselves without the user's knowledge, like Google Chrome, or at least check for updates, like MS Internet Explorer or Mozilla Firefox.
On scanned machines, the most outdated module was Oracle Java, which needed to be updated by 40% of machines, then Adobe Reader went from 32%, and Apple closed the top three QuickTime from 25%
Java RE was last year in the first place, which allowed Kandek to conclude:
“I bet that most users don't even know that they have Java RE, and how they installed it.” Some authors of the exploits even acknowledge that Java RE is one of the best goals in their toolkit. ”
Although Oracle usually releases updates for Java RE on a quarterly basis, an extraordinary emergency patch was released last week to correct a critical error.
Kandek stated that he sees two solutions to the current situation:
“A single source of updates would be preferable,” he said, hinting that Microsoft would take over the work to release third-party patches. "The many mechanisms for updating plug-ins confuse users who are difficult to master even one."
The second solution is the latest browsers and their functionality in the field of HTML5 development, specifications that can process audio, video, run applications, that is what third-party modules like Flash, QuickTime or WMP are doing now.
"Expansion of HTML5 functionality in browsers will help get rid of the entire bloated plugin fleet," the specialist said.
He also said that he fully supports Google, which took care of updating Flash along with Chrome, as well as introducing its PDF viewer into the browser.
')
Source: https://habr.com/ru/post/114002/
All Articles