This week starts the holiday shopping season with Black Friday, followed by Cyber Monday. Many of you will spend time online searching to find the best deal possible in order to complete your Christmas shopping early. All of you will be using your web browsers to look for these deals, but unfortunately roughly half of you will be using a browser that is ill equipped for these transactions.
Over the past 12 months we have been collecting data from over 1 million typical end-user computers and their installed browsers. From this research, we have found that more than half of the tested machines have critical vulnerabilities. These vulnerabilities allow cybercriminals to take remote control of your machine, search your disk drive for valuable information, monitor all keystrokes and e-commerce transactions, and intercept private information, such as usernames and passwords, credit card numbers and bank account details.
Users of all major browsers have the same problem: They are using outdated software that contains known vulnerabilities. There is some variation between browser types, but even the best browser, Apple Safari, has over 35% of its users at risk.
How can we be in such a precarious situation? Aren’t the makers of browsers updating their products promptly to address vulnerabilities? Yes, they are, and in all honesty, automatic update mechanisms have improved the situation tremendously over the last years. However, often it is not the browser’s fault that vulnerabilities are left open, but instead, we have to blame the installed plug-ins that contain flaws and remain unpatched. Plug-ins are software modules that we install to give the browser additional capabilities, such as running applications, watching video, listening to music, and playing games. Unfortunately, such added functionality comes at a price, and the plug-ins can add vulnerabilities. Our research shows that the worst plug-in is Java, installed on 82% of all tested machines, with over one third of all installations vulnerable, closely followed by Adobe Flash, which is installed on over 67% of all tested computers, with 24% left vulnerable.
Fortunately, all of these vulnerabilities can be eliminated by updating to the latest versions of the software installed, both for browsers and plug-ins. One of the easiest ways to see if you are up-to-date is by using our free BrowserCheck service at https://browsercheck.qualys.com. It is easy-to-use; the service will instantly give you a diagnostic view of the state of your browser and its plug-ins and provide the next steps necessary if updates are required. Try it out. It just takes a minute. If you like it, recommend it to your friends and family, and if you have the time, let us know your experiences with it.
Have a great, safe holiday season!