The figures come from 195,000 internet users who checked their systems for vulnerabilities using ScanIT’s free online Browser Security Checker in 2004.
The checker’s findings showed surfers using Mozilla’s Firefox browser enjoyed the shortest “exposure period” where a patch for known vulnerabilities in the browser was unavailable.
By comparison, the scanner showed Microsoft’s IE enjoyed only seven days without being subject to any known vulnerabilities, between 12 and 19 October.
“This means fully patched IE was known to be unsafe for an incredible 98 per cent of 2004,” ScanIT’s CEO David Michaux says.
“And for 200 days in 2004 – that’s some 54 per cent of the time – there was a worm or virus exploiting one of those un-patched vulnerabilities,” he added.
The Mozilla Firefox, Netscape Navigator and Camino browsers combined left a smaller window for prospective attack than the more widely-used IE.
There were only 56 days in 2004 (15 per cent of the year) where there was a publicly-known vulnerability – a remote code execution – in Mozilla’s browser and no patch to fix it.
Users of the Opera browser experienced 65 days (17 per cent of the year) exposed to un-patched remote code execution vulnerabilities, according to ScanIT’s browser checker results.
The new results show a huge rise in the number of surfers using Mozilla’s Firefox browser over IE since ScanIT’s previous browser checker report for 2003.
Alla Bezroutchko, ScanIT’s Senior Security Engineer, suggests the upsurge in popularity for Mozilla is partly due to the advantages it enjoys over IE, including better public disclosure of vulnerabilities.
“Security researchers seem to be more inclined to report Firefox vulnerabilities to the Mozilla development team than IE flaws to Microsoft because of a better general attitude towards them.
“Mozilla’s Bug Bounty Program, which pays users $500 for reporting critical security bugs, is also a major incentive,” Bezroutchko adds.
Internet browser security is a growing concern both for home and business users, who are equally at risk from spyware, adware and malicious attack while online.
Unpatched vulnerabilities in web browsers gained commercial value in 2004 as hackers and virus writers found ever more efficient ways of capitalising on the loopholes bad browser security provides.
These include stealing users’ personal information, including bank details, and sending spam emails via their private address books.
ScanIT (http://www.scanit.net/) is continuing to develop its free Browser Security Test as part of a wider security package to protect broadband business and personal users from such attacks.
Ensure your system is safe by taking the ScanIT Browser Security Test today: http://bcheck.scanit.be/bcheck/
Note: The Browser Checker’s full 2004 findings can be accessed here: http://bcheck.scanit.be/bcheck/page.php?name=stats2004
Notes to Editors:
1/. ScanIT is a leading home and corporate security systems company with operations in Belgium, Dubai and Iran. It was established in 1999 to provide security solutions to corporate users worldwide. You can find out more on the web at: http://www.scanit.net
2/. Primary services include: Incident Handling, Security Consulting, Technical Fraud Investigations, Awareness Campaigns, Secure Line Communications, Bulk Software Purchasing, Constant Update Modules and PBX penetration Testing.
3/. ScanIT is offering a five-day hacking course in Brussels from Monday 18th April to Friday 22 April 2005 for network and system engineers to learn how a hacker would view their IT infrastructure and IT consultants who want to learn more about hacking tools and techniques.
For further information or interviews: David Michaux
Phone: +971 50 455 4031
Press release by Presswire Limited