Vast number of users who are not keeping their computers and web browsers up-to-date with security patches are becoming easy pray for identity thieves and other hackers. This type of crime is costing consumers £3.1bn per year morever costing the economy £27bn, business have not escaped this targeted crime as they suffering from costs of £17bn.
A US security firm known as ‘Qualys’ conducted the research into browser vulnerability by collecting data from a scan of various browsers and their plug-ins. When plug-ins are excluded browsers such as Chrome, Firefox, Internet Explorer, Opera and Safari are not very harmful to it’s users. Many of these that have been tested are automatically updated and keeps the user’s computer protected. However plug-ins and software add-ons that are installed as advanced features for the web such as video and interactivity are very often not automatically updated like the rest and leaves a user exposed to any sort of attack.
An established plug-in like Adobe’s Reader which allows PDF documents to be viewed by the user inside the browser window has 32 per cent of installations in need of security updates. Quicktime media player plug-in from Apple has unpatched vulnerabilities on 25 per cent of users machines.
The networking giant in January, Cisco had reported that vulnerabilities in the Java plug-in is the most fruitful for cyber criminals. Attackers who are successful on the plug-in gain remote control access of the browser and are able to steal sensitive data such internet banking details.
Cisco have said a series of new vulnerabilities publicly disclosed in the early period of 2010 had made plug-ins such as Java an easy target on a continuous basis because people were not worried about patching Java.
A Java update released in October patched 29 vulnerabilites that Oracle labelled “critical”.
Security experts hope the next generation of browsers and websites will help solve the problem, because the introductrion of HTML5 will mean many of the functions currently provided by plug-ins will be incorporated into automatically-updated browsers.