CYBER CRIMMINALS are taking advantage of security holes in web browsers because users are running old versions without bothering to update them, according to security firm Kaspersky Lab.
Kaspersky Lab's Global Web Browser Usage and Security Trends report reveals that 23 percent of users are running outdated web browsers, with 14.5 percent using the previous version and 8.5 percent still using obsolete versions, resulting in "huge gaps" in online security.
"When a new version of a browser is released, it takes approximately a month for most users to make the upgrade," Kaspersky said. "Yet cybercriminals can move to exploit known browser vulnerabilities within hours."
The security firm noted that during its tests in August, the most popular browser was Internet Explorer (IE) with 37.8 percent of users, followed by Google Chrome with 36.5 percent. Firefox came in third with 79.2 percent. Looking specifically at the proportion of users with the most recent version installed, Kaspersky found that 80.2 percent of Internet Explorer users were using the most recent browser, followed by 19.2 per cent of Chrome users and 66.1 percent of FireFox users.
The most obsolete browsers used by web surfers were Internet Explorer 6 and 7, with a combined share of 3.9 per cent representing hundreds of thousands of users worldwide.
"While most users make a switch to the most recent browser within a month of the update, there will still be around a quarter of users who have not made the transition," Kaspersky Lab's director of Whitelisting and Cloud Infrastructure Research Andrey Efremov said. "That means millions of potentially vulnerable machines, constantly attacked using new and well-known web-born threats.
"This is strong evidence of the urgent need for proper security software which is able to react to new threats in a matter of minutes, not days or even weeks."
Kaspersky Lab said that businesses can suffer too, because employees' abilities to install updates are usually limited. "Using obsolete software is a common, and potentially dangerous, practice in business environments," it added. µ