A study released Tuesday outlines the state of updated and non-updated web browsers in the general web user population, and the picture is, predictably, not rosy.
The study, done by researchers from the Computer Engineering and Networks Laboratory of ETH Zurich, Google Switzerland, and IBM Internet Security Systems, used data from HTTP USER-AGENT headers recorded by Google's logs, as well as data from security firm Secunia.
The researchers found that 16.7% of Firefox users, 34.7% of Safari users, 43.9% of Opera users and 52.4% of IE users were not using the latest and most secure versions of those browsers. The team attributes Firefox's relatively low percentage of outdated browser usage to its one-click method of auto-updating.
While the study clearly shows that browser users don't take responsibility for updating their browsers, it also faults browser makers for not making patches quickly available. Microsoft's practice of releasing patches once per month, for instance, can leave browser users vulnerable for critical weeks, during which exploits can gain a foothold.
Furthermore, the researchers say that their study does not take into account the many vulnerabilities in browser plug-ins that are not reported in USER-AGENT fields, meaning that even some of the up-to-date browsers in the study had security flaws.