Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Many browsers runs insecure plug-ins, analysis finds

Browsercheck tool dishes dirt on Java, Flash and Quicktime

Article comments

Large numbers of web browsers run out of date plug-ins that render them vulnerable to security exploits, a new analysis by security management company Qualys has found.

Analysing 420,000 scans from the company’s Browsercheck tool, Qualys discovered that the biggest problems lie with a handful of common plug-ins for video such as Adobe Flash, Apple Quicktime, Shockwave and Windows Media Player, plus more general utilities such as PDF Reader, and old favourite, Java.

The most vulnerable pug-in was Java, installed on 80 percent of browsers, 40 percent of which were running an out-of-date version of the software open to exploits. Adobe Reader took second spot, also installed on 80 percent of browsers, just over 30 percent of which were vulnerable.

A commonly-cited worry, Flash video, was vulnerable on a more modest 20 percent of browsers despite being present in more than 95 percent of them. Other video players such as Shockwave and Quicktime showed vulnerability levels of between 20-25 percent but were installed on only around 40 percent of browsers.

Overall, around 80 percent of browser-related security flaws now lie with plug-ins and only 20 percent with browsers, regardless of which browser was looked at.

The sheer number of common plug-ins, and the difficulty many users found in keeping them patched in a timely way, was what lay at the heart of the less-than-impressive numbers, said Qualys CTO, Wolfgang Kandek.

“The problem is that they all have their own individual updating mechanisms. It makes the problem much bigger than it needs to be,” he said.

According to Kandek, the answer was to adopt the approach of Google Chrome and build some plug-in updates into the browser’s own updating system. This made it more likely that the browsers would be patched, he said.

Longer term, the model adopted by emerging mobile operating systems such as Android and iOS was superior because it used a more integrated patching model.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *