An interesting article appeared on BBC today outlining how France and Germany are urging users to abandon Internet Explorer due to a vulnerability that allows malicious code to attack sites. Those claims are bound to get headlines.
When you read further into the article however, its clear that the vulnerability affects version 6 of Internet Explorer, not the latest version 8. In fact all older versions of browsers are susceptible to malicious software. Rather than urging users to abandon their current browsers (which brings on a whole new set of challenges), users should be urged to update their browsers.
Older versions of browsers could be the greatest threat to online security. Taking a look at the last 50,000 visitors to Entrust.net I thought it would be useful to see who’s using the latest version of which browser. Of the Internet Explorer users, only 36% were using the latest version 8 of the browser. Of the Mozilla Firefox users, 39% were using the latest version. It’s a little better when you examine other browsers such as Safari, Chrome and Opera but their total share is just over 10% combined.
There was a time when CA vendors sold SGC certificates that would provide security for very old browsers (at least 9 years old!). It’s possible some CAs still charge a premium for these. The thinking was that there’s bound to be a small handful of users that need to conduct transactions securely on browsers that didn’t offer strong encryption. In fact, websites would be doing these users a favor by not allowing the secure connection, given how risky their old browsers are. Entrust wrote a white paper on this very subject.
The best defense whether you’re using Internet Explorer, Firefox or any other browser is to make sure you’re using the latest version that has been adequately patched.