Computer security researchers from ETH Zurich, Google, and IBM believe computer software would be more secure if, like a perishable food product, it were labeled with an expiration date. In a newly published paper, Stefan Frei and Martin May of the Computer Engineering and Networks Laboratory at ETH Zurich, Thomas Dubendorfer of Google Switzerland, and Gunter Ollmann of IBM Internet Security Systems make this recommendation because they found that 637 million (45.2%) out of 1.4 billion Internet users worldwide are at risk from their failure to use the latest, most secure version of their chosen Internet browsers. “Given the state of the software industry and the growing threat of exploitable vulnerabilities within all applications (not just Web browsers), we believe that the establishment of a ‘best before’ date for all new software releases could prove an invaluable means to educating the user to patch or ‘refresh’ their software applications,” the paper says.
The issue of browser security matters more these days because more and more malware is targeting Web browser vulnerabilities. Remotely exploitable vulnerabilities have been on the rise since 2000 and accounted for 89.4% of vulnerabilities reported in 2007, according to the study, which claims that “growing percentage of these remotely exploitable vulnerabilities are associated with Web browsers.” Among the various Web browsers studied — Internet Explorer 7, Firefox 2, Safari 3, and Opera 9 — Firefox 2 is the most secure, according to the study. Firefox 2 is considered to be the most secure Web browser because 83.3% of its users worldwide are running the most current version. Second, third, and fourth places go to Apple Safari 3 (65.3% of users running the most current version), Opera 9 (56.1%), and Microsoft Internet Explorer 7 (47.6%).
Releaselog