kaspersky lab report: global web browser usage and security trends
TRANSCRIPT
Kaspersky Lab report: Global Web
Browser Usage and Security Trends
November, 2012
Overview Browsers can be regarded as a kind of autonomous zone inside the operating systems of modern computers. A
browser is a window to the online world, installed on each and every computer, powered with the ability to install and
run additional apps on its territory. Of course, it grants access to a plethora of web-based apps: from online office
editors to games. At the same time the majority of online threats come from the web as well. Vulnerabilities in web
browsers and other popular programs are used by cybercriminals to infect systems and steal user data: quite often
an infected web page triggers the attack. That is why keeping your chosen browser up-to-date is one of the most
important tasks, since new versions plug security holes and provide new security features.
This report analyzes browser usage trends from among 10 million randomly selected Kaspersky Lab customers from
different regions across the world. It is based on data from the cloud-based Kaspersky Security Network collected in
August 2012. During this period Kaspersky Security Network recorded over 700 million browser launch events. Five
web browser types were analyzed, with a total 36 major versions of them being used at the time. Unlike the widely
used browser stats collected from websites, this research analyzes the actual usage of software by consumers.
Important disclaimer: How and why we process data about legitimate software The main purpose of Kaspersky Security Network is to speed up the process of detecting and blocking new threats.
Kaspersky Lab’s consumer users are invited to agree to provide information about new threats, and at the same time
receive data from Kaspersky Lab’s experts and other users. This mutual information exchange is performed almost
in real time, which helps Kaspersky Lab products to prevent new cyber-attacks as soon as they emerge. At present,
more than 60 million users have agreed to participate in Kaspersky Security Network.
Efficient computer security relies not only on information about malicious programs and other threats but also about
legitimate software. If a security solution is aware of legal software, this helps to reduce the number of false positive
detections – a key usability criterion. But this is not the only reason. For businesses, a database of “white programs”
(Whitelisting database) helps to organize and manage the programs used by employees. And users of Kaspersky
Internet Security 2013 benefit from advanced protection technologies – Safe Money and Automatic Exploit
Prevention – that need exact information about the versions of some of the legitimate programs used, to better
protect from banking threats and new exploits.
Most importantly, the software usage statistics are collected on a strictly anonymous basis. That means Kaspersky
Lab has no instruments to collect and process data about the activity of individual users.
© 1997-2012
Kaspersky Lab ZAO. All Rights Reserved.
Main findings Analysis of user web browser preferences, choice of versions and the pace of updates helps us to better understand
the security landscape on one of the most important frontiers of the battle with cybercriminals. This research
provides us with the following key findings:
A leader of the past, Internet Explorer is losing market share to Google Chrome, as is the open-source Firefox
browser.
Slightly less than 80% of Kaspersky Lab’s users have the latest version of a browser. It is important that our data
is based on real usage statistics, and there is a chance that quite a lot of users, for example, use up-to-date
Google Chrome, but have an outdated Internet Explorer installed, thus keeping a security hole open for attacks.
At the same time, the number of users utilizing older or critically outdated browsers is very high. A 23% share for
older browsers and 8.5% for obsolete versions represents millions of users. Such reluctance to upgrade is a key
addition to the negative outlook on web-born threats. Web browsers are the programs used most frequently, all
of them having simple and straightforward update functionality. Despite this, a significant share of users chooses
older, potentially vulnerable versions. What is even worse, failing to upgrade most likely affects other programs
as well – including the direct gateways for infection like Adobe Flash or Java. We will reveal further details on
these programs in future research.
Fortunately, the source of this particular data is customers protected by Kaspersky Lab’s security solutions.
Unprotected PCs with older software – quite a common case, as we see – are virtually wide-open for any
cybercriminal actions.
Among three web browsers analyzed for speed of updates, Chrome is the fastest, and results for Opera and
Firefox are significantly lower.
© 1997-2012
Kaspersky Lab ZAO. All Rights Reserved.
Market Share In our research we analyzed five major web browsers:
Internet Explorer
Google Chrome
Mozilla Firefox
Opera
Safari
Most of the data was collected in August 2012 from Kaspersky Lab’s customers using Windows-based PCs. In some
sections information collected in July and September was used.
In August 2012 the most popular browser among Kaspersky Lab users was Internet Explorer, followed closely by
Google Chrome. This data is broadly in line with other browser market studies, for example, by StatCounter
GlobalStats, although it places Google Chrome first with a minimal lead. Firefox is in third place among Kaspersky
Lab users with a 19.5% share (22.85% according to GlobalStats). What is different, however, is the share of the
Safari browser: GlobalStats had it in fourth place with 7.4%, but according to Kaspersky Lab’s data only 0.2% of
users chose the browser from Apple. This is most probably down to the fact that the data was provided from
Windows-based PCs only and did not take into account Apple computers or iOS devices, where Safari is the
standard browser. This also explains the relatively high share for Opera in our findings – 6%.
© 1997-2012
Kaspersky Lab ZAO. All Rights Reserved.
Most popular browser versions To analyze these figures properly, we need to define the latest available versions of browsers in August. These
were:
Google Chrome – Version 21, released on July 31
Internet Explorer – Version 9, released on March 14, 2011
Mozilla Firefox – Version 14, released on July 17, and Version 15, released on August 28
Opera – Version 12, released on June 14
Due to the low market share of Safari on Windows PCs and Apple’s reluctance to further develop the Windows
version, it was excluded from the statistics. A very useful web browser timeline can be found at Wikipedia.
Google Chrome versions
Almost 80% of Google Chrome users had the latest version of the browser installed in August – an impressive result
achieved thanks to a straightforward automatic updating procedure. Combined with the use of an internal version of
Adobe Flash, updated with the browser, this makes Chrome one of the safest browsers. 15.5% of Chrome users had
the previous version of the software, and obsolete versions were used by 4.9%. 0.5% of users had either beta
version 22 or alpha version 23.
© 1997-2012
Kaspersky Lab ZAO. All Rights Reserved.
Internet Explorer versions
The picture here looks similar to the one of Google Chrome, but a different approach to version changes has to be
taken into account. 97.5% of Chrome users have a version released in 2012, while 16.3% of Internet Explorer users
have the outdated version 8 released in 2009. It is important to understand that those working with Internet Explorer
under Windows XP cannot upgrade, since the latest versions of the browser do not support this operating system.
Microsoft provides long-term support even for outdated browsers, so even Internet Explorer 6 and 7 (a share of 3.9%
combined) will receive critical security fixes. Unfortunately, users of older versions will not be able to access new
features, including important security enhancements.
A new version of Internet Explorer 10 is preinstalled with the Windows 8 operating system. Like the beta versions of
other browsers, it was available and used by a small fraction of users in August. It is not included in the statistics
here, since Kaspersky Lab’s products with full support for Windows 8 were only released to the public at the end of
August.
© 1997-2012
Kaspersky Lab ZAO. All Rights Reserved.
Mozilla Firefox versions
There is a much greater diversity of versions used by Firefox fans. Very outdated versions like Firefox 6 are still
visible and for convenience all of them have been combined in this chart in the “Older” section. The latest August
versions, Firefox 14 and 15 have a combined share of 69.5% (69.8% with newer beta versions included), while the
share of the previous version is 7.5%. Older versions account for a total share of 22.7%. This means that more than
one fifth of Firefox users stick to outdated and potentially vulnerable versions of this browser.
© 1997-2012
Kaspersky Lab ZAO. All Rights Reserved.
Opera versions
78.1% of Opera users have the latest version installed. The last two versions combined make up 97.1%, suggesting
users are strongly inclined towards using the latest version. The use of outdated versions is very low, less than 3%
for all releases before Opera 11.
© 1997-2012
Kaspersky Lab ZAO. All Rights Reserved.
Version summaries
Overall, 77% of consumers use up-to-date software for web browsing. But more than one fifth of them, which is a
significant share, use older versions. And 8.5% of users put their data at risk by using outdated, insecure web
browsers.
© 1997-2012
Kaspersky Lab ZAO. All Rights Reserved.
Speed of upgrades Software vendors may be fast at releasing browser updates, but it makes little difference if users are reluctant to
upgrade. We studied this problem by analyzing data from users of Google Chrome, Firefox and Opera – three
browsers that were updated shortly before August 2012.
Google Chrome
Chrome users upgrade their browser quite quickly. On July 31, the release day of Chrome 21, the share of Chrome
20 was 93.6% with only 0.7% using the newer version. Just five days later the ratio was 43.5%/50.8%. After one
month the upgrade process was mostly finished: on August 1, 92.1% of users had Chrome 20 and the same share
had Chrome 21 on August 31.
© 1997-2012
Kaspersky Lab ZAO. All Rights Reserved.
Firefox
For Firefox we were able to track the whole lifecycle of version 14: it was released on July 17 and the next version
went out on August 28. Unlike Chrome, which shows the market share of the latest version going up to 93-94%, the
maximum share that Firefox 13 ever achieved was significantly lower: 65.1% on July 17. On the same date the
share of the next version was 2.8% (Firefox users tend to use beta versions more frequently than Chrome users).
Five days after the release the share of the latest stable version went up to 35.7%, gaining 32.9 percentage points
(Chrome saw growth of 42.8 percentage points for the same period). On August 28, Firefox 14 achieved its highest
share of 71.8%, and immediately started losing it to the next version released on the same day. Therefore, Firefox
users update to the newer version at a slower speed than Chrome users, and more users tend to stay on the older
version for a longer period of time.
© 1997-2012
Kaspersky Lab ZAO. All Rights Reserved.
Opera
Opera 12 was released on June 14, followed by a minor update to version 12.01 on August 2. The next version was
12.02, released on August 30. This gave us the opportunity to analyze the speed of upgrades to minor releases: the
ones not influenced by anticipation of new features. The highest share achieved by Opera 12.00 was 72.2%, which
happened on July 28. On the release day for version 12.01, its share was 4.3% (going up from 0.2% on August 1). In
a five-day period the new version gained 28 percentage points, and reached the highest share of 61.7% one day
before the release of Opera 12.02. Therefore, the speed of updating Opera is even slower than for Firefox, and the
highest share achieved by an up-to-date version during its lifetime is similar.
© 1997-2012
Kaspersky Lab ZAO. All Rights Reserved.
A different view: web-born exploits To conclude this research, let’s take a look at a different data. This one is also collected with the help of Kaspersky
Security Network, but shows not the software being used, but malicious programs attacking our customers via
infected websites. Within the same time frame (August 2012), we have selected ten most active malicious programs
coming from the web.
This chart reveals some leaders and losers, and at times they exchange roles. What is the most interesting is that all
these malicious programs are not brand new. In fact, cybercriminals continue to use older exploits, since they are
still efficient – and the reason for that is active usage of older and obsolete software. Below we offer our
recommendations for users and businesses to lower their chances of becoming a victim of a cyber attack, by paying
close attention to installed software.
© 1997-2012
Kaspersky Lab ZAO. All Rights Reserved.
Recommendations for users Install updates regularly. It is a common habit nowadays to rarely reboot or shutdown the system. Browsers can
stay open for weeks with prompts about the new version being ignored. Thankfully, all modern browsers offer a
convenient and quick upgrade procedure. Do the same for other apps, particularly the most frequently targeted
Adobe Flash, Adobe Reader and Oracle Java.
Upgrade your system. For the same reasons as above, lots of people ignore Windows prompts to reboot the
system. It is always not the best time to close all apps, save all documents and wait a while until the updates are
installed. But it has to be done. And if you are running Windows XP – do not use Internet Explorer (it will be
outdated by design, although security fixes are still provided). Choose alternative browsers instead.
Most importantly, install a security solution of your choice. Having an up-to-date browser and other programs will
save you from a number of threats, but you still may be attacked with complex malware. A proper security suite,
like Kaspersky Internet Security 2013, blocks the very possibility of a browser attack in the majority of cases,
simply by blocking the malicious web page. It closely watches vulnerable programs and, thanks to Automatic
Exploit Prevention technology, blocks even those exploits that utilize zero-day vulnerabilities in your software.
Recommendations for businesses Introducing certain limitations on user rights to install and update software is a common practice among
businesses. While such an approach may seem efficient at first glance, it leads to a situation where seriously
outdated software is used. This particular research is based on consumer usage trends, which appear to be
quite dangerous (similar data from corporate endpoints is not sent to Kaspersky Security Network, due to
business privacy policies). If users are unable to update software by themselves, it has to be done in a
centralized way by IT personnel.
Another solution to this problem is allowing employees to install and update certain programs, while maintaining
restrictions for unwanted software. This is what Kaspersky Endpoint Security 8 for Windows allows them to do,
thanks to its Application Control technology. And the Whitelisting database, closely integrated with the cloud-
based Kaspersky Security Network, automatically files new versions of popular legitimate software under their
respective categories. Therefore, no additional action from IT professionals is required to add the new software
version to the “allowed” list.
Like other Endpoint Control technologies, Application Control works in a centralized way. With Kaspersky
Security Center, it is easy to perform an inventory of installed applications, introduce flexible software usage
rules for different users, and also monitor vulnerable applications.