Using data from Google search queries and security vulnerability aggregator Secunia, the study (HTML or PDF) found that a whopping 45 percent of Google users "were not using the most secure Web browser version on any working day from January 2007 to June 2008."
[ SEE: Techmeme discussion ]
The researchers used the most recent major versions of Internet Explorer 7 (IE7), Firefox 2 (FF2), Safari 3 (SF3) and Opera 9 (OP9) as the benchmark version for the most secure Web browser measurements and suggests that the auto-update mechanism in Mozilla Firefox is working well to keep users up to date.
We discovered that at most 83.3% of Firefox users, 65.3% of Safari users, 56.1% of Opera users, and 47.6% of Internet Explorer users were using the latest most secure browser version on any day between January 2007 to June 2008. For the latest version analysis of Safari, we only considered the date range Dec 2007 to June 2008, when Safari version 3 became widespread.
However, despite the single-click integrated auto-update functionality of Firefox, rather surprisingly, about 17% Firefox users (one out of six) continue to surf the Web with an outdated version of the Web browser.
The entire report is a valuable read on the state of browser security but, as Brian Krebs points out, the conclusions should be considered conservative since it does not include information on vulnerable plugins (think Flash Player, Adobe Reader, Java, QuickTime, etc). Also, bear in mind that these numbers only represent Google users. In China, for example, Google is the number two search provider behind Baidu, meaning that a large percentage of Web users are not included.
* Image source: laihiu's Flickr photostream (Creative Commons 2.0).