We all know outdated software, browsers, and plugins are unsafe, but how unsafe?
Duo Labs has taken a hard look at the dangers of outdated software in a report released Tuesday that said 25 percent of business systems risk exposure to 700 possible vulnerabilities. The most insecure software, Duo reported, is Microsoft’s family of Internet Explorer browsers. The most secure platform, Apple’s Mac OS.
Duo Labs culled its research from the analysis of 2 million devices used by a wide range of businesses ranging from small, medium to Fortune 500. Up-to-date software is more important than ever, said Mike Hanley, director of Duo Labs, considering the changing security risk landscape and massive adoption of cloud apps used inside and outside business.
Microsoft’s Flawed Browsers Family
With its report, Duo Labs didn’t pull any punches, slamming Microsoft’s Internet Explorer browser and recommending that users ditch IE and Edge for Google’s Chrome browser. Twenty-five percent of all Windows devices are running outdated and unsupported versions of Internet Explorer, according the report.
At the same time, Duo was smitten with Google’s Chrome browser. That’s chiefly because of Google’s automatic updating policy. Eighty-two percent of Chrome users have up-to-date browsers compared with 58 percent of Edge users and IE 11 users, 66 percent of Firefox users and 49 percent of Mac OS users.
The problem, Duo’s numbers reveal, is not slow migration to the more secure Windows 10, but rather a slow adoption rate to newer versions of Windows Internet Explorer in older version of the OS. While, 68 percent of all Windows devices are running the latest version of IE 11 or Edge 12/13, another 25 percent are running an outdated version of IE 10 or prior.
“If you’re a business still running the 10-year-old version of Internet Explorer 8 you really have to start asking yourself why,” Hanley said.
Flash vs Java
Java and Flash versions on browsers are most likely outdated. As a safety measure, many firms uninstall Java and Flash from browsers.
Duo Labs’ numbers paint a bleak picture when it comes to Adobe’s Flash and Oracle’s Java browser plugins. According to Duo, these two plugins are highly problematic and should be removed from business systems by companies interested in reducing the number of attack vectors to devices.
Sixty percent of Flash users are running an out-of-date version, while 72 percent have an outdated version of Java – exposes systems to hundreds of vulnerabilities. Flash and Java are notorious targets, used by attackers in exploit kits to gain access to their machines, Duo Lab’s reports.
Mac vs PC
Key findings by researchers confirm many of the assumptions we have when it comes to the age-old question: Which is more secure Apple or Windows?
Mac OS trumps Windows by a whopping 53 percent margin when it comes to users running either the fully patched latest version of OS X (or the previous version) compared to 35 percent of Windows users running Windows 10 and 8.1.
However, the Mac OS is no bastion of security. Eight percent of Apple users are running unsupported versions of OS X (10.8 and earlier) that cannot receive security updates. Compare that to 2 percent of Windows users running unsupported OS versions (including Windows 8 and XP).
To Update Or Not, That is the Question
The eternal question many business face when it comes to updating software is, if I run an update am I going to break a critical line of business application? “That’s fair question,” Hanley said. “As software developers, if we introduce bugs that cause bad experiences we are counter-incenting users to run updates. We have to be conscious of that.”
Companies need to think hard about the exposure they have put themselves at risk to, Hanley said. “For a lot of companies, the monetary damage and damage to reputation will be much greater than the cost of updating an app.”