If you run an old version of a browser attacks on it are more likely to succeed I think we can all agree on that. Recent browser versions include fixes for security vulnerabilities so that they are protected against these kind of attacks while old browsers are not necessarily.
It is also true that attackers exploit known vulnerabilities regularly because users don't update their applications regularly to protect them against these.
So, if you do not run the latest version of your favorite browser you have a higher risk of being attacked successfully than someone who runs the latest version.
That's what PayPal (thanks Lee for the email) mentioned in a Whitepaper and I have to agree with it. There is virtually no reason why someone would still use Internet Explorer 3 or 4 to surf the Internet for example. Those browsers probably have so many known security holes and lack so many security features that it's highly likely that they will get successfully attacked eventually.
This does not take into account the user as another deciding factor when it comes to protecting a computer, identifying attacks and not doing stupid things on the Internet.I always like to say that if you do not understand basic security concepts, for instance the ability to differentiate between http and https websites, then you should not be doing security related stuff on the Internet including banking but also eBay, Amazon or PayPal.
The battle against Phishing is something that companies cannot win alone. Companies can't do anything about a user who cannot differentiate between fake and original websites. Systems like Extended Validation SSL Certificates which highlight the address bar in green will surely help those users in the long run but training is definitely required to get them there.
What should not happen though is the exclusion of a browser simply because it is being used by a smaller community. Say Safari for Mac or Opera. When I worked at one of the biggest German financial corporations I always had to tell Mac users that their browser was not officially supported. Security is not an excuse to lock out some users who work with "exotic" browsers.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.