Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/25/2010
12:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

IE 6 Accounts For More Than One-Fourth Of All Enterprise Web Traffic

But use of the aged and vulnerable version of Internet Explorer gradually declining, report says

The aging and oft-targeted Internet Explorer 6 browser remains surprisingly prolific in enterprises, while Google services are the main conduit for malware, according to a new report on the state of Internet security.

The Zscaler report found IE 6 usage starting to decline in the first quarter of this year, however, from 33.46 percent of all Web traffic in January to 31.5 percent in February to 26.93 percent in March.

"Microsoft is still supporting IE 5 because there is such a large number of users using it. This is a dilemma for Microsoft," says Mike Geide, senior researcher for Zscaler, which released the "State of the Web Q1 2010: A View of the Web From An End User's Perspective" report today.

The recent zero-day attack in the wake of the Operation Aurora appears to have prompted many IE users to upgrade to the more secure IE 8, which wasn't affected by the Aurora bug, according to Zscaler. IE 8 adoption jumped from 5.79 percent in January to 8.65 percent in February, and then to 10 percent in March, the report says.

Overall, IE traffic accounted for about 75 percent of all Web traffic in enterprises in Q1, albeit on the decline: 76.6 percent in January, 75.26 in February, and 74.39 percent in March. "Both Firefox and Chrome appear to have benefitted somewhat from the ground lost by Microsoft, though both have a long way to go before becoming dominant placers within enterprises, as combined they only have approximately 12 percent market share," Zscaler said in its report. Meanwhile, Google search, Gmail, Blogs, and Groups were among the most blocked pages serving up malicious content, according to the report, behind ThePlanet, an infamous hosting provider associated with cybercrime. The Google services accounted for around 4,200 malicious sites installing malware on victims' machines, and ThePlanet, more than 10,600 sites.

Zscaler also found the U.S. hosts most of the good and bad/malicious Web content, with 68.11 percent of all malicious websites. Central and South America are becoming a hotbed for bad sites as well, according to the report, which can be downloaded here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13552
PUBLISHED: 2019-09-18
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
CVE-2019-15301
PUBLISHED: 2019-09-18
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.
CVE-2019-5042
PUBLISHED: 2019-09-18
An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability.
CVE-2019-5066
PUBLISHED: 2019-09-18
An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs ...
CVE-2019-5067
PUBLISHED: 2019-09-18
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerabi...