Hey, Dummies: Update Your Browsers Now or Get Hacked

There's no bigger window onto the world than your computer or smartphone's web browser, which is why you have to keep that window clean and locked by regularly updating it. Unfortunately, many people don't update their browsers and browser plugins, and that negligence exposes both themselves and others to higher risk of malware infection and privacy breaches.

Credit: JMiks/Shutterstock

(Image credit: JMiks/Shutterstock)

Duo Security, an information-security firm in Ann Arbor, Michigan, recently released two overlapping studies involving three million devices. The company found that 20 percent of Windows devices were running out-of-date versions of Internet Explorer, and a whopping 59 percent of Android devices were running out-of-date Chrome.

To avoid this problem, pay attention to when your phone, tablet or computer alerts you that browser updates are available. Install the updates. In most cases, you won't need to restart your system. You'll be safer from hackers, malware and identity thieves.

MORE: Best Antivirus - Top Software for PC, Mac and Android

Ironically, Chrome patching was much better on Windows, on which 82 percent of Chrome installations were up-to-date. That's probably because Chrome updates itself when it restarts — and most people reboot their phones or tablets much less often than they do their PCs or Macs.

Likewise, Internet Explorer 11 and Edge, Microsoft's newest browser, update themselves automatically, which is perhaps why 68 percent of all Windows devices surveyed were running the latest versions of IE or Edge. (That's including the 65 percent of Windows devices still running Windows 7.)

The update situation is worse with two of the most prevalent browser plugins. A full 72 percent of machines with Java installed were running outdated versions, while 60 percent of Adobe Flash Player plugins were out of date. (It's possible to run Java without having any Java browser plugins, but not vice versa.)

Flash and Java are responsible for some of the worst browser exploits — heck, sometimes Flash doesn't even have to be out of date for attacks to occur. That's why it's heartening to see that 20 percent of devices had no Flash installed, and 78 percent had no Java installed. (Here's how to manage or remove Java, here's how to disable Flash, and here's how to keep Flash, but run it only when you let it.)

Unfortunately, those rosy numbers are partly due to the fact that iOS has never used Flash and Android has phased it out. On Windows, only 38 percent of Internet Explorer users had patched their Flash plugins. On Chrome, that number was 89 percent, because — you guessed it — Chrome patches Flash automatically. (So do IE 11 and Edge.)

So what should you do? If you're on Windows, use Chrome, Internet Explorer 11 or Edge. Don't use older versions of IE. If you're still using Windows XP, use Chrome. Firefox users will need to keep up on manual updates, including Flash ones, and to be honest, many people won't do it.

If you're on Android, pay attention to when the system notifies you that updates are available for Chrome, Firefox and other browsers. Install those patches.

If you're on a Mac, use Chrome or Safari. The former will update itself (and any Flash plugins), while the latter will update with Mac system updates.

If you're on iOS, you're in pretty good shape. Most iOS users quickly update to the latest version of the operating system, and Safari updates are built into that.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.