On January 12, 2016, Microsoft stopped support for all Internet Explorer browsers except IE 11. What does this mean? It means that security updates no longer get distributed for earlier browser versions. In the announcement that can be found here, Microsoft states clearly:
Security updates patch vulnerabilities that may be exploited by malware, helping to keep users and their data safer. Regular security updates help protect computers from malicious attacks, so upgrading and staying current is important.
So, how big of a browser security problem is this? It turns out it is a pretty big one. Here at Cedexis, we are fortunate to have the Radar Community, with over 900 enterprise contributors. This community generates billions of Real User Measurements (RUM) every day from every country in the world and every browser type and computer type. So, we see what people are using out there in the world. The results are not always pretty.
When we take 24 hours of measurements and limit it to just Microsoft IE, here is what we see for the entire world.
Whoa! 48% of the IE world is pre Internet Explorer 11! 1% of the world that is using IE is still using IE 7 for goodness sake!
To make the point more clear – Malware that infects your computer is often used to generate cyber attacks. Microsoft will no longer support security updates for 48% of the world’s Internet Explorer Instances as of Jan 12th 2016. This means the likelihood of these Internet Explorer Instances getting infected is almost 100% – creating an army of infected machines around the world
So, where do we typically see these cyber attacks coming from? This Government Technology Report identified these countries as the biggest offenders:
Let’s take a look at the breakdown of Internet Explorer in China, shall we?
Shiver me browsers! 63% of China’s instances of Internet Explorer today are not getting Malware updates anymore. Over 10% of all the IE in China is on Version 7 – a full four versions back!
Let’s contrast that with the US for a sanity check (and since the US is #2 on places where cyber attacks originate from).
While the US fares somewhat better than China, they are certainly not in great shape either. With only 42% of the IE instances in the US on Version 11, that leaves the majority of IE exposed.
What about Russia? How does the Northern Bear do in keeping its citizens up to date on their browsers?
In some ways, Russia is much worse off than China and in some ways much better off. It’s worse in the obvious way – with only 31% of the IE in Russia on Version 11, that leaves roughly 69% on previous versions. Russia is better off because they have 63% on Version 10 (the directly previous version). This is a much easier upgrade path than moving from Version 7 to Version 11.
For comparison, let’s see how Poland does?
As you can see, Poland is doing a fantastic job of browser version maintenance compared to the three superpowers. With over 80% of their IE users on the current supported version of Internet Explorer, it may be no accident why they are not on the top ten list of countries where attacks originate from.
As a last point, we will look under the covers of a troubled country that is in the news today.
While not as version compliant as the admirable Poles, the Syrians have a majority of their IE on the current version, and this is certainly better than China, the US and Russia.
How important is this security risk? How many people are still using Internet Explorer anyway? This is certainly a valid question. Depending on who you believe, it is anywhere from 10% – 24% of the total browser usage.
The Cedexis Radar Community data corresponds very closely to these numbers, and that puts IE in the top four (along with Firefox, Safari and Chrome). While usage of Internet Explorer has dropped from roughly 40% of the browser market in 2009 to whatever it is today, it is important to understand that this still represents many millions of copies of this potentially infectable software out in the wild.
Learn how to identify and solve issues for your company like security risks from outdated Internet Explorer browsers by joining the free Radar Community, accessing Real User Measurements and using our free traffic analysis tools to solve real world web traffic problems.