Plug-ins are still a dangerous blind spot for many enterprises with a well-known clutch of common ones routinely out of date on most business PCs, Zscaler’s Q3 2011 State of the Web report has found.
Using the company’s own tools, the main offenders were Adobe’s Shockwave, out of date on 94.2 percent of computers on which it was installed, Java on 70 percent, Adobe Reader on 65.8 percent, Quicktime on 42.5 percent, and Outlook browser add-ons on 19.8 percent.
For perspective, enterprise http/https traffic is still dominated by Internet Explorer on 58 percent, Firefox on almost 11 percent, Safari a surprise entry at 7 percent, and plug-ins themselves generating 23 percent, which is where some of the trouble begins.
The most popular plug-ins include Flash, found on 94.4 percent of PCs, Windows Media Player on 87 percent, Adobe Reader on 84.7 percent and Outlook on 84.2 percent.
“Looking at the statistics, it becomes clear that most companies have little control over the type of plug-ins that their employees are using, or the specific version of plug-ins in use,” said the authors.
Even browsers themselves don’t necessarily get updated often; a combined 24.2 percent of IE users were found to still be using version 6.x and 7.x, with fewer than 2 percent on the latest version, 9.x.
Although the assessment of single company, these numbers are in line with other that have looked into the same issue of the enterprise browser plug-in use. Last July, vulnerability company Qualys found that Java was a particular weakness at that time, out of date on 40 percent of computers.
Zscaler’s figures do appear to fluctuate wildly for some plug-ins as a comparison with the company’s Q2 State of the Web Report shows.
At that time, Shockwave was out of date on only a third of computers on which it was installed compared to more than 90 percent now. This suggests that the rapid updating cycle of companies such as Adobe can give a slightly false picture of their vulnerability in absolute terms; companies that update plug-ins more often are by definition more likely to be out of date.
Elsewhere the company recorded a boom in enterprise Android use, which now accounts for 40.3 percent of client transactions through the company’s cloud, ahead of business favourite BlackBerry on 37.2 percent and iOS on only 22.3 percent.
The most used web 2.0 application during the period was Facebook, accounting for almost 50 percent of detected usage. Despite this popularity, the long term trend in Facebook use inside enterprises appears to be downward, Zscaler said.
View full post on National Cyber Security » Computer Hacking