Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: IE adoption rate - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IE adoption rate
If you read our diary articles for a while, you for sure have seen regular entries encouraging you to use other browsers than IE. Now we all expect security minded people to make other choices in what browser they use compared to the general public visiting non technical web sites.

So do security minded people actually choose other browsers compared to the general population(*) ?

IE adoption

This chart looks at  two populations and measures how many visitors use a version of IE to visit that web site. As expected the percentage of visitors using a version of IE on a security related web site is significantly lower than on generic web sites.

It's interesting to note that
  • Firefox versions are about as popular in the security minded population as IE versions.
  • These values hardly changed at all over the past 12 months, there's a very slight downward trend, but it's so small that it'd need serious thoughts from a statistical perspective before drawing any conclusions (graph not shown).

I've been looking at the evolution in IE 7's adoption since it got released and subsequently put on automatic updates with great anticipation as it would allow me to stop supporting IE 6's bugs when dealing with CSS.

IE adoption

This graph lists the percentage of IE using visitors that have upgraded to IE  version 7. The blue graph is for the security minded population and the red graph is for the generic population(*).

Security minded visitors seemed to have upgraded their browsers much before the release of IE 7, and had a head start in adoption rates. Both populations seem to have slowed their adoption of IE 7 in the last months. Security minded users seem to be at risk of loosing their adoption rate head-start.

(*) Data collected on web sites where I have access to the Google Analytics statistics, so any accuracy of browser identification is the same as for Google's Analytics. Due to this, this data completely ignores people having blocked javascript by default (e.g. by using Firefox and NoScript).
Data used to write this report contained no personal identifiable information and was collected using this website for the security minded population and from a travel website for the general population.

Swa Frantzen -- NET2S

760 Posts
Mar 18th 2007

Sign Up for Free or Log In to start participating in the conversation!