They estimated that only 576 million of 1.4 billion Internet users worldwide used the most secure browsers. The data came from Google's server logs between January 2007 and last month.

Mozilla users are most likely to be using the latest versions of their browsers, with 83 percent of Firefox users patched. By contrast, only 63.3 percent of Safari users and 56.1 percent of Opera users have the latest versions. Microsoft Internet Explorer users ranked at the bottom with only 47.6 percent using the most secure version of IE7.

"We believe the auto-update mechanism as implemented within Firefox to be the most efficient patching mechanism of the Web browsers studied," the researchers wrote.

Confirming the Data

Security-research firm Sophos came to similar conclusions with its Endpoint Assessment Test. The free online scanning service checks for security vulnerabilities. It looks for missing Microsoft security patches, disabled client firewalls, or missing security-software updates.

After five weeks, Sophos compiled the findings, and the results showed that a whopping 81 percent of the corporate endpoints tested had failed one or more of these basic checks.

"Sadly, the Web is becoming more dangerous," said Carole Theriault, a senior security associate at Sophos. In fact, Sophos finds an infected Web page every five seconds. And almost 80 percent of these are legitimate sites.

"Sites become infected due to lax security, either due to poor maintenance or lack of understanding of the threat," Theriault said. "And this does not just affect small mom and pop sites."

Last week Sophos warned about a tennis-related Web site infected with malware, and on Wednesday it warned about Sony PlayStation Web pages.

Remedying the Problem

Web surfers are a major target for attackers. If you use a poorly protected computer and land on a site with malicious code, you seriously increase your chances of getting infected, Theriault said. "Basically, surfing the Web from a PC without the latest antivirus and security patches is about as safe as hanging out in the south pole in your birthday suit," she quipped.

Why is the problem so bad? Because hackers are actively looking to infect users and steal valuable information. Vendors are desperate to give customers a safe browsing experience and issue security patches regularly, but those only work if people download and install them, Theriault said.

Sophos recommends these safeguards: