Skip to main content
SpringerLink
Log in

Web Browser Security Update Effectiveness

  • Conference paper
Book cover Critical Information Infrastructures Security (CRITIS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6027))

Abstract

We analyze the effectiveness of different Web browser update mechanisms on various operating systems; from Google Chrome’s silent update mechanism to Opera’s update requiring a full re-installation. We use anonymized logs from Google’s world wide distributed Web servers. An analysis of the logged HTTP user-agent strings that Web browsers report when requesting any Web page is used to measure the daily browser version shares in active use. To the best of our knowledge, this is the first global scale measurement of Web browser update effectiveness comparing four different Web browser update strategies including Google Chrome. Our measurements prove that silent updates and little dependency on the underlying operating system are most effective to get users of Web browsers to surf the Web with the latest browser version.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Frei, S., Duebendorfer, T., Ollmann, G., May, M.: Understanding the Web browser threat. Technical Report 288, TIK, ETH Zurich. Presented at DefCon 16, August 2008, Las Vegas, USA (June 2008), http://www.techzoom.net/insecurity-iceberg

  2. Frei, S., Schatzmann, D., Plattner, B., Trammel, B.: Modelling the Security Ecosystem - The Dynamics of (In)Security. In: Workshop on the Economics of Information Security (WEIS), UK (June 2009) http://weis09.infosecon.net/ , http://www.techzoom.net/security-ecosystem

  3. Finjan. How a cybergang operates a network of 1.9 million infected computers. MCRC Blog - 2009 (April 2009), http://www.finjan.com/MCRCblog.aspx?EntryId=2237

  4. Frei, S., Duebendorfer, T., Plattner, B.: Firefox (In)security update dynamics exposed. SIGCOMM Comput. Commun. Rev. 39(1), 16–22 (2009), http://doi.acm.org/10.1145/1496091.1496094

    Article  Google Scholar 

  5. Google Chrome Web browser, http://www.google.com/chrome

  6. Duebendorfer, T., Frei, S.: Why Silent Updates Boost Security. Technical Report 302, TIK, ETH Zurich (May 2009), http://www.techzoom.net/silent-updates

  7. NIST. National Vulnerability Database (NVD), http://nvd.nist.gov

  8. Common Vulnerability Scoring System (CVSS) Calculator, http://nvd.nist.gov/cvss.cfm?calculator&version=2

  9. Omaha, the open source Google Updater, http://code.google.com/p/omaha/

  10. Opera, http://my.opera.com/desktopteam/blog/index.dml/tag/auto-update

  11. Microsoft Security Bulletin MS08-078 (December 2008), http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

  12. NetApplications.com. Search Engine Worldwide Market Share (March 2009), http://marketshare.hitslink.com/report.aspx?qprid=4

Download references

Author information

Authors and Affiliations

  1. Google Switzerland GmbH,  

    Thomas Duebendorfer

  2. Swiss Federal Institute of Technology (ETH Zurich),  

    Stefan Frei

Authors
  1. Thomas Duebendorfer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Frei
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Fraunhofer IAIS, Sankt Augustin, Germany

    Erich Rome

  2. Centre for Software Reliability, Northampton Square, City University, London, EC1V 0HB, London, UK

    Robin Bloomfield

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Duebendorfer, T., Frei, S. (2010). Web Browser Security Update Effectiveness. In: Rome, E., Bloomfield, R. (eds) Critical Information Infrastructures Security. CRITIS 2009. Lecture Notes in Computer Science, vol 6027. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14379-3_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14379-3_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14378-6

  • Online ISBN: 978-3-642-14379-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation