Abstract
We analyze the effectiveness of different Web browser update mechanisms on various operating systems; from Google Chrome’s silent update mechanism to Opera’s update requiring a full re-installation. We use anonymized logs from Google’s world wide distributed Web servers. An analysis of the logged HTTP user-agent strings that Web browsers report when requesting any Web page is used to measure the daily browser version shares in active use. To the best of our knowledge, this is the first global scale measurement of Web browser update effectiveness comparing four different Web browser update strategies including Google Chrome. Our measurements prove that silent updates and little dependency on the underlying operating system are most effective to get users of Web browsers to surf the Web with the latest browser version.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Frei, S., Duebendorfer, T., Ollmann, G., May, M.: Understanding the Web browser threat. Technical Report 288, TIK, ETH Zurich. Presented at DefCon 16, August 2008, Las Vegas, USA (June 2008), http://www.techzoom.net/insecurity-iceberg
Frei, S., Schatzmann, D., Plattner, B., Trammel, B.: Modelling the Security Ecosystem - The Dynamics of (In)Security. In: Workshop on the Economics of Information Security (WEIS), UK (June 2009) http://weis09.infosecon.net/ , http://www.techzoom.net/security-ecosystem
Finjan. How a cybergang operates a network of 1.9 million infected computers. MCRC Blog - 2009 (April 2009), http://www.finjan.com/MCRCblog.aspx?EntryId=2237
Frei, S., Duebendorfer, T., Plattner, B.: Firefox (In)security update dynamics exposed. SIGCOMM Comput. Commun. Rev. 39(1), 16–22 (2009), http://doi.acm.org/10.1145/1496091.1496094
Google Chrome Web browser, http://www.google.com/chrome
Duebendorfer, T., Frei, S.: Why Silent Updates Boost Security. Technical Report 302, TIK, ETH Zurich (May 2009), http://www.techzoom.net/silent-updates
NIST. National Vulnerability Database (NVD), http://nvd.nist.gov
Common Vulnerability Scoring System (CVSS) Calculator, http://nvd.nist.gov/cvss.cfm?calculator&version=2
Omaha, the open source Google Updater, http://code.google.com/p/omaha/
Opera, http://my.opera.com/desktopteam/blog/index.dml/tag/auto-update
Microsoft Security Bulletin MS08-078 (December 2008), http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
NetApplications.com. Search Engine Worldwide Market Share (March 2009), http://marketshare.hitslink.com/report.aspx?qprid=4
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Duebendorfer, T., Frei, S. (2010). Web Browser Security Update Effectiveness. In: Rome, E., Bloomfield, R. (eds) Critical Information Infrastructures Security. CRITIS 2009. Lecture Notes in Computer Science, vol 6027. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14379-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-14379-3_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14378-6
Online ISBN: 978-3-642-14379-3
eBook Packages: Computer ScienceComputer Science (R0)