Web Browser Security Update Effectiveness

  • Thomas Duebendorfer
  • Stefan Frei
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6027)


We analyze the effectiveness of different Web browser update mechanisms on various operating systems; from Google Chrome’s silent update mechanism to Opera’s update requiring a full re-installation. We use anonymized logs from Google’s world wide distributed Web servers. An analysis of the logged HTTP user-agent strings that Web browsers report when requesting any Web page is used to measure the daily browser version shares in active use. To the best of our knowledge, this is the first global scale measurement of Web browser update effectiveness comparing four different Web browser update strategies including Google Chrome. Our measurements prove that silent updates and little dependency on the underlying operating system are most effective to get users of Web browsers to surf the Web with the latest browser version.


Software Vendor Window Vista Major Version Usage Share Package Management System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Frei, S., Duebendorfer, T., Ollmann, G., May, M.: Understanding the Web browser threat. Technical Report 288, TIK, ETH Zurich. Presented at DefCon 16, August 2008, Las Vegas, USA (June 2008),
  2. 2.
    Frei, S., Schatzmann, D., Plattner, B., Trammel, B.: Modelling the Security Ecosystem - The Dynamics of (In)Security. In: Workshop on the Economics of Information Security (WEIS), UK (June 2009),
  3. 3.
    Finjan. How a cybergang operates a network of 1.9 million infected computers. MCRC Blog - 2009 (April 2009),
  4. 4.
    Frei, S., Duebendorfer, T., Plattner, B.: Firefox (In)security update dynamics exposed. SIGCOMM Comput. Commun. Rev. 39(1), 16–22 (2009), CrossRefGoogle Scholar
  5. 5.
    Google Chrome Web browser,
  6. 6.
    Duebendorfer, T., Frei, S.: Why Silent Updates Boost Security. Technical Report 302, TIK, ETH Zurich (May 2009),
  7. 7.
    NIST. National Vulnerability Database (NVD),
  8. 8.
    Common Vulnerability Scoring System (CVSS) Calculator,
  9. 9.
    Omaha, the open source Google Updater,
  10. 10.
  11. 11.
    Microsoft Security Bulletin MS08-078 (December 2008),
  12. 12. Search Engine Worldwide Market Share (March 2009),

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Thomas Duebendorfer
    • 1
  • Stefan Frei
    • 2
  1. 1.Google Switzerland GmbH 
  2. 2.Swiss Federal Institute of Technology (ETH Zurich) 

Personalised recommendations