Article

Web browser security update effectiveness

Authors:

Thomas Duebendorfer and

Stefan FreiAuthors Info & Claims

CRITIS'09: Proceedings of the 4th international conference on Critical information infrastructures security

September 2009

Pages 124 - 137

Published: 30 September 2009 Publication History

Abstract

We analyze the effectiveness of different Web browser update mechanisms on various operating systems; from Google Chrome's silent update mechanism to Opera's update requiring a full re-installation. We use anonymized logs from Google's world wide distributed Web servers. An analysis of the logged HTTP user-agent strings that Web browsers report when requesting any Web page is used to measure the daily browser version shares in active use. To the best of our knowledge, this is the first global scale measurement of Web browser update effectiveness comparing four different Web browser update strategies including Google Chrome. Our measurements prove that silent updates and little dependency on the underlying operating system are most effective to get users of Web browsers to surf the Web with the latest browser version.

References

[1]

Frei, S., Duebendorfer, T., Ollmann, G., May, M.: Understanding the Web browser threat. Technical Report 288, TIK, ETH Zurich. Presented at DefCon 16, August 2008, Las Vegas, USA (June 2008), http://www.techzoom.net/insecurity-iceberg

Google Scholar

[2]

Frei, S., Schatzmann, D., Plattner, B., Trammel, B.: Modelling the Security Ecosystem - The Dynamics of (In)Security. In: Workshop on the Economics of Information Security (WEIS), UK (June 2009) http://weis09.infosecon.net/, http://www.techzoom.net/security-ecosystem

Google Scholar

[3]

Finjan. How a cybergang operates a network of 1.9 million infected computers. MCRC Blog - 2009 (April 2009), http://www.finjan.com/MCRCblog.aspx?EntryId=2237

Google Scholar

[4]

Frei, S., Duebendorfer, T., Plattner, B.: Firefox (In)security update dynamics exposed. SIGCOMM Comput. Commun. Rev. 39(1), 16-22 (2009), http://doi.acm.org/10.1145/1496091.1496094

Digital Library

Google Scholar

[5]

Google Chrome Web browser, http://www.google.com/chrome

Google Scholar

[6]

Duebendorfer, T., Frei, S.: Why Silent Updates Boost Security. Technical Report 302, TIK, ETH Zurich (May 2009), http://www.techzoom.net/silent-updates

Google Scholar

[7]

NIST. National Vulnerability Database (NVD), http://nvd.nist.gov

Google Scholar

[8]

Common Vulnerability Scoring System (CVSS) Calculator, http://nvd.nist.gov/cvss.cfm?calculator&version=2

Google Scholar

[9]

Omaha, the open source Google Updater, http://code.google.com/p/omaha/

Google Scholar

[10]

Opera, http://my.opera.com/desktopteam/blog/index.dml/tag/auto-update

Google Scholar

[11]

Microsoft Security Bulletin MS08-078 (December 2008), http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

Google Scholar

[12]

NetApplications.com. Search Engine Worldwide Market Share (March 2009), http://marketshare.hitslink.com/report.aspx?qprid=4

Google Scholar

Cited By

View all

Prakash VXie SHuang DTorres-Arias SMelara MSimon L(2022)Inferring Software Update Practices on Smart Home IoT Devices Through User Agent AnalysisProceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3560835.3564551(93-103)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3560835.3564551
Wang BLi Xde Aguiar LMenasche DShafiq Z(2017)Characterizing and Modeling Patching Practices of Industrial Control SystemsProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/30844551:1(1-23)Online publication date: 13-Jun-2017
https://dl.acm.org/doi/10.1145/3084455
Thomas DBeresford ARice ALie DWurster G(2015)Security Metrics for the Android EcosystemProceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices10.1145/2808117.2808118(87-98)Online publication date: 12-Oct-2015
https://dl.acm.org/doi/10.1145/2808117.2808118

Recommendations

Browser wars: Metaphor, Web browser, Microsoft, Internet Explorer, Netscape, Netscape Navigator, Mozilla Firefox, Google Chrome, Safari (web browser), Opera (web browser), Usage share of web browsers
Read More
The visible Web browser

As an aid to the study of the World-Wide Web, we have developed a software application that allows a user to observe the messages passed between a Web browser and a Web server. The application is based on the Mozilla Web Browser, and displays the HTTP ...
Read More
The visible Web browser
ITiCSE '99: Proceedings of the 4th annual SIGCSE/SIGCUE ITiCSE conference on Innovation and technology in computer science education

As an aid to the study of the World-Wide Web, we have developed a software application that allows a user to observe the messages passed between a Web browser and a Web server. The application is based on the Mozilla Web Browser, and displays the HTTP ...
Read More

Comments

Information & Contributors

Information

Published In

CRITIS'09: Proceedings of the 4th international conference on Critical information infrastructures security

September 2009

213 pages

ISBN:3642143784

Editors:
Erich Rome
Fraunhofer IAIS, Sankt Augustin, Germany
,
Robin Bloomfield
City University, London, Centre for Software Reliability, London, UK

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 30 September 2009

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

View all

Prakash VXie SHuang DTorres-Arias SMelara MSimon L(2022)Inferring Software Update Practices on Smart Home IoT Devices Through User Agent AnalysisProceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3560835.3564551(93-103)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3560835.3564551
Wang BLi Xde Aguiar LMenasche DShafiq Z(2017)Characterizing and Modeling Patching Practices of Industrial Control SystemsProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/30844551:1(1-23)Online publication date: 13-Jun-2017
https://dl.acm.org/doi/10.1145/3084455
Thomas DBeresford ARice ALie DWurster G(2015)Security Metrics for the Android EcosystemProceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices10.1145/2808117.2808118(87-98)Online publication date: 12-Oct-2015
https://dl.acm.org/doi/10.1145/2808117.2808118

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Recommendations

Browser wars: Metaphor, Web browser, Microsoft, Internet Explorer, Netscape, Netscape Navigator, Mozilla Firefox, Google Chrome, Safari (web browser), Opera (web browser), Usage share of web browsers

The visible Web browser

The visible Web browser

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations