Apple, Opera slammed over browser patch regimes

Google's Chrome and Mozilla's Firefox come out on top for delivering prompt patches to users

Apple and Opera lag behind Google and Mozilla when it comes to distributing Web browser updates due to how they've structured their patch programs, according to new research.

Only 53 percent of users on a 3.x version of Safari applied a new update within three weeks, wrote Thomas Duebendorfer of Google Switzerland and Stefan Frei of the Swiss Federal Institute of Technology (ETH Zurich) in a research paper.

Also, people running a 3.2 version of Safari are required to apply a Tiger or Leopard operating system update first before getting new browser updates, which slows the overall patch process. Within three weeks of the release of Safari version 3.2.1, for example, only 33 percent of users had it installed.

Opera's browser will check for updates once a week, but a user must go through the same installation procedure for updates as if they were installing Opera for the first time. It's a cumbersome process, the researchers wrote.

Three weeks after a new release, only 24 percent of active daily users of Opera version 9.x have the newest version installed. However, Opera plans to incorporate an auto-update mechanism in its next planned release, version 10.

"All in all, the poor update effectiveness of Apple Safari and Opera gives attackers plenty of time to use known exploits to attack users of outdated browsers," the researchers wrote.

Frei and Duebendorfer collected their data on browsers by analyzing Google's Web logs, which records the user-agent strings of browsers. A user-agent string is data that usually reveals the type of Web browser and version a person uses.

Microsoft's Internet Explorer browser was excluded from some parts of the study since its user-agent string does not reveal incremental version changes for security reasons.

Google's Chrome came out on top. The study found that 97 percent of Chrome users on version 1.x received an upgrade within three weeks. Chrome uses a silent update mechanism where updates are downloaded automatically without user prompts and then applied when the browser is restarted.

Google has also open-sourced its auto-update technology, code-named Omaha, which means anyone can use it. Omaha will poll Google for updates even when Chrome is not running, the researchers wrote. Chrome checks for updates every five hours.

Chrome users may not hit a 100 percent update level due to other problems, such as people not restarting the browser, firewalls blocking updates and some computers, in place such as Internet cafés, that run read-only software images in virtual machines that don't allow software updates, they wrote.

Mozilla's Firefox browser came in second best, with about 85 percent of users employing the latest version 21 days after its release. Firefox frequently checks for updates and also prompts users to install the new version, which contributes to the speedy updates, they wrote.

Updating a Web browser is important as it is one of the most frequently attacked applications. Frei and Duebendorfer wrote that overall, 45.2 percent of Web users were not using the latest version of their Web browser, according to the Google server logs they analyzed.

"Web browsers are in dire need of a very effective update mechanism or they will lose the battle for securing vulnerable Web browsers before their users fall victim to attackers," they wrote.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Appleoperasecurity patchweb browsers

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?