The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
MapReduce: simplified data processing on large clusters
Communications of the ACM - 50th anniversary issue: 1958 - 2008
Browser security: lessons from Google Chrome
Communications of the ACM - A Blind Person's Interaction with Technology
Browser Security: Lessons from Google Chrome
Queue - Distributed Computing
Which is the right source for vulnerability studies?: an empirical analysis on Mozilla Firefox
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Towards a software failure cost impact model for the customer: an analysis of an open source product
Proceedings of the 6th International Conference on Predictive Models in Software Engineering
Web browser security update effectiveness
CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
Hi-index | 0.00 |
Although there is an increasing trend for attacks against popular Web browsers, only little is known about the actual patch level of daily used Web browsers on a global scale. We conjecture that users in large part do not actually patch their Web browsers based on recommendations, perceived threats, or any security warnings. Based on HTTP useragent header information stored in anonymized logs from Google's web servers, we measured the patch dynamics of about 75% of the world's Internet users for over a year. Our focus was on the Web browsers Firefox and Opera. We found that the patch level achieved is mainly determined by the ergonomics and default settings of built-in auto-update mechanisms. Firefox' auto-update is very effective: most users installed a new version within three days. However, the maximum share of the latest, most secure version never exceeded 80% for Firefox users and 46% for Opera users at any day in 2007. This makes about 50 million Firefox users with outdated browsers an easy target for attacks. Our study is the result of the first global scale measurement of the patch dynamics of a popular browser.