Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A report by researchers at Google Switzerland and the Swiss Federal Institute of Technology, found that the Google Chrome web browser was the most likely to be up-to-date due to its ‘silent' update every five hours.
The report's authors, Thomas Duebendorfer and Stefan Frei, claimed that after 21 days of releasing Google Chrome 1.0.154.48, a 97 per cent share of active Google Chrome 1.x users were using the latest Google Chrome 1.x version. This, the authors wrote, was ‘by far the best update effectiveness measured for any of the four investigated web browsers.'
The report was less complimentary about Safari and Opera, claiming that as Safari is updated through Apple's ‘Software Update' service integrated in OS X, the user can choose to check for updates daily, weekly, monthly or not at all. When updates are available, the user is prompted to initiate the download and get them installed.
The report said: “During an update, affected applications sometimes have to be closed, which is an annoyance to users. After installation of the update, the next time Apple Safari is started, the new version will be used.”
Meanwhile, the report claimed that even though Opera checks for updates every week and notifies the user when a new update is available, the update process involves a user being forwarded to the Opera download website, where the update follows the same procedure as if the user were to install Opera for the first time.
The report said: “This update procedure requires serious user activity and typically about ten user decisions on different dialogs, such as choosing the install/update location, clicking the licence agreement, closing the active browser, etc.”
In conclusion of patching strategies, the authors said: “Based on our measurements and the evolution of the threats towards end-users we suggest that software vendors release patches for attack exposed applications, such as web browsers and plug-ins, as soon as they are available - while keeping a patch schedule for less attack exposed applications. We believe that there is room for a better trade-off to benefit overall security.”
Finally the authors concluded that "all in all, the poor update effectiveness of Apple Safari and Opera gives attackers plenty of time to use known exploits to attack users of outdated browsers".See original article on scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.