People who use Firefox or Chrome are more likely to be running the latest version of the software when compared against Safari and Opera users, according to Swiss security researchers. This is thanks to the browsers' auto-update mechanisms that are keeping the users of Firefox and Chrome as secure as possible with minimal user interaction.
Those who use Firefox and Chrome are inherently more up-to-date—and therefore more secure—than those who run Safari and Opera, according to researchers from the Swiss Federal Institute of Technology (ETH Zurich) and Google Switzerland. But it's not the browsers themselves that magically make people stay updated—it's their built-in mechanisms that automatically update when new versions are available. These mechanisms are keeping a large majority of their users secure, even if power users and admins might get antsy over their loss of update control.
Swiss Federal Institute of Technology researcher Stefan Frei and Thomas Duebendorfer of Google released a paper with their findings this week called "Why Silent Updates Boost Security" (PDF). In it, they note that only about 45 percent of Internet users were using the most secure browser version when visiting Google's Web servers. This, of course, is bad news—as many Ars readers know, Web browsers are increasingly used to target vulnerable users with viruses, malware, adware, and more.
This discovery prompted the researchers to further examine what kinds of users are the most secure, and they found that 83 percent of all active Firefox users were using the latest version. However, Chrome's "silent-update" mechanism made it the most effective of all—the researchers found that 21 days after releasing Chrome version 18.104.22.168 (a version number that would surely not send most of us rushing to download), 97 percent of active Chrome 1.x users were using it. "This is by far the best update effectiveness measured for any of the four investigated Web browsers," reads the report.
Comparatively, browsers that don't stay on top of updates themselves performed poorly in Frei and Duebendorfer's analysis. Only 53 percent of Safari 3.x users had performed an update within three weeks of the update's release, and with newer releases of Safari 3.2.x, the update effectiveness was even lower. And Opera didn't fare any better. After three weeks of a new release, a maximum of 24 percent of active Opera 9.x users had the newest version installed. "It's a pity that 76 percent of Opera 9.x users currently don't benefit from the security improvements and new features of Opera versions within three weeks of its release," the researchers wrote.
Frei acknowledged in a post on his website, however, that while the silent update method may be the best for browser security, not all users are happy with the loss of control. Those who identify themselves as "expert users" are particularly sensitive to the loss of full control over what is installed on their machines, but it might be OK to let them deal with updates on their own. "Expert users don’t need to be excessively taken care by taking control over updates out of their hands. They supposedly know what they do and have the expertise to assess their risks in doing so," wrote Frei.
It's the regular old "ordinary" users who need the most help, he says, as there are more than a billion technically unsavvy people on the Internet with little-to-no protection other than the browser. "There is absolutely no need to confuse this class of users with unnecessary security decisions—which they anyway don’t understand," Frei notes. "I consider 'silent updates' the best solution for this group of users."
He concludes that the best option is for all browsers to include silent update options that are enabled by default, with the option for power users to turn it off. The large majority of users won't change the settings, while the remainder can customize their update preferences however they like. In the meantime, if you're a Safari or Opera user, what are you waiting for? Better go check to make sure you're up to date.
Source: ars technica