by Search Copywriter
Y. Sulaiman
Y. Sulaiman
Google has long been at the receiving end of privacy campaigners' shotguns over the way it collects data without the explicit consent of users. However, a new study released this week indicates that there's at least one element of its ongoing secretive machinations that few people could complain about - online security.Research from Google Switzerland and the Swiss Federal Institute of Technology has shown that Google's Chrome browser and Mozilla Firefox have far superior browser security standards than Apple's Safari and Opera - precisely because security patches are made silently, rather than prompting users to update their browsers themselves.
The data, pulled from anonymous Google logs, revealed that three weeks after a new Opera release, only 24 per cent of users had the new - and more secure - version. Similarly, just 53 per cent of Safari users had a 3.x version of the browser within 21 days after the security update was issued. In contrast, 97 per cent of Google Chrome users and 85 per cent of Firefox fans were running the most recent, security-updated version of their browsers within the same time period.
Thomas Duebendorfer and Stefan Frei, authors of the report, said: "All in all, the poor update effectiveness of Apple Safari and Opera gives attackers plenty of time to use known exploits to attack users of outdated browsers."
Essentially, the report claims that the way in which the browsers are updated accounts for the stark differences revealed. Chrome, for instance, checks for browser updates every five hours; updates are instantly downloaded and then installed the next time the browser starts. Firefox follows a similar pattern, checking for updates each time the browser is started and users are subsequently asked to reboot the programme to update.
Conversely, Safari users running a 3.2 version of the browser must download a Tiger or Leopard operating system update before browser updates are enabled, while Opera only checks for updates each week, with users having to re-install each time a security patch is downloaded.
One glaring omission from the Google Switzerland survey is clearly the absence of Internet Explorer in its findings. However, researchers were unable to track IE's browser updating as Microsoft omits the minor version number in user agent string reports. Nevertheless, the authors warned the leading internet browser to consider changing its Patch Tuesday release pattern, which it claimed was beneficial to large organisations but fails to protect the masses of individual IE users.IE has been losing users fast over the last few years, with its market share dropping from 79 per cent in May 2007 to 66.1 per cent in April 2009, according to the most recent Net Application figures. Chrome, on the other hand, has continued to gain ground since coming out of beta, with market share up from 0.83 per cent in December 2008 to 1.42 per cent today.
Couple these emerging trends with the report's findings - as well as the recent addition of Chrome installation prompts displayed to IE users accessing the Google homepage - and the future implications for Google's browser are significant. What's more, with McAfee's first quarter threat report for 2009 showing that the number of IP addresses connected to botnet use has swelled by 12 million since January, browser security looks set to become more important than ever this year.
