A new research paper written by Thomas Duebendorfer at Google Switzerland and Stefan Frei of the Swiss Federal Institute of Technology (ETH Zurich) criticizes the update mechanism of the Apple Safari and Opera browsers.
The researchers state the patch regimes from Apple and Opera are inferior to Google and Mozilla, and offer proof that this leads to low install rates of the latest security updates. For instance, the paper claims only 53 percent of Safari 3.x users apply a new update within three weeks, while as few as 24 percent of Opera 9x users have the latest version installed in the same timeframe.
Google's Chrome browser came out on top, the study found 97 percent of Chrome users upgrade within three weeks, while Firefox was the second best with about 85 percent of users employing the latest version. Microsoft's Internet Explorer was excluded from some parts of the study because the version of this browser is harder to track.
Opera's browser will check for updates once a week, but a user must go through the same installation procedure for updates as if they were installing Opera for the first time. It's a cumbersome process, the researchers wrote.
Three weeks after a new release, only 24 percent of active daily users of Opera version 9.x have the newest version installed. However, Opera plans to incorporate an auto-update mechanism in its next planned release, version 10.
"All in all, the poor update effectiveness of Apple Safari and Opera gives attackers plenty of time to use known exploits to attack users of outdated browsers," the researchers wrote.