{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,16]],"date-time":"2025-12-16T12:11:40Z","timestamp":1765887100701,"version":"3.41.0"},"reference-count":16,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2008,12,31]],"date-time":"2008-12-31T00:00:00Z","timestamp":1230681600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGCOMM Comput. Commun. Rev."],"published-print":{"date-parts":[[2008,12,31]]},"abstract":"<jats:p>Although there is an increasing trend for attacks against popular Web browsers, only little is known about the actual patch level of daily used Web browsers on a global scale. We conjecture that users in large part do not actually patch their Web browsers based on recommendations, perceived threats, or any security warnings. Based on HTTP useragent header information stored in anonymized logs from Google's web servers, we measured the patch dynamics of about 75% of the world's Internet users for over a year. Our focus was on the Web browsers Firefox and Opera. We found that the patch level achieved is mainly determined by the ergonomics and default settings of built-in auto-update mechanisms. Firefox' auto-update is very effective: most users installed a new version within three days. However, the maximum share of the latest, most secure version never exceeded 80% for Firefox users and 46% for Opera users at any day in 2007. This makes about 50 million Firefox users with outdated browsers an easy target for attacks. Our study is the result of the first global scale measurement of the patch dynamics of a popular browser.<\/jats:p>","DOI":"10.1145\/1496091.1496094","type":"journal-article","created":{"date-parts":[[2009,1,20]],"date-time":"2009-01-20T14:41:13Z","timestamp":1232462473000},"page":"16-22","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":21,"title":["Firefox (In) security update dynamics exposed"],"prefix":"10.1145","volume":"39","author":[{"given":"Stefan","family":"Frei","sequence":"first","affiliation":[{"name":"Swiss Federal Institute of Technology (ETH) \/ Google Switzerland GmbH, Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Duebendorfer","sequence":"additional","affiliation":[{"name":"Swiss Federal Institute of Technology (ETH) \/ Google Switzerland GmbH, Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bernhard","family":"Plattner","sequence":"additional","affiliation":[{"name":"Swiss Federal Institute of Technology (ETH) \/ Google Switzerland GmbH, Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2008,12,31]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Baumgartner K. Storm 2007 - Malware 2.0 has arrived. http:\/\/www.virusbtn.com\/pdf\/conference_slides\/2007\/BaumgartnerVB2007.pdf.  Baumgartner K. Storm 2007 - Malware 2.0 has arrived. http:\/\/www.virusbtn.com\/pdf\/conference_slides\/2007\/BaumgartnerVB2007.pdf."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC1945"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1327452.1327492"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2068"},{"key":"e_1_2_1_6_1","unstructured":"Frei S. D\u00fcbendorfer T. Plattner B. Repository of high-resolution browser update dynamics plots. http:\/\/www.techzoom.net\/risk.  Frei S. D\u00fcbendorfer T. Plattner B. Repository of high-resolution browser update dynamics plots. http:\/\/www.techzoom.net\/risk."},{"key":"e_1_2_1_7_1","unstructured":"Janco. Browser and OS Market Share White Paper. http:\/\/www.e-janco.com\/Samples\/BrowserSample.pdf Apr. 2008.  Janco. Browser and OS Market Share White Paper. http:\/\/www.e-janco.com\/Samples\/BrowserSample.pdf Apr. 2008."},{"key":"e_1_2_1_8_1","unstructured":"Mozilla Foundation. User-Agent Definition. http:\/\/www.mozilla.org\/build\/revised-user-agent-strings.html.  Mozilla Foundation. User-Agent Definition. http:\/\/www.mozilla.org\/build\/revised-user-agent-strings.html."},{"key":"e_1_2_1_9_1","unstructured":"Net Applications. Browser Market Share. http:\/\/marketshare.hitslink.com\/report.aspx?qprid=3 Jan. 2008.  Net Applications. Browser Market Share. http:\/\/marketshare.hitslink.com\/report.aspx?qprid=3 Jan. 2008."},{"key":"e_1_2_1_10_1","unstructured":"Net Applications. Search Engine Market Share. marketshare.hitslink.com\/report.aspx?qprid=4 Apr. 2008.  Net Applications. Search Engine Market Share. marketshare.hitslink.com\/report.aspx?qprid=4 Apr. 2008."},{"key":"e_1_2_1_11_1","unstructured":"Ollmann G. User Agent Attacks. http:\/\/www.technicalinfo.net\/blog\/security\/20080121_UserAgentAttacks.html.  Ollmann G. User Agent Attacks. http:\/\/www.technicalinfo.net\/blog\/security\/20080121_UserAgentAttacks.html."},{"key":"e_1_2_1_12_1","unstructured":"Ollmann G. X-Morphic Exploitation. http:\/\/www.iss.net\/documents\/whitepapers\/IBM_ISS_x-morphic_exploitation.pdf.  Ollmann G. X-Morphic Exploitation. http:\/\/www.iss.net\/documents\/whitepapers\/IBM_ISS_x-morphic_exploitation.pdf."},{"key":"e_1_2_1_13_1","unstructured":"OneStat. Web Analytics. http:\/\/www.onestat.com\/html\/aboutus_pressbox53-firefox-mozilla-browser-market-share.html.  OneStat. Web Analytics. http:\/\/www.onestat.com\/html\/aboutus_pressbox53-firefox-mozilla-browser-market-share.html."},{"volume-title":"Proceedings of HotBots 2007","year":"2007","author":"Provos N.","key":"e_1_2_1_15_1"},{"key":"e_1_2_1_16_1","unstructured":"Qualys Research Report. Laws of Vulnerabilities. http:\/\/www.qualys.com\/docs\/Laws-Report.pdf.  Qualys Research Report. Laws of Vulnerabilities. http:\/\/www.qualys.com\/docs\/Laws-Report.pdf."},{"key":"e_1_2_1_17_1","unstructured":"Secunia. Personal Software Inspector (PSI). http:\/\/secunia.com\/blog\/17\/.  Secunia. Personal Software Inspector (PSI). http:\/\/secunia.com\/blog\/17\/."},{"key":"e_1_2_1_18_1","unstructured":"TheCounter.com. Web Analytics. http:\/\/www.thecounter.com\/stats.  TheCounter.com. Web Analytics. http:\/\/www.thecounter.com\/stats."}],"container-title":["ACM SIGCOMM Computer Communication Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1496091.1496094","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1496091.1496094","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:45:43Z","timestamp":1750250743000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1496091.1496094"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,12,31]]},"references-count":16,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2008,12,31]]}},"alternative-id":["10.1145\/1496091.1496094"],"URL":"https:\/\/doi.org\/10.1145\/1496091.1496094","relation":{},"ISSN":["0146-4833"],"issn-type":[{"type":"print","value":"0146-4833"}],"subject":[],"published":{"date-parts":[[2008,12,31]]},"assertion":[{"value":"2008-12-31","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}