When Google released the first version of its Chrome web browser, many eyebrows were raised over the fact that it updated itself automatically and silently, in the background, without user intervention or even so much as a notice. As it turns out, this has been a brilliant move by Google, as Chrome users are the most likely to have up-to-date installations of their browser, followed at a respectable distance by Firefox users. Safari and Opera trail behind significantly.
The news comes from a report engineered by the Swiss Federal Institute of Technology’s Stefan Frei and Google’s Thomas Duebendorfer, in which they accumulated version strings off Google servers all over the world. They then looked at how many people upgraded to a new version within 21 days of its release. The numbers are shocking – security fetishists may want to avert their eyes.
Overall, they found that 45.2% (!) were not using the latest version of their web browser when visiting Google’s servers. As we all know, browsers are increasingly being used as an attack vector, so not running the latest version of your browser is just asking for trouble.
Diving deeper into the figures, they found that Chrome is the king when it comes to deploying updates: within 21 days of the release of Chrome 18.104.22.168, 97% of Chrome users hitting Google’s servers had the update installed. Firefox came in second, with 85% of Firefox users hitting Google’s servers having updated to Firefox 3.0.8 within 21 days. Safari users lagged behind considerably, as 53% of Safari users had updated to Safari 3.1.1 within 21 days (Safari 3.2.0 and 3.2.1, which raised the minimum OS version requirements, did even worse: no more than 33%). Opera, which forces its users to install updates as if they were fresh installations, did the worst: only 24% of Opera users installed Opera 9.63 within 21 days of release.
As you can see, the silent update feature in Chrome works the best, followed by Firefox’ one-click updates. Safari comes in third with its reliance on Software Update; let’s not even get started about Opera. In case you’re wondering, Internet Explorer is left out of the picture because its version string does not differentiate between minor versions.
When it comes to web browsers, silent updating simply is the way to go to get users to upgrade to the latest, more secure version of their web browser. Some have reservations about auto-updating tools, mostly thanks to hideously bloated updaters from Sun and Adobe. However, Google’s background updating service takes only 816k of memory on my systems, and since it all happens silently, you’re never bothered by pop-ups or other workflow-interrupting elements. Note that Google’s updating service is available as open source under the Apache license, so you can check whether or not it does anything fishy.
I guess both Safari and Opera (and probably IE too) can really learn quite a few things from both Chrome and Firefox when it comes to updates. Especially Opera might want to take a look at its updating scheme, and implement at least some sort of updating mechanism that’s slightly less 1995, instead of worrying about Microsoft and IE tying.