Both Apple's Safari and Opera Software's Opera browsers have come under a bit of fire by Thomas Duebendorfer of Google Switzerland and Stefan Frei of the Swiss Federal Institute of Technology. The two recently published a research paper on "Why Silent Updates Boost Security," noting deficiencies in how both aforementioned browsers go about rolling out security updates.
According to the paper, just 53 percent of users surfing with a 3.x version of Safari have applied a new update within the past three weeks, and only 33 percent of users had updated to version 3.2.1 three weeks after it had been released. The paper noted that Opera will check for updates weekly, but installing them requires "serious user activity," as the update follows the same procedure as if installing Opera for the first time.
"Opera browser users apparently don't update frequently," the researchers wrote . "After three weeks of a new release, a disappointing maximum of 24 percent active daily users of Opera 9.x have the newest Opera browser installed. It's a pity that 76 percent of Opera 9.x users currently don't benefit from the security improvements and new features of new Opera versions with three weeks of its release."
The paper went on to say that engineering time would be better spent on increasing update effectiveness rather than working on new features.
"All in all, the poor update effectiveness of Apple Safari and Opera gives attackers plenty of time to use known exploits to attacker users of outdated browsers," the researchers concluded.