Software updates as a security metric: Passive identification of update trends and effect on machine infection

Botnets have become a vital part of underground economy and botherders are actively looking for new recruits to join their bot army. A lapse by an end user or an administrator in terms of not updating their software enables the botherder to achieve this objective. In this paper we will investigate the phenomenon of a machine infection from the perspective of a user update behavior. We also present type of attacks that are launched by hackers to compromise machine and the vulnerabilities that lead to such attacks as a result of update behavior. We will also characterize the user update behavior on the test network of study. Finally we will compare the update behavior of machines that were infected with the ones that were not infected. The objective of this investigation is to see if update behavior could be used as an effective security metric, our trends show that there is a very clear correlation between the machines that were infected and the machines that were not updated.