Forgot your password?
typodupeerror
Mozilla Internet Explorer Security Software The Internet

Firefox Users Stay Ahead On the Update Curve 328

Posted by timothy
from the not-altogether-surprising dept.
Reader Alex links to news of a study comparing the currency and patch level of various Web browsers, excerpting: "Firefox users were far and away the most likely to use the latest version, with an overwhelming 83.3 percent running an updated browser on any given day. However, despite Firefox's single click integrate auto-update functionality, 16.7 percent of Firefox users still continue to access the Web with an outdated version of the browser, researchers said. The study also revealed that the majority of Safari users (65.3) percent were likely to use the latest version of the browser between December 2007 and June 2008, after Safari version 3 became available. Meanwhile, Microsoft's Internet Explorer users ranked last in terms of safe browsing. Between January 2007 and June 2008, less than half of IE users — 47.6 percent — were running the most secure browser version during the same time period."
This discussion has been archived. No new comments can be posted.

Firefox Users Stay Ahead On the Update Curve

Comments Filter:
  • 47% (Score:5, Funny)

    by Geak (790376) on Monday July 07, 2008 @01:23AM (#24080479)
    47% are still using Mosaic????
    • Re: (Score:2, Informative)

      by nawcom (941663)

      ftp://ftp.ncsa.uiuc.edu/Mosaic/ [uiuc.edu]

      Download. Bring back the good ol memories.

      • Re:47% (Score:5, Funny)

        by rootphreak (1320921) on Monday July 07, 2008 @02:27AM (#24080789)
        What you really need is a gopher client, or if you have to be lame enough to use an http client then lynx ftw. Mosaic is for losers.
        • Re:47% (Score:5, Informative)

          by Anonymous Coward on Monday July 07, 2008 @04:18AM (#24081211)
          Firefox 1.5-2.0 have Gopher support, as did IE5 and IE6 (although it was later disabled in a patch). I believe the reason that it was removed in Firefox and IE was because it's a codepath that wouldn't receive much testing and so it might have bugs or security holes. Considering any Gopher ramifications of any protocol change or sandbox change is an unnecessary overhead (and if you really need Gopher to view a gopher site [moo.ca] you can just install a Gopher client... speaking of which that'd be something to have as a Firefox addon).
          • Re: (Score:2, Informative)

            by PsychoPingu (1178147)
            FX3 seems to connect fairly decently to that site...
      • Re: (Score:2, Funny)

        by Nathonix (843449)
        breaks repeatedly on my system. xp sp3, dual core athlon 2.0ghz, 2gb ram.
      • Re:47% (Score:4, Funny)

        by csnydermvpsoft (596111) on Monday July 07, 2008 @09:13AM (#24082631) Homepage

        I found this file [uiuc.edu] rather amusing:

        We are currently in the process of writing a new FAQ due to some recent changes in licensing policy. Questions concerning commercial licensing of NCSAMosaic should be directed to mosaic@spyglass.com

        Questions concerning the copyright on NCSAMosaic should be directed to: mgoode@ncsa.uiuc.edu

        A new, up-to-date FAQ will be appearing here shortly.

        -David Mitchell
          08/24/94

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Read the report http://www.techzoom.net/insecurity-iceberg
      IE, Firefox, Opera and Safari dominate, >98%

  • Trust (Score:5, Informative)

    by DigitAl56K (805623) * on Monday July 07, 2008 @01:25AM (#24080489)

    I leave the auto-update feature on in Firefox because I trust that when Mozilla pushes updates they are valuable to me in terms of security or features and that they've been well tested. This has generally held to be true.

    On the other hand, on any system I administer I immediately disable automatic updates because Microsoft sometimes pushes patches that only partially address a problem, creating a false sense of security, and then later re-issue them, push things like updates to Windows Media DRM as critical updates (it's not critical to me, Microsoft!), and release updates that go on to cause problems with other software or system stability in general.

    When I can trust Microsoft to apply only security updates to IE (or other components of my choosing), maybe I'll consider turning automatic updates back on. Maybe.

    • Re:Trust (Score:5, Interesting)

      by martin-boundary (547041) on Monday July 07, 2008 @02:32AM (#24080821)
      I'm not in favour of auto-update type features for software. IMHO, it's much better if the updates are integrated directly with the system package manager, so that all the software on a computer can be upgraded consistently and regularly.

      If users are asked to upgrade their software shortly after they've launched it, it's firstly an annoyance, but secondly it means that the software they don't launch regularly won't get updated regularly, and other software which might need to interoperate will fall out of sync with the new version.

      Perhaps it's time to define a standard package manager API (not a standard package manager, just an API available in all major languages), before we get a culture where every piece of software manages its own updates interactively?

      • Re: (Score:3, Informative)

        by setagllib (753300)

        http://packagekit.org/ [packagekit.org]

      • Re:Trust (Score:5, Insightful)

        by jsebrech (525647) on Monday July 07, 2008 @06:30AM (#24081679)

        You're approaching this too much from a geek's perspective. Updating "the system" is too esoteric for the majority of users. If the user has to be bothered with such a concept as a package manager, it's bad UI.

        Anyway, microsoft has a package manager, somewhat, and they have a consistent auto-update system that takes care of dependancies. And yet half of IE users use an old version.

        • Re:Trust (Score:5, Insightful)

          by Darkness404 (1287218) on Monday July 07, 2008 @08:09AM (#24082121)

          And yet half of IE users use an old version.

          Yes, but I'm sure that a lot of them prefer IE 6 to IE 7. For me IE 6 was good, rendered pages rather quickly, had a decent looking UI, sure it didn't have tabs, but that wasn't a big deal for me. I had seen IE 7 on another person's computer and I decided not to upgrade to it, it's UI was ugly and it seemed to be a bloated version of IE 6, sure it was more secure but really, when running a Windows box, security isn't that big of a deal. I later wiped the HD and installed Ubuntu.

      • Re:Trust (Score:4, Insightful)

        by houghi (78078) on Monday July 07, 2008 @06:56AM (#24081771)

        Such a standard exists not so much as a standard under Linux. Each distribution does this.
        The reason is that each distribution CAN do this because of GPL or other licenses.
        When you are talking about closed source, this will become almost impossible.

        Obviously Microsoft can do this for their own product. What if you run Opera and Photoshop as well? Microsoft can not be asked to do the updates for them, because they did not provide them.

        It could work with some sort of contract, but then there are companies who might not be able to get such a contract. This due to unwillingness at both sides.

    • Re:Trust (Score:5, Insightful)

      by quantumphaze (1245466) on Monday July 07, 2008 @02:33AM (#24080833)

      Not to mention Apple sneaking in Safari with an iTunes critical update and many programs having regressions in updates.

      Can we trust Apple not to issue a firmware update that makes the iPod stop working with 3rd party media players?

      I myself keep everything updated (as much as Ubuntu repos let me anyway). But things like kernel updates force my to recompile my wifi driver so I can understand how people don't upgrade.

      • Re: (Score:3, Informative)

        by setagllib (753300)

        Push to get your wireless driver into mainline or at least the Ubuntu modules package, so it will be re-integrated and distributed when new kernel versions are. All of my devices, including proprietary video drivers and wireless cards, are supported in Ubuntu's official packages because other thoughtful people already did this. I never have to compile, let alone recompile.

        • Re:Trust (Score:4, Informative)

          by quantumphaze (1245466) on Monday July 07, 2008 @03:23AM (#24081023)

          It is supported, just badly.

          It's an Atheros 5005G chipset, works fine with the supplied modules until I use WPA-EAP at university, where it will lock up the system every 2nd connection attempt. Compiling from source is the easiest way to fix it, but (back on topic) needs to be recompiled every kernel update.

          • Is there something about your compile-time options that can be moved upstream so that Ubuntu (and other users) can use it?

    • by antdude (79039)

      So what happens when Mozilla sends out a bad/buggy patch/update? I like to be notified about the updates and I will decide to get them or not.

      • Re:Trust (Score:5, Interesting)

        by DigitAl56K (805623) * on Monday July 07, 2008 @05:57AM (#24081563)

        When Mozilla sends out a buggy update, which has happened twice to my memory, a) it doesn't cripple the entire system, and b) there's a new version the next day. This goes back to my personal definition of trust: I don't necessarily expect a software vendor to be perfect 100% of the time. That's unrealistic. But I expect mistakes to be infrequent, non-severe, and for them to correct them quickly so that I'm not inconvenienced too much.

        OTOH when Microsoft sends out a buggy update you have to keep your fingers crossed for something to be available in a few weeks. I don't want to come across as anti-Microsoft, but realistically that's the difference between the two in my experience.

    • Portable Firefox (Score:4, Informative)

      by rvw (755107) on Monday July 07, 2008 @03:52AM (#24081135)
      When using Portable Firefox, the automatic updates installs the normal version when updating. This results in something you don't want. So I uncheck the automatic update, and do this manually.
    • by Yer Mum (570034)

      It's arguable that you're less secure if you use auto update in Firefox because you're running as administrator instead of as a limited user.

      If 83.3% run the latest version of Firefox on any given day, what percentage of people run as a limited user? A single digit number, probably.

      • Re: (Score:3, Insightful)

        by Darkness404 (1287218)
        Lets see... From installing Firefox 3 on my EEE from a directory in my home directory, I still am running at a limited user (as in not root) and can auto-update. You can auto-update just fine as long as Firefox isn't in your /usr/bin directory. And considering that just about every Linux user uses Firefox, I expect that just about every Linux user will run as a limited user.
    • Re: (Score:3, Interesting)

      by hairyfeet (841228)

      Not to mention that in the case of MSFT they abandoned some of their users. I know I personally have many users that are still quite happy with Win2K pro,and I still use Win2K pro on the machine I am typing this on. As an earlier poster said "if it ain't broke don't fix it". That is why I am glad that Firefox(along with Seamonkey,Kmeleon,and Opera) gives us that choice. With the economy in the toilet there ain't many folks around here with the money to go out and buy brand new machines.

      But thanks to the g

  • Understandable (Score:5, Insightful)

    by Morgor (542294) on Monday July 07, 2008 @01:26AM (#24080495) Homepage
    This is understandable, considering the level of obnoxiousness. Firefox gives you a discrete notice that it has downloaded an update, and you can choose not to install it right away, but instead having it installed next time you start firefox. Windows Updates are so damn obnoxious that I always consider turning it off and doing my updates manually. I know how to update my computer manually, but I suspect the bulk of users out there, just get frustrated about the constant bells and whistles of Windows Update, that they turn it off and leave it like that.
    • Re: (Score:3, Funny)

      by tobiasly (524456)

      Windows Updates are so damn obnoxious that I always consider turning it off and doing my updates manually.

      C'mon, what's so obnoxious about that little shield asking you every 5 minutes, "You need to reboot your PC because I just updated your web browser and a few other nonessential apps. You wanna reboot now? How about now? Huh? Can I reboot now? OK, if you don't reboot now, then the next time I ask I'll pop up the OK button right under where you were about to click and you'll lose all your work anyway..."

  • by taustin (171655) on Monday July 07, 2008 @01:27AM (#24080501) Homepage Journal

    When Microsoft has shit flashing on the screen automatically to remind you to do updates, it's evil intrusion in to one's privacy. But when Firefox does exactaly the same thing, they're God's gift to enlightenment.

    The reason most Firefox users use the most up to date version is that it's the only way to get rid of the annoying pop-ups.

    • Re:Usual drivel (Score:5, Informative)

      by Anonymous Coward on Monday July 07, 2008 @01:38AM (#24080567)
      But it doesn't do this, and that's the point. It merely pops up when you exit the software, and it doesn't have a death-clock countdown until the reboot that you need to interrupt to rescue any unsaved work (my main gripe with Windows update).
      • Re:Usual drivel (Score:5, Informative)

        by Hal_Porter (817932) on Monday July 07, 2008 @03:34AM (#24081061)

        In XP I found out you could type

        NET STOP WUAUSERV

        That stops the Windows Update service if you're not ready to reboot. When you do reboot the updates will be installed as a side effect.

        In Vista you can set it to download the updates automatically and only install them when you reboot - I've never seen a deathclock.

        • by nschubach (922175) on Monday July 07, 2008 @06:35AM (#24081701) Journal

          (I know I probably shouldn't say this... but I can't stop typing!)

          You see, this is why ____ will never make it. If I have to keep using these obscure command line fixes in order to make my system work the way I want, regular people will never use it.

        • by hedwards (940851)

          I'm going to have to try that, I find it incredibly annoying that the reminder will interrupt my games of Diablo to inform me that the update I didn't want it to start required a reboot.

          I suppose it's my fault for forgetting that MS chose such an insane default. But I shouldn't have my games ruined by a notification after I've put up with the significant performance drain that all that hard drive accessing resulted in.

          One of the bigger complaints I have about XP is that when I reinstall, I have to either sp

        • by One Childish N00b (780549) on Monday July 07, 2008 @07:05AM (#24081809) Homepage

          What?? Why should I have to type out arcane commands just to get basic functionality??

          If the answer to everything on Windows continues to start with "Just drop to a terminal...", it will /never/ be ready for the desktop!

          • Re:Usual drivel (Score:4, Insightful)

            by drinkypoo (153816) <martin.espinoza@gmail.com> on Monday July 07, 2008 @09:04AM (#24082547) Homepage Journal

            Actually, the Windows XP way is to run "Computer Management", then go to "Services" and stop the appropriate service. Computer Management is found inside Administrative Tools, which by default appears in Control Panel. You can also make it appear in other locations. No idea where they put it in Vista, but it makes actual logical sense in Windows XP. I'm not really sure what they were thinking, changing the XP GUI layout so much.

            Microsoft is way way WAY behind the curve on basically everything but market position, but boy did they get XP right (for a very Microsoftian value of "right".)

      • Re: (Score:3, Funny)

        by n3tcat (664243)
        The death clock is rare. Usually after windows update it'll just tell you every 5 minutes that you still haven't rebooted. The death clock you're probably thinking of is reserved for those times when they can tell you are actually doing important stuff on your computer.
      • by hairyfeet (841228)
        Oh,and it doesn't try to say that crapware like WGA is a "critical" update either. I have legit Windows on my machines but I'm not jumping through their hoops to prove it,thank you very much. And it seemed like every time there was a new version of WGA out it would put itself back in the critical list. At least when I autoupdate Firefox all I get are things the developers honestly think will make the software better. But as always this is my 02c,YMMV
    • by arotenbe (1203922) on Monday July 07, 2008 @01:52AM (#24080621) Journal

      When Microsoft has shit flashing on the screen automatically to remind you to do updates, it's evil intrusion in to one's privacy. But when Firefox does exactaly the same thing, they're God's gift to enlightenment.

      Firefox requires you to restart your browser, but Windows requires you to restart your whole computer.

      Then again, with Firefox it takes just as long...

      • by Artuir (1226648) on Monday July 07, 2008 @02:11AM (#24080719)

        What computer are you using, Babbage's Difference Engine?

      • Re: (Score:3, Insightful)

        I know you were joking, but: (1) You can tell Firefox you'll restart later AND IT LISTENS TO YOU. You don't have to worry about it restarting randomly in the middle of a Counter Strike league match or some such. (2) When Firefox restarts, you're given nearly the same situation you left it in. Worst comes to worst you have to re-find where your youtube video was. When Windows restarts you're left crying 'cuz you're out for the season. (Yes, a few years back Windows did restarting during a CAL match. No
    • Re:Usual drivel (Score:5, Insightful)

      by SpaceLifeForm (228190) on Monday July 07, 2008 @01:54AM (#24080629)
      The difference is that when Firefox has an update, it is for the browser. When Microsoft has an update, it is for the

      Oh, wait.

    • Opera has annoying popups as well for updating, which generally appear upon loading and ask, "Do you want to update to x.xx?" I guess it's just not quite as pesky as Firefox's. I've only used Safari a few times, but last I recall, I had to manually go to the site to update it. I guess Apple is pretty confident or doesn't care if users (at least on its Windows version) update. No idea how updates go for the Mac version.

      • Re:Usual drivel (Score:4, Informative)

        by beelsebob (529313) on Monday July 07, 2008 @02:16AM (#24080737)

        Safari uses the same update method as all apple's software -- in OS X it uses the built in software update mechanism, and in Windows, it uses a port of that mechanism. It's about as annoying as all the others (except windows update, because it doesn't pop up every 5 minutes, and it doesn't have a death clock before destroying all your work by restarting).

        • by jimicus (737525)

          and it doesn't have a death clock before destroying all your work by restarting).

          You know something? It's even worse than that.

          You can disable auto-reboot as part of group policy - perhaps have a scheduled task do the job overnight or something. However, it is still possible for an update to override group policy and say "No, reboot now".

          Net result - even if you're doing everything in your power to administer a bunch of Windows machines properly, you are more-or-less guaranteed to still get the occasional

    • Re: (Score:3, Interesting)

      by Gnavpot (708731)

      When Microsoft has shit flashing on the screen automatically to remind you to do updates, it's evil intrusion in to one's privacy. But when Firefox does exactaly the same thing, they're God's gift to enlightenment.

      I would wish that Firefox had shit flashing on the screen automatically.

      Unfortunately, it only does so if I run Windows as a user with administrative privileges or have Firefox installed in an alternate location where I have write access.

      As a limited user, I don't even get a message that it is t

      • Re: (Score:3, Insightful)

        by hedwards (940851)

        Unlikely, anybody knowledgeable enough to not be running an admin account in Windows is knowledgeable enough to know when a new version is out.

        I suppose it's possible, but considering the many applications that don't work right as a non-admin user, I'd be surprised if those people were the ones not updating.

    • Re: (Score:3, Informative)

      by Nikademus (631739) *

      The reason most Firefox users use the most up to date version is that it's the only way to get rid of the annoying pop-ups.

       

      Go to "preferences" -> "advanced" -> "updates", uncheck "check for updates to firefox" and no pop up anymore, very hard indeed

    • Unlike Windows Update, Firefox warns you exactly once per program startup, and only if you haven't disabled it. Firefox can also automatize this in the background without you ever noticing until you start the application again; Windows Update not only behaves obnoxiously, but it forces you into immediate system reboots.

      Windows Update can be disabled too, but unless you really take steps, Windows warns you about every 10 minutes that you should turn it back on.

    • by Tom (822)

      Actually, the difference is that MS flashes shit in your face in the most obnoxious way. It'll happily interrupt your full-screen application just to tell you that there are new updates available, then again to tell you that it has finished downloading them, and then it'll bugger you every few minutes if you want to restart the computer now or later. It does not provide a "stop buggering me" button, or as it should be named after the 5th or so interruption: "Go fuck yourself in a corner, you stupid $%#$

  • This makes sense (Score:3, Interesting)

    by The Ancients (626689) on Monday July 07, 2008 @01:28AM (#24080509) Homepage

    It's rational fear of the unknown.

    I've never had a Firefox or Safari issue toast my machine. I've had IE updates do it twice before (on different machines).

    I just don't see how a browser can cause such mayhem to the OS - considering it's the browser that supposedly runs inside the OS, and not the other way around.

    Well ok, I can. To rephrase: I don't see how a browser should cause such mayhem to the OS.

    • Re:This makes sense (Score:5, Informative)

      by techno-vampire (666512) on Monday July 07, 2008 @02:26AM (#24080787) Homepage
      I just don't see how a browser can cause such mayhem to the OS

      It's easy when you consider that Internet Explorer and Windows Explorer are the same program. I remember back when IE 5 came out. If the upgrade program failed in just the right way you would reboot to a blank desktop with no icons, no task bar, no way out except the power switch or reset button. You had to reboot in DOS, edit win.ini to use progman instead of explorer, enter Windows and revert to the previous version of IE. (Sometimes progman didn't even work right. I found it much easier to use control.exe as the shell, because that brought up control panel, which was exactly what was needed.) Then, you had to restart in MS-DOS mode, undo the change to win.ini so that you could go back into Windows and try again. That is, if the tech support person you called knew what the problem was and how to fix it. If not, you were pretty much hosed until you re-installed Windows.

  • You happy now? (Score:2, Offtopic)

    by kramulous (977841) *
    There, I finally upgraded to FF3 on my FC8 box. You happy now?
    • If 83.3% of Firefox users are deemed to be using the 'most secure' version, then that definition probably means they're using either Firefox 2.0.0.15 or Firefox 3.0.0 as opposed to any earlier version. So you'd be fine with Firefox 2.0.0.15, which is exactly what I'm using right now.

  • the reason (Score:5, Insightful)

    by Anonymous Coward on Monday July 07, 2008 @01:35AM (#24080545)

    The majority of IE users use IE "because it's there." These people see no reason to download a different browser because one is already provided for them. These are the same people that usually end up relying on Automatic Updates to secure their browser, in most cases not even aware that these updates were taking place to begin with. Chances are that these people don't know that their browser even has updates, much less that they are running an insecure, outdated browser.

    Users of alternative browsers, by contrast, use their browser deliberately. They know that IE is there, but they blatantly decide to go against the tide and use something else. Whatever the reason for this depends on the user, but most of them share this common trait. Said browsers can't use Automatic Updates, so they must have their own update checking mechanisms in place. Every alternative browser I've used will check every so often for an update and display a pop-up for the user. The user then knows that their browser is out-of-date. Such users also tend to want the latest version, again for various reasons. Firefox is a bit more aggressive that most, downloading the update by default and installing it regardless of whether the user chooses to have it done now or later, which better explains its higher percentage.

  • by eccenthink (1312043) on Monday July 07, 2008 @01:36AM (#24080555)
    Where I work we had IE 7 a couple years ago but the corporate intranet didn't work properly or IT didn't want to support it or something so I'm forced to use IE 6. I couldn't update IE if I wanted to on the computer where I work. I use firefox at home but I go to quite a few websites during my lunch break. Unless they're filtering out IP's from corporate domains I suspect the results of the study are skewed by users surfing while at work.
    • by barista (587936) on Monday July 07, 2008 @01:58AM (#24080653) Homepage
      An organization affiliated with ours has some web apps that only work with IE6, so I leave that on most machines in our department. It was over a year after IE6 came out before they supported that, so I figure it is a matter of time before they support IE7...probably when IE8 comes out. Many of the users in my department wouldn't know what their default browser is if I asked them. They would say it's, "the Internet". All they know is whether it works or not. If it works, that's all that matters.

      FWIW, this type of situation might be one of the (many) reasons why Vista hasn't been widely deployed in enterprise (not as widely as XP, anyway). I don't think IE6 is available for Vista, so apps that don't work with IE7 would give some companies yet another reason to think about holding off on deploying Vista.
  • by iminplaya (723125) <iminplaya.gmail@com> on Monday July 07, 2008 @01:38AM (#24080565) Journal

    If I spend all my time keeping up with upgrades, I won't have any time left to actually use my damn computer. And sometimes an older version works better for me. All that automatic crap is turned off. My disks are backed up...I think... I'll upgrade if something breaks. I hope you're ok with that.

  • by Legion_SB (1300215) on Monday July 07, 2008 @01:47AM (#24080605) Homepage

    Between January 2007 and June 2008, less than half of IE users - 47.6 percent - were running the most secure browser version during the same time period.

    That many people still run IE 2.0?

    • by hedwards (940851)

      I believe they're referring to the browser that came with Prodigy. I can't recall the last time that thing had a browser exploit, it must have been years ago at this point.

  • I'm not sure why they couldn't have the update option for version 2.xx at least offer the option to update to version 3. It just kept telling me there were no new updates available. I wouldn't call it 'single click' at all.

    • by Anonymous Coward on Monday July 07, 2008 @02:22AM (#24080759)

      I'm not sure why they couldn't have the .update option for version 2.xx at least offer the option to update to version 3. It just kept telling me there were no new updates available. I wouldn't call it 'single click' at all.

      The option to update to Firefox 3 instead of another security minor version of Firefox 2 (which will still get security updates till the end of the year) hasn't been turned on at the server end yet, and will likely only be done at the next minor version update, like Firefox 3.0.1 or later.
      THEN, you'll have a single click.

  • by heroine (1220) on Monday July 07, 2008 @02:08AM (#24080701) Homepage

    Well I still use version 1.5.0.12. Just minimize those annoying upgrade popups every time they pop up. 10 clicks & they just give an error & next day it's another popup for another upgrade. You mean those weren't advertizements? Well, probably just destroyed someone's TimeWarner stock.

  • by suck_burners_rice (1258684) on Monday July 07, 2008 @02:12AM (#24080725)
    Now that it's mentioned, there really is something about Firefox's update feature that gets you to install and use the latest version. Maybe it's that it's so easy and doesn't mess up anything, e.g., by making drastic changes to the appearance of the browser, etc. I would say that most of the nearly 20% who are running outdated versions are probably the paranoid type who think that updating their software will mean introducing problems, you know, the "if it ain't broke, don't fix it." But this study is totally correct: Of all the browsers, Firefox makes updating the easiest.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      For at least some of those cases, the reason why we don't update is because Firefox doesn't tell us when an updated version is available when we're running as limited users (i.e. not root). I don't know how it works on other OSes, but in Windows XP, if you don't have write access to the Firefox directory, it won't even notify you that an update is available. Sometimes I don't find out until a month or two after the update is released that it even exists. It's ironic that a user who tries to run more securel

  • by Chambers81 (613839) on Monday July 07, 2008 @02:16AM (#24080733)
    It seems that corporate/government users don't have as much of a choice in when to update their browsers and a good number don't have the choice to switch to firefox and are forced to use IE. I know that at my job (government) we can't update on our own and are forced to wait for the IT staff to push the updates through, sometimes days or weeks after they become available.
    • Re: (Score:3, Informative)

      by Bogtha (906264)

      It seems that corporate/government users don't have as much of a choice in when to update their browsers

      It's not just corporate users. It's everybody who isn't running XP or higher. For a huge number of people, upgrading to the most recent version of Internet Explorer means buying a new operating system. Of course there are a lot of people who aren't upgrading. It's one of the consequences of Microsoft tying Internet Explorer to Windows so tightly. To upgrade to Internet Explorer 7, you need to tak

  • Were live-CD browser like firefox taken into account ? I have been using Gutsy Gibbon live CD for a long time, and it is naturally not an updated version, which anyway I would not care for since there is nothing to exploit on my CD. Same for all people browsing from a VM.
  • by linzeal (197905) on Monday July 07, 2008 @02:45AM (#24080869) Homepage Journal
    Firefox developers heed my call. Stop making security updates optional past a certain version.

    Web developers heed my call. Stop making websites accept security corrupting browsers because half the time they are pry zombies. Look at your logs and see the rate at which these computers increase revenue. Drop them at whatever delta you think prudent.

    • by hedwards (940851)

      That's not practical, one of the parts of a proper security policy is to not have information like that leaking to an unknown server. Last time I checked, none of that information was making it through my firewalls. I'd be blocked, even though I'm completely up to date. As would anybody with a less popular browser.

      I know that right now IE is broken enough that websites have to test to for it in order to get things to look right, but there's really no reason why anything beyond the browser type and major rel

  • User group (Score:3, Insightful)

    by Lord Lode (1290856) on Monday July 07, 2008 @03:03AM (#24080941)
    Firefox users are already going to be people who care more about what software they're using and security. IE users are everyone who doesn't really care and never actually chose what browser to use, everyone who doesn't know too much about computers and on top those who do care and chose IE, but those are only a minority of the IE user group. So it's logical that in the firefox user group people are going to update faster, it's not directly related to the browser but to the user group.
  • Corporate policy? (Score:2, Interesting)

    by ZipOtter (1272760)
    I wonder how much of that 47.6% figure is due to corporate IT departments refusing or unable to roll out newer versions of IE. I work on a fairly popular european website, with close to half of its IE users (around 25% total) still using IE 6. Site usage spikes around noon with a sharp dropoff on the weekend, suggesting that people browse it from work. So I did a quick internal survey in my (tech) company and found that outside of IT and Software Development, almost everyone was still using Windows 2000, w
  • Old Firefox usage (Score:5, Insightful)

    by IBBoard (1128019) on Monday July 07, 2008 @03:20AM (#24081011) Homepage

    I wonder how much of the old Firefox usage is old installs in Linux? You can't use the built-in updater if you installed the RPM/DEB because the permissions are (or should be) wrong for letting you write to the folder. AFAIK there's only a few distros who have moved to Firefox 3 so far, so the rest would be showing up as out-dated.

    Similarly for Windows, if they're counting Firefox 3 as "up to date" then how many people are still on old v2s because they don't know about v3?

    • by belmolis (702863)

      True. There is also the fact that Firefox is not self-contained. I can't install Firefox 3 yet because it needs a more recent version of something (pango? - I forget) than I have installed. And I can't update that because various other things are out of date. So I'll install Firefox 3 when I update the whole system soon.

    • The same applies to Windows and other OS's. I'm seeing NT 4.x boxes still in use, and they have not a chance of running an up-to-date Internet Explorer. (Those machines are in de-militarized zones and protected from user access: the softwae is just too painful to move yet.)
  • Meh (Score:3, Insightful)

    by Alarindris (1253418) on Monday July 07, 2008 @03:25AM (#24081029)
    Newer is NOT always better.

    Anyone who uses linux should know this.

    For example, wine v0.9.58 works perfectly for me; I blindly updated to .59 only to find that ctrl/shift + mouse clicks were bugged, therefore screwing me in WoW. Had to revert back.

    Usually, updates are a good thing, but not always.
  • I use Camino [caminobrowser.org] as my browser on my Mac and choose to leave the home page as the default "Camino Start" page. Its very minimalist, just shows a small Google search box, and a link to the latest version which changes colour to red if my version is outdated.

    No in-your-face messages, no irritating popups, no external syncing software... though I guess it only works if you keep it as your home page. Makes sense to use a feature that's built into every web browser (sarcasm aside): the ability to load a web page!

  • Most people in big companies cannot update their IExplorer. Updates come through when IT have verified them. It's a trade off between the security risk of an old browser and the risk of breaking the entire company if the update is bad. Most BIG COMPANIES use IExplorer. Nothing to see here folks.
    • by Ash-Fox (726320)

      Most people in big companies cannot update their IExplorer. Updates come through when IT have verified them. It's a trade off between the security risk of an old browser and the risk of breaking the entire company if the update is bad. Most BIG COMPANIES use IExplorer. Nothing to see here folks.

      Majority of website visitors tend to come from home internet connections, not business, so this is mostly irrelevant in my eyes. That said, I am not aware of any large companies that haven't upgraded IE to version 7.

  • by QJimbo (779370) on Monday July 07, 2008 @06:25AM (#24081663)

    Out of curiosity, what percentage of the internet is still on Dialup?

    I find that autoupdates are impossible over a dialup connection so I switch them off. I'm willing to bet that this is the most common reason for people using an old version of Firefox.

  • fanbois (Score:2, Interesting)

    by thc4k (951561)

    I think this just shows that firefox user are, just like my fellow opera users, just a bunch of browser fanbois. Hell, i even run weekly snapshot builds of opera for no reason. IE users dont care about the browser in the first place, Safari isn't something Mac users chose to use because it's so great either. So why would they bother updating all the time?
    So in conclusion, this study shows: If you chose to use some special software, you will update it when you use it. Big suprise ...

  • by lseltzer (311306) on Monday July 07, 2008 @07:02AM (#24081793)

    (Warning: Self-promotion)

    In my eWEEK column on this study [eweek.com] I point out numerous problems with it. Many have been mentioned by others.

    The main issue is that the study is based on user-agent string data from Google's logs, and Microsoft does not supply minor version information in that string, unlike Firefox, Safari and others. Microsoft considers this to be an "information disclosure vulnerability" because it would help an attacker to commit version-specific attacks.

    Because of this, the authors only know about IE major versions (5, 6. 7, 8) and decided that all IE7 users were secure, while nobody else was. Microsoft is still providing security updates for IE5 and IE6; while they are not as secure as IE7 for a variety of reasons, it's not reasonable to lump them into a group with people who don't update their browser. Conversely, if you have IE7 and haven't applied any of the security updates to it, the study says you're up to date.

    Be that as it may, as others have said, the issue here is that business users use IE and the other browsers have minimal footprint in it. Firefox, by default, has no support for managed updates, and IT in a big company would (make that should) never allow users to apply updates willy-nilly to their systems. Another point is that while Microsoft supports old version for years, at the demand of their customers, Mozilla withdraws all support for old versions within 6 months of a new one being released. In fact, support for Firefox 2 will end in December of this year. Businesses won't tolerate this. IE5 support on Windows 2000 will continue till 2010 and IE6 as late as 2015.

Lend money to a bad debtor and he will hate you.

Working...