Internet Users Not Updating Browser 409
Jackson writes "Security researchers from ETH Zurich, Google, and IBM Internet Security Systems have shown that more than 600 million Internet users don't use the latest version of their browser. The researchers' paper, shows that as of June 2008, only 59.1 percent of Internet users worldwide use the latest major version of their preferred web browser.
Suggestions have also been made to inform users that their browser is out of date."
How many are IE6? (Score:5, Informative)
I wonder how many of those are IE6, which a lot of people use because they CAN'T upgrade to IE7.
And as an above commenter pointed out, I highly doubt they factored in that some OS's can't actually run the latest version of their browser.
Re:How many of those users CAN upgrade? (Score:5, Informative)
Windows 9x users cannot use the latest version of Firefox either [slashdot.org].
Re:How many of those users CAN upgrade? (Score:5, Informative)
They can still upgrade to Opera, which supports down to Windows 95.
Re:How many of those users CAN upgrade? (Score:5, Informative)
Re:How many are IE6? (Score:5, Informative)
Even if you do not explicitly use Internet Explorer for browsing, you should upgrade it as it is a core part of the Windows Kernel.
Internet Explorer it is used behind the scenes in many places; the eye-candy interfaces of most Norton products, for example, runs on the IE engine.
Not that I recommend Norton products, still...
Re:How many of those users CAN upgrade? (Score:3, Informative)
I would have assumed that Windows ME users were pretty much screwed from the beginning.
As I recall, current versions of Firefox 2 will still run on anything newer than Windows 95. It's just the 3.0 branch which dropped support for 98 and ME.
Re:How many of those users CAN upgrade? (Score:4, Informative)
Neither can Vista users.
Both Firefox and Thunderbird refuse to update automatically under certain conditions (not running under Admin all the time as one of those conditions). Fixing it is more or less a PITA, too. I haven't done it yet, so I can hardly expect, for instance, my grandmother to do it.
Re:Any idea... (Score:1, Informative)
How many FF2 users just hate "AwsomeBar"?
Last I checked, FF2 security updates were still being pushed automatically, so what's the big deal about using 2.x over 3.0?
Exactly I'm not upgrading to FF3.0 until the option to turn off the "AwfulBar" and un-unify the back/forward arrows.
Re:How many of those users CAN upgrade? (Score:5, Informative)
While Firefox 3 chose to abandon Windows 95 compatibility, Firefox 2 is still being patched and maintained.
Unlike the IE6 users of Windows 95, who no longer get MS patches.
Re:How many of those users CAN upgrade? (Score:5, Informative)
Who in their right mind have a computer online with Windows 95/98 or ME on it?
Someone whose business applications only run on Windows 95/98 or ME, and either there is no upgraded version of it (maybe the vendor went out of business) or the upgrade doesn't convert the old data, or doesn't have a feature being used, or otherwise isn't workable.
Yes there is a point (Score:5, Informative)
Not upgrading to IE7 because you don't "use" it is dangerous. Because, as you mentioned, IE is closely integrated into the operating system, its components can be used by other applications regardless of whether you click the blue 'E' icon or not. Any Windows application that has the ability to handle HTML content is likely to use some IE components. So if IE is not fully up to date, these other applications can put you at risk.
So, for example, vulnerabilities that only affect IE6 may affect other applications that use the relevant IE components for HTML rendering (think email, IM, etc.). Such as:
http://www.kb.cert.org/vuls/id/923508 [cert.org]
Or, even better... A recent Safari for Windows vulnerability:
http://www.kb.cert.org/vuls/id/127185 [cert.org]
Safari, a "stand-alone" web browser, is actually at a higher risk on systems with IE6 as opposed to IE7.
As with any software on your computer, you should upgrade it whether you *think* you use it or not.
Re:How many are IE6? (Score:3, Informative)
Every version of Internet Explorer in recent history has exported a COM interface. This makes it trivial for a Win32 developer to add web rendering support to an application - you just hook the interfaces Internet Explorer provides, and *bam!* HTML rendering!
This is why it's difficult (and why you're not "supposed" to) remove Internet Explorer - a lot of applications use it, even if it's just one function call to process a blue hyperlink in their help-about.
That's also why it's a good idea to upgrade it. "Core part of the Windows kernel" is a bit far, but that's the right idea - lots of programs take the two-lines-of-code solution to link with something guaranteed to be on 99.9% of Windows boxes rather than writing their own browsing engine around Webkit.
Re:How many of those users CAN upgrade? (Score:2, Informative)
Re:Firefox vs. IE (Score:3, Informative)
Actually, I'm trying to figure this out on my mac. Last night I got the update popup. I clicked yes and realized I was not an admin. I waited for it to prompt me for my admin user/pass or just error out, but it said it completed successfully.
I'm really confused.
Re:Maybe they *can't* upgrade (Score:5, Informative)
If using a different Web browser to access a server causes it to crash, you have more serious things to worry about, like finding another vendor that doesn't write software that takes down your server when it's accessed in a perfectly reasonable manner.
Re:Firefox vs. IE (Score:2, Informative)
Since they're continuing to patch and maintain FF2, they're not forcing people to upgrade to FF3. You'll continue to get patches and security updates for FF2 until they decide to (a) stop maintaining it or (b) get people like you to upgrade, which isn't really critical since FF2 will continue to be a secure browser.
Re:Why *should* people update? (Score:3, Informative)
Suggestions have also been made to inform users that their browser is out of date.
Why? I know I run an out-of-date browser (FF1.5), and just don't care.
Well, you should [mozilla.org].
Most of those issues are present in earlier versions as well, as stated on the vulnerabilities page for 1.5
Have a look at http://www.mozilla.org/security/known-vulnerabilities/ [mozilla.org] - and have fun browsing on with your sieve.
Re:How many of those users CAN upgrade? (Score:4, Informative)
And I'm pretty sure FF3 still works on Windows 2000 which just barely beats out Linux in popularity.
FF3 works in Windows 2000. I installed it last month on an older computer, and it is used daily as the default browser.
Re:How many of those users CAN upgrade? (Score:2, Informative)
If you're having connection speed issues that seem to arise especially doing name lookups or connection initiation, you might try disabling IPv6. If you have IPv6 installed, but your hardware/software doesn't support it somewhere along the line, you can waste a lot of time doing IPv6 lookups.
Corporate users (Score:4, Informative)
Re:How many are IE6? (Score:3, Informative)
Why yes, who could possibly have any use for a high-quality HTML renderer anywhere but in the browser.
This is the problem, though. Internet Explorer has never been - and still isn't - a high quality HTML renderer. It's sub-standard on performance, and still woefully sub-standard on the actual rendering.