Internet Users Not Updating Browser 409
Jackson writes "Security researchers from ETH Zurich, Google, and IBM Internet Security Systems have shown that more than 600 million Internet users don't use the latest version of their browser. The researchers' paper, shows that as of June 2008, only 59.1 percent of Internet users worldwide use the latest major version of their preferred web browser.
Suggestions have also been made to inform users that their browser is out of date."
So a better title would be.. (Score:5, Insightful)
And these same users are probably happily using windows 98 on their Pentium II's, and don't give a damn about having the most shiny, newest toy.
Maybe they *can't* upgrade (Score:5, Insightful)
Large numbers of corporate users are at the mercy of the IT department's update/upgrade schedule. In my environment, there are a large number of applications that will break if IE7 is installed, and the schedule to update and test those dependencies is lengthy.
Furthermore, we've spent so much time training users to ignore messages that say "Your $FOO is out of date! Click here to install the latest version because it's almost always malware, and now you want to turn around and do the exact opposite?
Firefox vs. IE (Score:5, Insightful)
If you have automatic updates turned on in Windows, they automatically update as well.
However, most people I know turn off automatic updates because it can be so obnoxious. Many folks also disable the BITS service because of the process overhead it chews up.
It's the difference between being a virtually seamless integration (like Firefox) or an overly-obtrusive integration that eats up system resources.
For instance - firefox tells you when you go to close the program that there are updates ready. Microsoft pops a little icon that #1 interrupts what you are doing #2 may very well crash the machine or lock it up if it happens while you're playing a game, etc. Remember that letter Gates sent about usability? It's the key in this case, I think.
I also wonder if this took business users into account - I can't update because my IT department won't let me. I doubt that would be different if we were using Firefox or Opera rather than IE.
Only 59.1%? (Score:5, Insightful)
No point in updating IE6 (Score:2, Insightful)
In the case of Internet Explorer 7, there are reasons not to upgrade to it over version 6. I use IE6 only for the websites that don't work properly in Firefox and I am not interested in the additional integration that IE7 provides. A person concerned with security wouldn't use an integrated browser in the first place.
By the way, Microsoft does remind me that IE6 is out of date every chance that it gets.
Any idea... (Score:3, Insightful)
How many FF2 users just hate "AwsomeBar"?
Last I checked, FF2 security updates were still being pushed automatically, so what's the big deal about using 2.x over 3.0?
Browsers at work (Score:3, Insightful)
What about your browsers that are provided by your IT department of your company?
I work in pretty large company and our IT dept. have disabled auto-updates from XP, Firefox and so on. Then they push updates to users when needed.
Above works fine in my company, but what about those companies with similar policies and non-existing or incompetent IT department? Browsing tubes all day long with old versions.
Re:No point in updating IE6 (Score:5, Insightful)
Please, for the love of all that's holy, upgrade to IE7.
Once IE6 installations get down below a certain point, we won't have to spend crazy amounts of time rewriting web pages so they *also* work in IE6.
Do they count IE 6.latest or FoxPro 2.latest? (Score:2, Insightful)
If they say "IE 6.latest" or "Foxpro 2.latest" doesn't count as "latest" and those versions have no known unpatched vulnerabilities not shared by IE 7.latest or Foxpro 3.latest then they aren't counting properly.
There are good reasons not to do a major version upgrade the first few months it is out, but a prerequisite is that your existing browser continue to get security patches.
Re:What do you expect? (Score:4, Insightful)
no Firefox-3.x (Score:3, Insightful)
Firefox-2.0.0.16 with NoScript and without any plugins - for general purpose web browsing...
Seamonkey-1.1.11 with all the plugins, flash, java & mplayerplug-in - used only at trusted websites and only when there is media I want to see (used rarely) and Seamonkey for email too (I dont like thunderbird enough to use it)...
I don't really like Firefox-3.x because of the way it is being developed which is starting to look like feature creep is going to bloat it up, I would like to see it forked and have the fat trimmed off of it more, make it like dillo only better, if I was a clever code monkey genius I would grab the source for Firefox-3.x and fork it myself and trim it down to something like Firefox-1.x or 2.x (or a little leaner)...
Re:How many are IE6? (Score:5, Insightful)
Even if you do not explicitly use Internet Explorer for browsing, you should upgrade it as it is a core part of the Windows Kernel.
That is another part about IE that I have issues with. Why make a web browser part of the OS? It makes very little sense. It should, at most, be a bloated application that I could uninstall at whim. But no! It has to totally screw with everything else. As it is now, I specify Firefox as the default browser and disable access to IE. It doesn't matter which version of IE, I'm still not using it.
Not that I recommend Norton products, still...
Thanks to a run-in with their overly-aggressive virus scanning process (that can't be turned off) I no longer use Norton home products. Their corporate/enterprise software that I use at work is waaaaaay better.
If it works? (Score:2, Insightful)
Conclusions? The (not actually) hidden message? (Score:2, Insightful)
Re:Any idea... (Score:5, Insightful)
Awesome Bar was a feature I wasn't even aware of until FF3 went gold, but it was as appreciated and innovative as it was unexpected. Words are for people, DNS names are for computers.
I am not going to upgrade to Fire Fox 3 (Score:3, Insightful)
Upgrades are not free (Score:2, Insightful)
Opera users have upgraded, then reverted to 9.27 (Score:3, Insightful)
Re:Maybe they *can't* upgrade (Score:1, Insightful)
I second that.
I work as a developer for a fairly large industrial company and we're mainly using Microsoft products. We have a lot of in house developed software to support the manufacturing process (post processors, automated bits for CAD/CAM systems etc). Being one of the developers in the company, I get to update and test new versions of IE and windows before being rolled out to the thousands of regular users.
Almost every time a new windows patch or IE version hits the street, some of our applications break, and quite a lot of these applications are essential to our business, and I'm not talking about essential to the guys sitting in the offices doing powerpoints all day. I'm talking about applications generating the data used to actually manufacture the products we sell.
The cost of testing and maintaining software has been rising steadily. The problem is that software creators rather see us footing the cost than making software that isn't fundamentally flawed from a security point of view.
-- Lars
Re:Do they count IE 6.latest or FoxPro 2.latest? (Score:5, Insightful)
If they say "IE 6.latest" or "Foxpro 2.latest" doesn't count as "latest" and those versions have no known unpatched vulnerabilities not shared by IE 7.latest or Foxpro 3.latest then they aren't counting properly.
I agree. dBASE III works just fine for me, and I see no reason to update to dBASE IV when Ashton Tate currently provides the same level of support for both.
Re:How many of those users CAN upgrade? (Score:5, Insightful)
Firefox 2.0 is just as current as 3.0, and will be until the end of this year. Anyone who says differently is selling something.
Re:Maybe they *can't* upgrade (Score:4, Insightful)
Wait, your server is so bad that is crashes when it's accessed by Firefox?! And you're blaming FIREFOX for that?!!
Update? Really? (Score:1, Insightful)
Most people simply don't care.
I am quite sick of having $FOO need updated, upgraded, renewed and/or replaced because it is no longer supported.
The "browser" should not *have* to be replaced for relatively _long_ periods. Security and Critical (and I mean this in the tightest of interpretations) should be invisible, seamless, and automatic by default, something like some browsers have already. Further, a feature upgrade channel should be defined and configurable that would again be user configurable.
Bottom line, browsers are being pushed out too often. Most people just want it to work, period, and any upgrades updates features plug-ins etc etc etc are more a hassle than anything else.
One more thing; resources.
The browser (when using less than an average multi-task load of 4-6 windows or 4-6 tabs) should not use excessive system resources. Excessive is more than 10-14%, based again on 4-6 items running and not exceeding this limitation.
Re:How many of those users CAN upgrade? (Score:3, Insightful)
Re:How many of those users CAN upgrade? (Score:1, Insightful)
Am I missing something or why couldn't this be done with virtual machines instead of relying on fundamentally broken and unsupported software?
Re:Why *should* people update? (Score:3, Insightful)
...and when Firefox 5 is out, people will say the same about Firefox 3 users. "OMG security vulnerabilities have fun browsing on your sieve."
People said the same thing about 1 vs 1.5 as well. You HAVE to upgrade to 1.5 because it's the secure version and it doesn't have all those security holes.
What's the difference?
Is that a serious question?
Did you look at the links I gave?
Time is the difference. Those lists list known vulnerabilities. They are in those versions of Firefox, and some are actively exploited by malicious websites, right now.
Those lists get longer with time due to exposure of the software to a curious public. I can guarantee you that a lot of the unknown vulnerabilities in Firefox 3 will have become
very well known ones by the time Firefox 5 will be out.
That's what emulators are for. (Score:4, Insightful)
Someone whose business applications only run on Windows 95/98 or ME
...can run existing Windows 95/98 or ME licenses in a virtual machine.
Re:How many of those users CAN upgrade? (Score:4, Insightful)
While Firefox 3 chose to abandon Windows 95 compatibility, Firefox 2 is still being patched and maintained. Unlike the IE6 users of Windows 95, who no longer get MS patches.
If you're running an OS thats 13 years old, you have much bigger issues than running the latest web browser.
Join the TNAA!!! (Score:3, Insightful)
Do you hate twitter? Do you loath Slashdot? Are you a total fuckwad? Then join the Twitter Negation Association of America (TNAA) and help ruin Slashdot. How does it work? Easy:
The point is to increase noise to signal ratios. Join today!
Re:Maybe they *can't* upgrade (Score:3, Insightful)
No thats the failing of an admin too. A lot of this stuff can be traced with filemon and other tools. Then just update GPO to give them whatever rights they need. Then bug your vendor so they sell you software that fits your security model.