Internet Users Not Updating Browser 409
Jackson writes "Security researchers from ETH Zurich, Google, and IBM Internet Security Systems have shown that more than 600 million Internet users don't use the latest version of their browser. The researchers' paper, shows that as of June 2008, only 59.1 percent of Internet users worldwide use the latest major version of their preferred web browser.
Suggestions have also been made to inform users that their browser is out of date."
How many of those users CAN upgrade? (Score:5, Interesting)
If you're running Win9x/2000, you can't upgrade to the latest version of Internet Explorer.
What do you expect? (Score:0, Interesting)
A lot of people simply don't want to change, for whatever reason. Its just the nature of stubbornness, the mentality "If it isn't broke, don't fix it.". If we all followed that mentality, we'd still be using candles/torches for our only portable light source.
Re:How many are IE6? (Score:4, Interesting)
I wonder how many of those are IE6, which a lot of people use because they CAN'T upgrade to IE7.
Can't? More like won't for me.
I really don't know what it was. May its the fact that IE7 always ran sluggish for me or the fact that Firefox and Opera run so much quicker and with fewer crashes.
IE7 was my last straw when it came to Microsoft applications.
A good chuck of that 52% is corporate policy. (Score:5, Interesting)
The IT drones at my employer rigidly demand that all company machines must run IE6. They've coded all their intranet applications solely for that version and by god they will not budge. Firefox is forbidden as a "security risk" and no where to be seen is IE7. Fortunately for me I work on Linux based projects and and run what I please.
Murphy Was an Optimist (Score:3, Interesting)
Boring "security" (Score:4, Interesting)
- encryption
- steganography
- signatures
- passwords and
- access control lists.
That is cool maths and tech. Stuff that matters. How disappointed I get when the "security researchers" write about, not interesting security measures, but just how the security is implemented. Boring, that's sociology! Making sure your users use secure software is important and all, but it's not something I want to read about on Slashdot. I want my old geeky Slashdot back!
Re:How many of those users CAN upgrade? (Score:3, Interesting)
... not that I think this is at all the reason people don't update.
http://www.w3counter.com/globalstats.php [w3counter.com]
Windows 98 is listed as less than 1%.
And I'm pretty sure FF3 still works on Windows 2000 which just barely beats out Linux in popularity.
It depends on the browser. (Score:5, Interesting)
Within days after the release of Firefox 3, over 40% of my visitors
had switched to it. Another ~50% use the newest 2.0.x version.
Conclusion:
It makes a huge difference if the user is aware of existing choices and has
actively chosen a certain browser (i.e. installed something other than the default).
Also, Firefox' autoupdate mechanism works very well.
I cannot say anything about IE users - they make for less than 0,2% of my hits
Also, I don't claim to have representative numbers for the "general Mozilla crowd",
as my target audience are the more tech-savvy.
Wrong Methodology leading to wrong conclusion (Score:1, Interesting)
Their numbers are based on MAJOR version number, e.g. running IE6 and not IE7.
This is NOT the same as understanding whether users are using the MOST PATCHED version of their chosen browser.
For example, I'm running Firefox 2 right now, because there are extensions I need that aren't FF3 compatible. I'm running 2.0.0.16, which is the most updated FF2. I feel that I'm in a good place security-wise. Someone running FF 2.0.0.0 is the one who needs to worry. Or, for that matter, 3.0.0.0 now that more updated FF3's are available.
The right security questions are:
* Are recent security patches available for your browser version? (some very old browsers don't get support anymore)
* Do you run those patches?
The most recent major version tells you NOTHING. It's probably more a proxy for "when did you buy the computer?" than anything else.
Re:How many of those users CAN upgrade? (Score:4, Interesting)
There are other reasons not to upgrade to Firefox 3 - in particular, my company has production code that uses something like div_element.offsetParent.offsetTop (variable name changed intentionally to protect the guilty) without checking first to see if offsetTop is null (this is used to get the height in a browser) and Firefox 3 javascript crashes and burns but no other browser has a problem with it (of the four we support).
Our official policy is that Firefox 3 is not supported, meaning every single one of our customers needs to either use Firefox 2 or a different browser until we do certification on it (which I believe isn't even planned for this year due to other scheduling needs). I have notified the people in charge of that javascript, so it potentially could be fixed/patched beforehand, or if it's a FF3 bug, the Mozilla team will get notified - I'm not the author or maintainer and have no power to change that code.
Re:Firefox vs. IE (Score:5, Interesting)
Noscript is ridiculous... I mean, it's not like ad-block where advertisers find new ways to annoy you and ad-block has to find a way to counter it; nocscript simply disallows running scripts... is it that bad that there's three new versions a week?
The answer is no... from what I read elsewhere, noscript updates take advantage of a flaw in computing the popularity of plug-ins by continuously updating so that they always get ranked at or near the top.
Wait for native video/audio support... (Score:3, Interesting)
Re:How many of those users CAN upgrade? (Score:3, Interesting)
Dare I ask why? Unless you know of some security vulnerability in Win 9x's TCP/IP stack, I'm not sure what would be the problem in running Opera 9.51 on Windows 9x. Should you use outdated flash plugins, java plugins, etc? No. But you don't *need* those to browse the web (and odds are good that if you're running Win 9x, you're using a machine that wouldn't work well with the latest flash/java apps anyways).
I wouldn't advocate people go out of their way to use Win 9x for web browsing. But, unless you can describe an actual attack vector instead of general fear mongering, your complaint falls into the same category of bitching about *any* computer accessing the web. All computers have the potential to be exploited (that's a failing, of sorts, of computers). But it'd be nice to hear a bit more pragmatic argument than general handwaving.
Re:That's what emulators are for. (Score:3, Interesting)
Depends. Many proprietary systems and software will use things like hardware dongles and such that don't always behave inside a VM. A few years back I actually had to setup a machine using DOS 6.0. A professor at school was performing a psychology experiment using some special software that worked only in older versions of DOS. It too used a hardware dongle or it wouldn't function.
IBM doesn't support IE 7 (Score:3, Interesting)
I thought it was ironic that IBM Security Systems put out the report, since IBM doesn't support use of IE 7 internally--everyone is told to stay on IE 6 until various applications can be updated.
Firefox is supported, however.
[Opinions mine, not IBM's.]
Comment removed (Score:3, Interesting)
Re:How many of those users CAN upgrade? (Score:3, Interesting)
Same month Opera 9.5 was released, same month Safari 4.0 was released.
Which, maybe it means that they waited exactly for that month, or maybe its entirely the wrong moment since no one was really upgrading anything if it was just before those releases.