Internet Users Not Updating Browser

Jackson writes "Security researchers from ETH Zurich, Google, and IBM Internet Security Systems have shown that more than 600 million Internet users don't use the latest version of their browser. The researchers' paper, shows that as of June 2008, only 59.1 percent of Internet users worldwide use the latest major version of their preferred web browser. Suggestions have also been made to inform users that their browser is out of date."

How many of those users CAN upgrade?

If you're running Win9x/2000, you can't upgrade to the latest version of Internet Explorer.

Re:How many of those users CAN upgrade?

Windows 9x users cannot use the latest version of Firefox either [slashdot.org].

Re:How many of those users CAN upgrade?

They can still upgrade to Opera, which supports down to Windows 95.

Re:How many of those users CAN upgrade?

that was very subtle: "upgrade TO opera"

Re:How many of those users CAN upgrade?

While Firefox 3 chose to abandon Windows 95 compatibility, Firefox 2 is still being patched and maintained.
Unlike the IE6 users of Windows 95, who no longer get MS patches.

Re:How many of those users CAN upgrade?

Which is like 1-2% of the users. Our website gets about 10k hits per week, and maybe 1% of them are Win2k/98. We actually see more Mac users now. Most of it is just people who are using IE6 or 7 and click off the annoying update popup they get. Heck I use Opera and I was a couple versions behind until 9.5 came out (and I haven't upgraded to 9.51). I haven't had any spyware/etc. issues since the IE5 days, so I'm not exactly in a hurry.

Re:How many of those users CAN upgrade?

Who in their right mind have a computer online with Windows 95/98 or ME on it?

Someone whose business applications only run on Windows 95/98 or ME, and either there is no upgraded version of it (maybe the vendor went out of business) or the upgrade doesn't convert the old data, or doesn't have a feature being used, or otherwise isn't workable.

Re:How many of those users CAN upgrade?

Exactly. FF2 is still current, and is still preferable to FF3 in some cases. I could argue that anyone not running a nightly build from CVS isn't running the newest/latest, but that would just be silly.

Firefox 2.0 is just as current as 3.0, and will be until the end of this year. Anyone who says differently is selling something.

How many are IE6?

I wonder how many of those are IE6, which a lot of people use because they CAN'T upgrade to IE7.
And as an above commenter pointed out, I highly doubt they factored in that some OS's can't actually run the latest version of their browser.

Re:How many are IE6?

Even if you do not explicitly use Internet Explorer for browsing, you should upgrade it as it is a core part of the Windows Kernel.

Internet Explorer it is used behind the scenes in many places; the eye-candy interfaces of most Norton products, for example, runs on the IE engine.

Not that I recommend Norton products, still...

Re:How many are IE6?

Even if you do not explicitly use Internet Explorer for browsing, you should upgrade it as it is a core part of the Windows Kernel.

That is another part about IE that I have issues with. Why make a web browser part of the OS? It makes very little sense. It should, at most, be a bloated application that I could uninstall at whim. But no! It has to totally screw with everything else. As it is now, I specify Firefox as the default browser and disable access to IE. It doesn't matter which version of IE, I'm still not using it.

Not that I recommend Norton products, still...

Thanks to a run-in with their overly-aggressive virus scanning process (that can't be turned off) I no longer use Norton home products. Their corporate/enterprise software that I use at work is waaaaaay better.

So a better title would be..

40 percent of internet users are not updating their browser.

And these same users are probably happily using windows 98 on their Pentium II's, and don't give a damn about having the most shiny, newest toy.

Maybe they *can't* upgrade

Large numbers of corporate users are at the mercy of the IT department's update/upgrade schedule. In my environment, there are a large number of applications that will break if IE7 is installed, and the schedule to update and test those dependencies is lengthy.

Furthermore, we've spent so much time training users to ignore messages that say "Your $FOO is out of date! Click here to install the latest version because it's almost always malware, and now you want to turn around and do the exact opposite?

Re:Maybe they *can't* upgrade

If using a different Web browser to access a server causes it to crash, you have more serious things to worry about, like finding another vendor that doesn't write software that takes down your server when it's accessed in a perfectly reasonable manner.

Firefox vs. IE

Firefox already automatically updates.

If you have automatic updates turned on in Windows, they automatically update as well.

However, most people I know turn off automatic updates because it can be so obnoxious. Many folks also disable the BITS service because of the process overhead it chews up.

It's the difference between being a virtually seamless integration (like Firefox) or an overly-obtrusive integration that eats up system resources.

For instance - firefox tells you when you go to close the program that there are updates ready. Microsoft pops a little icon that #1 interrupts what you are doing #2 may very well crash the machine or lock it up if it happens while you're playing a game, etc. Remember that letter Gates sent about usability? It's the key in this case, I think.

I also wonder if this took business users into account - I can't update because my IT department won't let me. I doubt that would be different if we were using Firefox or Opera rather than IE.

Re:Firefox vs. IE

Noscript is ridiculous... I mean, it's not like ad-block where advertisers find new ways to annoy you and ad-block has to find a way to counter it; nocscript simply disallows running scripts... is it that bad that there's three new versions a week?

The answer is no... from what I read elsewhere, noscript updates take advantage of a flaw in computing the popularity of plug-ins by continuously updating so that they always get ranked at or near the top.

Only 59.1%?

Only 59.1% of users are up-to-date? I guess the submitter is the kind who sees the glass 40.9% empty.

Yeah, but

I can't upgrade to the latest version. It makes my tabs crash and causes me to lose m

A good chuck of that 52% is corporate policy.

The IT drones at my employer rigidly demand that all company machines must run IE6. They've coded all their intranet applications solely for that version and by god they will not budge. Firefox is forbidden as a "security risk" and no where to be seen is IE7. Fortunately for me I work on Linux based projects and and run what I please.

It depends on the browser.

I run a rather busy Mozilla related server (~200k hits per day).

Within days after the release of Firefox 3, over 40% of my visitors
had switched to it. Another ~50% use the newest 2.0.x version.

Conclusion:
It makes a huge difference if the user is aware of existing choices and has
actively chosen a certain browser (i.e. installed something other than the default).
Also, Firefox' autoupdate mechanism works very well.

I cannot say anything about IE users - they make for less than 0,2% of my hits :-)

Also, I don't claim to have representative numbers for the "general Mozilla crowd",
as my target audience are the more tech-savvy.

hmm, let's see...

Lynx 2.8.6... yep, I'm up-to-date...

in a manner of speaking.

Re:No point in updating IE6

Please, for the love of all that's holy, upgrade to IE7.

Once IE6 installations get down below a certain point, we won't have to spend crazy amounts of time rewriting web pages so they *also* work in IE6.

Yes there is a point

Not upgrading to IE7 because you don't "use" it is dangerous. Because, as you mentioned, IE is closely integrated into the operating system, its components can be used by other applications regardless of whether you click the blue 'E' icon or not. Any Windows application that has the ability to handle HTML content is likely to use some IE components. So if IE is not fully up to date, these other applications can put you at risk.

So, for example, vulnerabilities that only affect IE6 may affect other applications that use the relevant IE components for HTML rendering (think email, IM, etc.). Such as:
http://www.kb.cert.org/vuls/id/923508 [cert.org]

Or, even better... A recent Safari for Windows vulnerability:
http://www.kb.cert.org/vuls/id/127185 [cert.org]
Safari, a "stand-alone" web browser, is actually at a higher risk on systems with IE6 as opposed to IE7.

As with any software on your computer, you should upgrade it whether you *think* you use it or not.

Re:Any idea...

I love the Awesome Bar. I'll often want to visit a site I saw the other day but all I can remember is part of one word of the site title. That's all I need in FF3 - I just type in the partial name and the correct site is usually the top result. Now, instead of clicking my bookmarks, I just type one or two letters in the address bar and if the intended site isn't the top result this time it will be next time.

Awesome Bar was a feature I wasn't even aware of until FF3 went gold, but it was as appreciated and innovative as it was unexpected. Words are for people, DNS names are for computers.

Re:Do they count IE 6.latest or FoxPro 2.latest?

If they say "IE 6.latest" or "Foxpro 2.latest" doesn't count as "latest" and those versions have no known unpatched vulnerabilities not shared by IE 7.latest or Foxpro 3.latest then they aren't counting properly.

I agree. dBASE III works just fine for me, and I see no reason to update to dBASE IV when Ashton Tate currently provides the same level of support for both.