Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Internet Security

Internet Users Not Updating Browser 409

Jackson writes "Security researchers from ETH Zurich, Google, and IBM Internet Security Systems have shown that more than 600 million Internet users don't use the latest version of their browser. The researchers' paper, shows that as of June 2008, only 59.1 percent of Internet users worldwide use the latest major version of their preferred web browser. Suggestions have also been made to inform users that their browser is out of date."
This discussion has been archived. No new comments can be posted.

Internet Users Not Updating Browser

Comments Filter:
  • by gravyface ( 592485 ) on Monday July 21, 2008 @07:35AM (#24272167)

    If you're running Win9x/2000, you can't upgrade to the latest version of Internet Explorer.

    • by Anonymous Coward on Monday July 21, 2008 @07:41AM (#24272235)
    • by Kamokazi ( 1080091 ) on Monday July 21, 2008 @07:50AM (#24272341)
      Which is like 1-2% of the users. Our website gets about 10k hits per week, and maybe 1% of them are Win2k/98. We actually see more Mac users now. Most of it is just people who are using IE6 or 7 and click off the annoying update popup they get. Heck I use Opera and I was a couple versions behind until 9.5 came out (and I haven't upgraded to 9.51). I haven't had any spyware/etc. issues since the IE5 days, so I'm not exactly in a hurry.
  • How many are IE6? (Score:5, Informative)

    by neokushan ( 932374 ) on Monday July 21, 2008 @07:38AM (#24272195)

    I wonder how many of those are IE6, which a lot of people use because they CAN'T upgrade to IE7.
    And as an above commenter pointed out, I highly doubt they factored in that some OS's can't actually run the latest version of their browser.

    • Re:How many are IE6? (Score:4, Interesting)

      by thatskinnyguy ( 1129515 ) on Monday July 21, 2008 @07:42AM (#24272243)

      I wonder how many of those are IE6, which a lot of people use because they CAN'T upgrade to IE7.

      Can't? More like won't for me.

      I really don't know what it was. May its the fact that IE7 always ran sluggish for me or the fact that Firefox and Opera run so much quicker and with fewer crashes.

      IE7 was my last straw when it came to Microsoft applications.

      • Re:How many are IE6? (Score:5, Informative)

        by badpazzword ( 991691 ) <<moc.liamg> <ta> <drowzzapdab>> on Monday July 21, 2008 @07:52AM (#24272359)

        Even if you do not explicitly use Internet Explorer for browsing, you should upgrade it as it is a core part of the Windows Kernel.

        Internet Explorer it is used behind the scenes in many places; the eye-candy interfaces of most Norton products, for example, runs on the IE engine.

        Not that I recommend Norton products, still...

        • by thatskinnyguy ( 1129515 ) on Monday July 21, 2008 @08:06AM (#24272521)

          Even if you do not explicitly use Internet Explorer for browsing, you should upgrade it as it is a core part of the Windows Kernel.

          That is another part about IE that I have issues with. Why make a web browser part of the OS? It makes very little sense. It should, at most, be a bloated application that I could uninstall at whim. But no! It has to totally screw with everything else. As it is now, I specify Firefox as the default browser and disable access to IE. It doesn't matter which version of IE, I'm still not using it.

          Not that I recommend Norton products, still...

          Thanks to a run-in with their overly-aggressive virus scanning process (that can't be turned off) I no longer use Norton home products. Their corporate/enterprise software that I use at work is waaaaaay better.

  • by arkham6 ( 24514 ) on Monday July 21, 2008 @07:38AM (#24272197)
    40 percent of internet users are not updating their browser.

    And these same users are probably happily using windows 98 on their Pentium II's, and don't give a damn about having the most shiny, newest toy.
  • by Scutter ( 18425 ) on Monday July 21, 2008 @07:38AM (#24272201) Journal

    Large numbers of corporate users are at the mercy of the IT department's update/upgrade schedule. In my environment, there are a large number of applications that will break if IE7 is installed, and the schedule to update and test those dependencies is lengthy.

    Furthermore, we've spent so much time training users to ignore messages that say "Your $FOO is out of date! Click here to install the latest version because it's almost always malware, and now you want to turn around and do the exact opposite?

    • As an anedonct, here where I work we've authorized updating to IE7 only last week. And only because we had problems with a bug from IE6.
    • by Bogtha ( 906264 )

      Furthermore, we've spent so much time training users to ignore messages that say "Your $FOO is out of date! Click here to install the latest version because it's almost always malware, and now you want to turn around and do the exact opposite?

      Sure. Because if they don't update, then the malware gets in anyway, because they are undoubtedly using a browser with known vulnerabilities. The worst case scenario is the same in both cases, so we might as well pick the one where they at least have a chance at

    • I thought it was ironic that IBM Security Systems put out the report, since IBM doesn't support use of IE 7 internally--everyone is told to stay on IE 6 until various applications can be updated.

      Firefox is supported, however.

      [Opinions mine, not IBM's.]

  • Firefox vs. IE (Score:5, Insightful)

    by Puls4r ( 724907 ) on Monday July 21, 2008 @07:38AM (#24272205)
    Firefox already automatically updates.

    If you have automatic updates turned on in Windows, they automatically update as well.

    However, most people I know turn off automatic updates because it can be so obnoxious. Many folks also disable the BITS service because of the process overhead it chews up.

    It's the difference between being a virtually seamless integration (like Firefox) or an overly-obtrusive integration that eats up system resources.

    For instance - firefox tells you when you go to close the program that there are updates ready. Microsoft pops a little icon that #1 interrupts what you are doing #2 may very well crash the machine or lock it up if it happens while you're playing a game, etc. Remember that letter Gates sent about usability? It's the key in this case, I think.

    I also wonder if this took business users into account - I can't update because my IT department won't let me. I doubt that would be different if we were using Firefox or Opera rather than IE.
    • Firefox already automatically updates.

      Well now, that's kind of news to me. The copy I use on one machine did in fact recently update itself, about five days ago ... to version 2.0.0.16. Certainly the extensions get updated very frequently (NoScript updates seem to come every five minutes). But nothing more. When I try "Help - Check for updates" manually, the message I get back is

      There are no new updates available. Firefox may check periodically for new updates.

      I don't particularly care -- not to the extent of installing Ff 3 manually, anyway -- but it does make me wonder in a mildly bemused fashion what the hell the Mozilla p

      • Re:Firefox vs. IE (Score:5, Interesting)

        by gfxguy ( 98788 ) on Monday July 21, 2008 @09:38AM (#24273877)

        Noscript is ridiculous... I mean, it's not like ad-block where advertisers find new ways to annoy you and ad-block has to find a way to counter it; nocscript simply disallows running scripts... is it that bad that there's three new versions a week?

        The answer is no... from what I read elsewhere, noscript updates take advantage of a flaw in computing the popularity of plug-ins by continuously updating so that they always get ranked at or near the top.

    • A large part of it is system integration. Updating IE means updating DLLs used by lots of other parts of the system, including Windows Explorer. The only way you can safely do this is to restart everything that uses them. In contrast, updating FireFox just requires updating FireFox.
    • by dkf ( 304284 )

      I also wonder if this took business users into account - I can't update because my IT department won't let me. I doubt that would be different if we were using Firefox or Opera rather than IE.

      I've seen this come up a few times, and the code involved is usually something really horrible. (We have a leave booking system that doesn't really work with anything other than a specific sub-version of IE6 - the software we use was updated to support later versions, but we were too cheap to buy those updates. But our security people won out over our app support people, and IE6 got dropped. Lucky I guess. But I digress.) A nasty webapp is usually at heart of the problem, and yet chances are that some AJAX,

    • by Skapare ( 16644 )

      Firefox already automatically updates.

      Really? I run Firefox as a non-root user. It is installed on the /usr filesystem. Are you saying Firefox has figured out how to get around the permissions issue? Oh, and BTW, my /usr is mounted read-only.

      • Re: (Score:3, Informative)

        by FictionPimp ( 712802 )

        Actually, I'm trying to figure this out on my mac. Last night I got the update popup. I clicked yes and realized I was not an admin. I waited for it to prompt me for my admin user/pass or just error out, but it said it completed successfully.

        I'm really confused.

    • Mod parent up--this is it, right here. That's what I love about Firefox. If I say that I will restart later, it believes me, and doesn't pop up asking 5 minutes later. "It's later now! It's later now!" is the reason I have automatic updates turned off in Windows. But in doing that, a user has to take on the responsibility of updating manually, and if you want to be really responsible, checking out each update before installing it. That's the part that most users don't bother with, it's an all-or-nothing sit
  • Only 59.1%? (Score:5, Insightful)

    by 4D6963 ( 933028 ) on Monday July 21, 2008 @07:39AM (#24272223)
    Only 59.1% of users are up-to-date? I guess the submitter is the kind who sees the glass 40.9% empty.
    • I find it odd that "59.1% of users are running the most up-to-date browser available to them, and that a decent number of people were not running fully-patched versions."

      Surely if 59.1% of people are running the most up-to-date browser, then 40.9% will not be running fully-patched versions. Why bother with the "a decent number" hand-waving when you've got a hard number you could put in there?

  • Yeah, but (Score:5, Funny)

    by krkhan ( 1071096 ) on Monday July 21, 2008 @07:42AM (#24272241) Homepage
    I can't upgrade to the latest version. It makes my tabs crash and causes me to lose m
  • In the case of Internet Explorer 7, there are reasons not to upgrade to it over version 6. I use IE6 only for the websites that don't work properly in Firefox and I am not interested in the additional integration that IE7 provides. A person concerned with security wouldn't use an integrated browser in the first place.

    By the way, Microsoft does remind me that IE6 is out of date every chance that it gets.

    • by ErikZ ( 55491 ) * on Monday July 21, 2008 @07:46AM (#24272289)

      Please, for the love of all that's holy, upgrade to IE7.

      Once IE6 installations get down below a certain point, we won't have to spend crazy amounts of time rewriting web pages so they *also* work in IE6.

      • This doesn't cause problems for you, because if you read what Blindman wrote, they only use it for sites that don't work with Firefox. If you're creating web pages that are anywhere close to being modern, then you won't see hits from any version of IE from people like us.

        It's not installations that matter, it's what people actually use.

    • Yes there is a point (Score:5, Informative)

      by WD ( 96061 ) on Monday July 21, 2008 @08:18AM (#24272659)

      Not upgrading to IE7 because you don't "use" it is dangerous. Because, as you mentioned, IE is closely integrated into the operating system, its components can be used by other applications regardless of whether you click the blue 'E' icon or not. Any Windows application that has the ability to handle HTML content is likely to use some IE components. So if IE is not fully up to date, these other applications can put you at risk.

      So, for example, vulnerabilities that only affect IE6 may affect other applications that use the relevant IE components for HTML rendering (think email, IM, etc.). Such as:
      http://www.kb.cert.org/vuls/id/923508 [cert.org]

      Or, even better... A recent Safari for Windows vulnerability:
      http://www.kb.cert.org/vuls/id/127185 [cert.org]
      Safari, a "stand-alone" web browser, is actually at a higher risk on systems with IE6 as opposed to IE7.

      As with any software on your computer, you should upgrade it whether you *think* you use it or not.

    • by Firehed ( 942385 )

      What websites do you still visit that have Firefox compatibility? I don't think that's been a major concern for me in the last half-decade (since pre-1.0), and the only sites I've stumbled across recently where it had been a problem were so woefully out-of-date that it didn't matter anyways.

      Quite frankly, I barely test in IE6 anymore, and often don't bother with conditional stylesheets (partly because my page layouts are pretty safe to start, partly because FUCK YOU IE6 YOUR MOM IS A DIRTY WHORE!!). I rea

  • Any idea... (Score:3, Insightful)

    by cvd6262 ( 180823 ) on Monday July 21, 2008 @07:44AM (#24272259)

    How many FF2 users just hate "AwsomeBar"?

    Last I checked, FF2 security updates were still being pushed automatically, so what's the big deal about using 2.x over 3.0?

    • I don't know how many hate it. Initially, I did, but I've come to like it. However, I can understand why some folks don't.

      But hey, this is Firefox, an open source project, so why don't all the folks who don't like it get organized and contact Mozilla en masse and demand that they include the option to use it or return to the old bar--and I mean the original old bar, not just an imitation that looks like the old bar but uses the new algorithm--in the next incremental update?

      I'm not being flippant here. Le

    • How many FF2 users just hate "AwsomeBar"?

      Count me among that group. Hate is a very appropriate description. Yes, I am fully aware I can go get an extension to remove this "feature" but really, was it too difficult to have a checkbox to turn it off?

    • Re:Any idea... (Score:5, Insightful)

      by spyrochaete ( 707033 ) on Monday July 21, 2008 @08:14AM (#24272619) Homepage Journal
      I love the Awesome Bar. I'll often want to visit a site I saw the other day but all I can remember is part of one word of the site title. That's all I need in FF3 - I just type in the partial name and the correct site is usually the top result. Now, instead of clicking my bookmarks, I just type one or two letters in the address bar and if the intended site isn't the top result this time it will be next time.

      Awesome Bar was a feature I wasn't even aware of until FF3 went gold, but it was as appreciated and innovative as it was unexpected. Words are for people, DNS names are for computers.
  • Browsers at work (Score:3, Insightful)

    by rdev ( 752316 ) on Monday July 21, 2008 @07:45AM (#24272281)

    What about your browsers that are provided by your IT department of your company?

    I work in pretty large company and our IT dept. have disabled auto-updates from XP, Firefox and so on. Then they push updates to users when needed.

    Above works fine in my company, but what about those companies with similar policies and non-existing or incompetent IT department? Browsing tubes all day long with old versions.

  • by 1shooter ( 185361 ) on Monday July 21, 2008 @07:47AM (#24272303)

    The IT drones at my employer rigidly demand that all company machines must run IE6. They've coded all their intranet applications solely for that version and by god they will not budge. Firefox is forbidden as a "security risk" and no where to be seen is IE7. Fortunately for me I work on Linux based projects and and run what I please.

  • If they say "IE 6.latest" or "Foxpro 2.latest" doesn't count as "latest" and those versions have no known unpatched vulnerabilities not shared by IE 7.latest or Foxpro 3.latest then they aren't counting properly.

    There are good reasons not to do a major version upgrade the first few months it is out, but a prerequisite is that your existing browser continue to get security patches.

  • "If it ain't broke, don't fix it". It's amazing that as many people upgrade as they do. The average user doesn't know his browser is broken. The average user doesn't care that his browser is broken. It displays web pages and that's all he cares about. He doesn't worry about botnets, and why should he?

    Fellow nerds, a better job must be done! There are reasons for bugs and security holes, but no excuses. When I see slashdot posts saying "their going to loose all they're money" and "Its broken it's back" I see

  • by s31523 ( 926314 ) on Monday July 21, 2008 @07:51AM (#24272353)
    I tend not to update my browser, or anything else that isn't broken, on my stable machine. No matter how many beta tests or how reliable or how improved a new version is touted to be I am always finding things that used to work and now don't. At some point you just want things to work and do not want to have to spend time reconfiguring or working around something that worked. Unless there is a new feature that I am excited about, or a huge security hole plugged, I stick with what works and it is no surprise to me that others do the same.
  • no Firefox-3.x (Score:3, Insightful)

    by FudRucker ( 866063 ) on Monday July 21, 2008 @07:57AM (#24272423)
    how I use web browsers is:

    Firefox-2.0.0.16 with NoScript and without any plugins - for general purpose web browsing...

    Seamonkey-1.1.11 with all the plugins, flash, java & mplayerplug-in - used only at trusted websites and only when there is media I want to see (used rarely) and Seamonkey for email too (I dont like thunderbird enough to use it)...

    I don't really like Firefox-3.x because of the way it is being developed which is starting to look like feature creep is going to bloat it up, I would like to see it forked and have the fat trimmed off of it more, make it like dillo only better, if I was a clever code monkey genius I would grab the source for Firefox-3.x and fork it myself and trim it down to something like Firefox-1.x or 2.x (or a little leaner)...
    • "I don't really like Firefox-3.x .. which is starting to look like feature creep"

      Try Gran Paradiso [mozilla.org], supposed to be at the bleeding edge of development ..
    • I don't really like Firefox-3.x because of the way it is being developed which is starting to look like feature creep is going to bloat it up

      What is it you see as the bloat problem in Firefox? Is it memory usage? Keeping the graphical interface clean is all that really matters, as I see it. I use Firefox 3 and I'm not shying away from add-ons (as long as they don't clutter the interface) and yet my browser window contains almost nothing but this Slashdot page we are at.

      Top: Menu bar, back and forward buttons, address field, throbber. All on a single row. (No need for a search box when you can use keywords in the address field.)
      Right: Scroll ba

  • Boring "security" (Score:4, Interesting)

    by Bromskloss ( 750445 ) <auxiliary.addres ... cy@gmai l . c om> on Monday July 21, 2008 @08:00AM (#24272437)
    Computer security includes things like
    - encryption
    - steganography
    - signatures
    - passwords and
    - access control lists.

    That is cool maths and tech. Stuff that matters. How disappointed I get when the "security researchers" write about, not interesting security measures, but just how the security is implemented. Boring, that's sociology! Making sure your users use secure software is important and all, but it's not something I want to read about on Slashdot. I want my old geeky Slashdot back!
    • by jeiler ( 1106393 )

      How disappointed I get when the "security researchers" write about, not interesting security measures, but just how the security is implemented.

      Even geeks need a day job--and many of us work in the industry, where we work with users on a daily basis. Users who don't, won't, or can't upgrade. Users who, more often than not, wouldn't know 'security" if it bit them on the ass.

      All the geeky toys, cool maths, and security algorithms in the works don't make a damn bit of difference if users don't, won't, or can't use them.

  • At home, I have no reason to jump to FF3. FF2 works fine for me. And it's still getting security fixes, so I'm not worried about malware.

    At work, it's not my choice. I have to use IE6, but frankly I like IE6 better than IE7 anyway.

  • If it works? (Score:2, Insightful)

    by rotide ( 1015173 )
    For most "grandmothers" and other non-technically inclined users, why upgrade? Heck, I'd wager most don't even know there is an update, or that you should be updating. Only those that know the technology and the potential risks will care to keep things up to date. And even then, I rarely update, but then again, I routinely format my windows boxes due to all the other issues that come up.
  • So people don't really care so much about all those new features that make the new generation browser deliver the best internet browsing experience ever. Does this tell us something about product management? Software development?
  • I'm using Kubuntu Gutsy Gibbon and it apparently does not have anything past 3.0 alphaB in the repository and FF own auto update feature is grayed out (2.0.0.14) - Haven't got around to downloading the tarbell... wait a minute, auto update will give me 2.0.0.16.

  • by diskofish ( 1037768 ) on Monday July 21, 2008 @08:16AM (#24272633)
    Seems like when a new Fire Fox browser gets "released" there are still some rather annoying bugs. I usually wait about six months for the main bugs to be worked out before I upgrade.
  • Users with broadband connections are under the misimpression that upgrades are free and that everyone should do them. Some of us are still stuck in dialup hell, and downloading an upgrade costs a lot of time. And besides, the old software is perfectly adequate.
  • Anyone else friggin hate it when products and publications use the words "internet" and "web" interchangeably? It's a web browser, not an internet browser. The internet is more than a presentation layer.
  • by QuietLagoon ( 813062 ) on Monday July 21, 2008 @08:19AM (#24272681)
    Opera 9.51 (and the 9.52 beta) just does not work well enough for every day use. If you read the Opera news groups, you will see that Opera users are reverting to 9.27.
  • unlike the rest of the world, I LIKE typing in
    "my computer" and not having a new window pop open.

    I understand the differences about where I am navigating to when I type in
    \\servername\ or \\localpc\ or \\remotepc\ I'm vpn connected to or //google.com
    'control panel' or 'network connections'

    or whatever, and still be working in the same damn window..

    the whole 'new window based on name' thing drives me up the fraking wall..

  • latest major version of their preferred web browser

    This is not always bad. If they had said latest minor version, I'd be more concerned. Example: FF2 and FF3: both keep getting security patches (at least until this December).

  • by the_other_chewey ( 1119125 ) on Monday July 21, 2008 @08:41AM (#24272919)
    I run a rather busy Mozilla related server (~200k hits per day).

    Within days after the release of Firefox 3, over 40% of my visitors
    had switched to it. Another ~50% use the newest 2.0.x version.

    Conclusion:
    It makes a huge difference if the user is aware of existing choices and has
    actively chosen a certain browser (i.e. installed something other than the default).
    Also, Firefox' autoupdate mechanism works very well.

    I cannot say anything about IE users - they make for less than 0,2% of my hits :-)

    Also, I don't claim to have representative numbers for the "general Mozilla crowd",
    as my target audience are the more tech-savvy.
  • I've been setting up a traffic statistics server (AWStats, if you're interested), and I'm seeing traffic from Netscape 4, Firefox 0.10.0 (zero ten zero, not a typo), IE 3.02.

  • by CaptainPatent ( 1087643 ) on Monday July 21, 2008 @08:50AM (#24273041) Journal
    Lynx 2.8.6... yep, I'm up-to-date...

    in a manner of speaking.
  • by GNUPublicLicense ( 1242094 ) on Monday July 21, 2008 @10:01AM (#24274283)
    When the media player DOM and the <video> <audio> will be in most browsers and once main video web sites support all that media boiler plate, people may think its a good incentive to upgrade.
  • Corporate users (Score:4, Informative)

    by regular_gonzalez ( 926606 ) on Monday July 21, 2008 @10:17AM (#24274617)
    General Electric (at least in Europe, can't speak for other territories) only supports IE6 on their client pc's. IE7 breaks many internal web pages and if found on a user's computer, is uninstalled immediately. Stupid policy? Horrible web page design? Sure. But with 300,000+ worldwide employees, all stuck on an older version of Internet Explorer with no upgrade path or timeline in sight, I don't see this changing anytime soon. And GE (particularly under Jack Welch) has always struck me as a fairly nimble company compared to others it's size. I wonder how many other mega-corporations are similarly locked into older versions of web browsers and how much they contribute to the overall percentage of non-updated persons.

A conclusion is simply the place where someone got tired of thinking.

Working...