Slashdot Mirror
Internet Users Not Updating Browser
Jackson writes "Security researchers from ETH Zurich, Google, and IBM Internet Security Systems have shown that more than 600 million Internet users don't use the latest version of their browser. The researchers' paper, shows that as of June 2008, only 59.1 percent of Internet users worldwide use the latest major version of their preferred web browser.
Suggestions have also been made to inform users that their browser is out of date."
If you're running Win9x/2000, you can't upgrade to the latest version of Internet Explorer.
body massage!
I wonder how many of those are IE6, which a lot of people use because they CAN'T upgrade to IE7.
And as an above commenter pointed out, I highly doubt they factored in that some OS's can't actually run the latest version of their browser.
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
40 percent of internet users are not updating their browser.
And these same users are probably happily using windows 98 on their Pentium II's, and don't give a damn about having the most shiny, newest toy.
Large numbers of corporate users are at the mercy of the IT department's update/upgrade schedule. In my environment, there are a large number of applications that will break if IE7 is installed, and the schedule to update and test those dependencies is lengthy.
Furthermore, we've spent so much time training users to ignore messages that say "Your $FOO is out of date! Click here to install the latest version because it's almost always malware, and now you want to turn around and do the exact opposite?
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
Firefox already automatically updates.
If you have automatic updates turned on in Windows, they automatically update as well.
However, most people I know turn off automatic updates because it can be so obnoxious. Many folks also disable the BITS service because of the process overhead it chews up.
It's the difference between being a virtually seamless integration (like Firefox) or an overly-obtrusive integration that eats up system resources.
For instance - firefox tells you when you go to close the program that there are updates ready. Microsoft pops a little icon that #1 interrupts what you are doing #2 may very well crash the machine or lock it up if it happens while you're playing a game, etc. Remember that letter Gates sent about usability? It's the key in this case, I think.
I also wonder if this took business users into account - I can't update because my IT department won't let me. I doubt that would be different if we were using Firefox or Opera rather than IE.
Only 59.1% of users are up-to-date? I guess the submitter is the kind who sees the glass 40.9% empty.
You just got troll'd!
I can't upgrade to the latest version. It makes my tabs crash and causes me to lose m
In the case of Internet Explorer 7, there are reasons not to upgrade to it over version 6. I use IE6 only for the websites that don't work properly in Firefox and I am not interested in the additional integration that IE7 provides. A person concerned with security wouldn't use an integrated browser in the first place.
By the way, Microsoft does remind me that IE6 is out of date every chance that it gets.
I don't practice what I preach because I'm not the kind of person that I'm preaching to.
How many FF2 users just hate "AwsomeBar"?
Last I checked, FF2 security updates were still being pushed automatically, so what's the big deal about using 2.x over 3.0?
I'd rather have someone respond than be modded up.
What about your browsers that are provided by your IT department of your company?
I work in pretty large company and our IT dept. have disabled auto-updates from XP, Firefox and so on. Then they push updates to users when needed.
Above works fine in my company, but what about those companies with similar policies and non-existing or incompetent IT department? Browsing tubes all day long with old versions.
rdev
The IT drones at my employer rigidly demand that all company machines must run IE6. They've coded all their intranet applications solely for that version and by god they will not budge. Firefox is forbidden as a "security risk" and no where to be seen is IE7. Fortunately for me I work on Linux based projects and and run what I please.
6F 9E A9 1E 96 9F 74 27 ED B8 81 6D 0C 4E 1E 78
My other Sig is a 229.
If they say "IE 6.latest" or "Foxpro 2.latest" doesn't count as "latest" and those versions have no known unpatched vulnerabilities not shared by IE 7.latest or Foxpro 3.latest then they aren't counting properly.
There are good reasons not to do a major version upgrade the first few months it is out, but a prerequisite is that your existing browser continue to get security patches.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I tend not to update my browser, or anything else that isn't broken, on my stable machine. No matter how many beta tests or how reliable or how improved a new version is touted to be I am always finding things that used to work and now don't. At some point you just want things to work and do not want to have to spend time reconfiguring or working around something that worked. Unless there is a new feature that I am excited about, or a huge security hole plugged, I stick with what works and it is no surprise to me that others do the same.
Fortunately for us, people like you are willing to deal with your house exploding while the rest of us use candles for a few months more while the bugs in gas lighting are being sorted out. Having the latest 1337 illumination technology is more important to you than it is to us, so it's a win-win situation.
What I'm listening to now on Pandora...
how I use web browsers is:
Firefox-2.0.0.16 with NoScript and without any plugins - for general purpose web browsing...
Seamonkey-1.1.11 with all the plugins, flash, java & mplayerplug-in - used only at trusted websites and only when there is media I want to see (used rarely) and Seamonkey for email too (I dont like thunderbird enough to use it)...
I don't really like Firefox-3.x because of the way it is being developed which is starting to look like feature creep is going to bloat it up, I would like to see it forked and have the fat trimmed off of it more, make it like dillo only better, if I was a clever code monkey genius I would grab the source for Firefox-3.x and fork it myself and trim it down to something like Firefox-1.x or 2.x (or a little leaner)...
Politics is Treachery, Religion is Brainwashing
Computer security includes things like
- encryption
- steganography
- signatures
- passwords and
- access control lists.
That is cool maths and tech. Stuff that matters. How disappointed I get when the "security researchers" write about, not interesting security measures, but just how the security is implemented. Boring, that's sociology! Making sure your users use secure software is important and all, but it's not something I want to read about on Slashdot. I want my old geeky Slashdot back!
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
For most "grandmothers" and other non-technically inclined users, why upgrade? Heck, I'd wager most don't even know there is an update, or that you should be updating. Only those that know the technology and the potential risks will care to keep things up to date. And even then, I rarely update, but then again, I routinely format my windows boxes due to all the other issues that come up.
So people don't really care so much about all those new features that make the new generation browser deliver the best internet browsing experience ever. Does this tell us something about product management? Software development?
Seems like when a new Fire Fox browser gets "released" there are still some rather annoying bugs. I usually wait about six months for the main bugs to be worked out before I upgrade.
Users with broadband connections are under the misimpression that upgrades are free and that everyone should do them. Some of us are still stuck in dialup hell, and downloading an upgrade costs a lot of time. And besides, the old software is perfectly adequate.
I rejoice that there are owls.
Not upgrading to IE7 because you don't "use" it is dangerous. Because, as you mentioned, IE is closely integrated into the operating system, its components can be used by other applications regardless of whether you click the blue 'E' icon or not. Any Windows application that has the ability to handle HTML content is likely to use some IE components. So if IE is not fully up to date, these other applications can put you at risk.
So, for example, vulnerabilities that only affect IE6 may affect other applications that use the relevant IE components for HTML rendering (think email, IM, etc.). Such as:
http://www.kb.cert.org/vuls/id/923508
Or, even better... A recent Safari for Windows vulnerability:
http://www.kb.cert.org/vuls/id/127185
Safari, a "stand-alone" web browser, is actually at a higher risk on systems with IE6 as opposed to IE7.
As with any software on your computer, you should upgrade it whether you *think* you use it or not.
Opera 9.51 (and the 9.52 beta) just does not work well enough for every day use. If you read the Opera news groups, you will see that Opera users are reverting to 9.27.
I run a rather busy Mozilla related server (~200k hits per day).
:-)
Within days after the release of Firefox 3, over 40% of my visitors
had switched to it. Another ~50% use the newest 2.0.x version.
Conclusion:
It makes a huge difference if the user is aware of existing choices and has
actively chosen a certain browser (i.e. installed something other than the default).
Also, Firefox' autoupdate mechanism works very well.
I cannot say anything about IE users - they make for less than 0,2% of my hits
Also, I don't claim to have representative numbers for the "general Mozilla crowd",
as my target audience are the more tech-savvy.
Lynx 2.8.6... yep, I'm up-to-date...
in a manner of speaking.
Well, back to rejecting software patent applications.
Suggestions have also been made to inform users that their browser is out of date.
Why? I know I run an out-of-date browser (FF1.5), and just don't care.
Well, you should.
Most of those issues are present in earlier versions as well, as stated on the vulnerabilities page for 1.5
Have a look at http://www.mozilla.org/security/known-vulnerabilities/ - and have fun browsing on with your sieve.
When the media player DOM and the will be in most browsers and once main video web sites support all that media boiler plate, people may think its a good incentive to upgrade.
...and when Firefox 5 is out, people will say the same about Firefox 3 users. "OMG security vulnerabilities have fun browsing on your sieve."
People said the same thing about 1 vs 1.5 as well. You HAVE to upgrade to 1.5 because it's the secure version and it doesn't have all those security holes.
What's the difference?
Is that a serious question?
Did you look at the links I gave?
Time is the difference. Those lists list known vulnerabilities. They are in those versions of Firefox, and some are actively exploited by malicious websites, right now.
Those lists get longer with time due to exposure of the software to a curious public. I can guarantee you that a lot of the unknown vulnerabilities in Firefox 3 will have become
very well known ones by the time Firefox 5 will be out.
General Electric (at least in Europe, can't speak for other territories) only supports IE6 on their client pc's. IE7 breaks many internal web pages and if found on a user's computer, is uninstalled immediately. Stupid policy? Horrible web page design? Sure. But with 300,000+ worldwide employees, all stuck on an older version of Internet Explorer with no upgrade path or timeline in sight, I don't see this changing anytime soon. And GE (particularly under Jack Welch) has always struck me as a fairly nimble company compared to others it's size. I wonder how many other mega-corporations are similarly locked into older versions of web browsers and how much they contribute to the overall percentage of non-updated persons.
Due to circumstances beyond my control, I am master of my fate and captain of my soul.
Someone whose business applications only run on Windows 95/98 or ME
...can run existing Windows 95/98 or ME licenses in a virtual machine.
I thought it was ironic that IBM Security Systems put out the report, since IBM doesn't support use of IE 7 internally--everyone is told to stay on IE 6 until various applications can be updated.
Firefox is supported, however.
[Opinions mine, not IBM's.]
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Do you hate twitter? Do you loath Slashdot? Are you a total fuckwad? Then join the Twitter Negation Association of America (TNAA) and help ruin Slashdot. How does it work? Easy:
The point is to increase noise to signal ratios. Join today!
Comment removed based on user account deletion