Internet Explorer Silent Updates Are Not a Miracle Cure
Microsoft made waves this week by announcing that it plans to implement automatic, silent updates to push the latest version(s) of Internet Explorer. If you were hoping that silent updates will finally nail the coffin on IE6 and IE7, though, don’t hold your breath.
The Microsoft announcement is welcome news, and it has been generally well received. In fact, one of the most prevailing sentiments seems to be “it’s about time.” Google’s Chrome browser has been automatically updating for some time, and Mozilla already announced plans to implement a similar updating system.
My first thought was that this was Microsoft’s way of pulling the plug on Internet Explorer 6. Microsoft stopped supporting the archaic browser long ago. It has spent the last year imploring users to abandon the damn thing, and actively campaigning for its death. I assumed Microsoft decided it had played the waiting game long enough, and it was ready to just push people in the right direction. Then I read the fine print.
I was expecting a clean sweep to drive everyone to the latest version of IE. However, there seem to be a lot of conditions and caveats to the automatic updates: enterprises can opt out, users who already opted out won't be updated, future versions of IE will have an option to opt-out of the upgrades, and the silent updates only apply to legitimate copies of Windows set to use Automatic Updates.
When you boil it all down, it doesn’t seem to leave many users who will be pushed one way or the other. IE8 has been around for quite awhile, and even IE9 has been offered through the Windows Update system for some time. It seems reasonable to assume that the vast majority of those who don’t currently have IE8 or IE9 have, in fact, declined the update at some point—which puts them out of scope for the silent updates anyway.
Microsoft would be doing us all a favor if it did more to forcefully “persuade” users reluctant to upgrade. Wolfgang Kandek, CTO of Qualys, cites a study that illustrates that Internet security is greatly improved with current browsers. “Being on the newest possible Internet Explorer (IE8 on WIndows XP, IE9 on Vista/Win7) brings a significant increase in security and robustness to malware infections due to better architecture, sandboxing and the included URL filtering feature.”
It is still a great move by Microsoft. But, the impact and benefits are more a long-term culture shift than a short-term means to kill legacy versions of IE. Andrew Storms, director of security operations for nCircle, says, “I don't think we are going to see some dramatic upgrade across the board once the change happens. This is more of a strategic direction shift than getting all the laggards to upgrade.”
There are also users who haven’t actually “declined” the update, but instead just ignore or postpone the request. Kandek explains, “Apparently there is a significant consumer population on older platforms (XP,Vista) that is not upgrading their browser to the latest version possible (IE8 and IE9) due to "update fatigue", i.e. they elect to postpone the update when the dialog box comes up. These users are the primary target/beneficiary of this new policy.”
So, those users still stubbornly clinging to IE6 will be able to continue to do so for now. The up side is that the new culture of automatic, silent updates will hopefully prevent another IE6 from happening in the future.