When browser upgrades arrive, they usually contain good improvements in terms of speed, security, reliability, and features. For website developers, new browsers usually offer better capabilities for building websites. Unfortunately, there is a lag-time between when browsers are released with new features and when users upgrade sufficiently that developers can use them.
Upgrades are also important from a security perspective. When users run older browsers they are exposed to security risks which have been previously discovered and potentially fixed. In the case of Internet Explorer, this problem got so bad, that various governments, and even Microsoft advised against users’ continued use of Microsoft Internet Explorer 6.
So how long does it take users to shift to a new browser?
|
Browser |
Upgrade Time |
|
Chrome |
Days |
|
Firefox |
Months |
|
Microsoft IE |
Years |
The data from StatsCounter shows this very clearly. Chrome upgraded virtually all of its users from version 4.0 within a month, starting in Feb 2010. Firefox also upgraded version 3.6 at about that time. The upgrade is progressing quickly, and now, 3 months later, approximately two-thirds of Firefox users have upgraded. Internet Explorer 8, by contrast, was released over a year ago, and so far less than half of IE users have upgraded.
A lot of IE6 users are at corporate jobs with locked down desktops 🙁
Oh boy….
I’m tired of hiding behind the “we can’t upgrade corporate environments” argument. While it is tradition, it isn’t true that they can’t be upgraded. (Also note that IE7 still has 17% market share too). Even in corporate lockdown environments, Microsoft provides a fantastic upgrade and patch program. (In fact, isn’t Microsoft’s security vulnerability for corporate the best upgrade system from any software vendor, bar none?) “Patch-Tuesday” regularly updates the desktops of millions of corporate users every month. If Microsoft were serious about moving browsers forward, they could figure out how to do this as part of this program. They’re some of the best engineers on the planet – they can figure this out.
Last year, Dean Hachamovitch made the argument that Microsoft doesn’t request IE6 users to upgrade as a part of “user choice”. He had to eat crow on those words less than 6 months later when security vulnerabilities so severe surfaced that even Microsoft recommended all users upgrade. But the “user choice” argument fails anyway – I don’t know of any users (corporate or otherwise) that choose to run old, insecure software. Users are just unaware, and the software vendor needs to be more proactive.
Symantec released a report this week showing the year-over-year doubling of malware distributed through the web. The browser is the single most important defense against malware. Microsoft has a tradeoff: protect the user’s choice to run insecure browsers, that cost everyone billions of dollars each year, or start a more aggressive program to help corporations upgrade. To claim that users want old software is misleading.
Dean’s “it’s about choice” blog:
http://blogs.msdn.com/ie/archive/2009/08/10/engineering-pov-ie6.aspx
Microsoft’s recommendation to stop using IE6:
http://blogs.technet.com/srd/archive/2010/01/15/assessing-risk-of-ie-0day-vulnerability.aspx
Article about the Symantec Report:
http://blogs.zdnet.com/Foremski/?p=1311
Lastly: These thoughts are my own and do not reflect those of my employer.