About Damn Time: Microsoft Will Silently Upgrade Everyone To Latest Version Of IE

On the surface, the announcement sounds boring: Microsoft said this morning that it will begin automatically upgrading Windows customers to the latest version of Internet Explorer starting next year. But in reality, this was one of the most important things Microsoft could have done for the web, web security and the safety of all those who go online.

Nice move, Microsoft. It’s about time.

According to the official blog post, the IE updates will be pushed out to those running Windows XP, Vista and Windows 7, beginning with customers in Australia and Brazil in January, before rolling out worldwide.  Only those who have “Automatic Updates” turned on in Windows will receive the download, however. But thanks to constant prompting from the Windows OS itself, that’s an option many have already agreed to.

There are numerous ways to opt out, too, ranging from blocking tools to simply uninstalling the updates, which rolls you back to your previous version. Those who have declined the update previously also won’t be upgraded. (I’m not so sure about that one. I’d ask again – maybe they just found the pop-up annoying at the time?)

Silent updates to the browser is now par for the course in modern browsers like Firefox and Chrome, as Microsoft points out. Although Firefox’s move to silently update its browser was a more recent addition, Google has long made automatic updates a part of Chrome’s value proposition. And though it goes without saying that an updated browser is a more secure one, Microsoft has helpfully linked out to its own research on the matter: the Microsoft Security Intelligence Report (vol 11), which found that less than 1% of exploits during the first part of 2011 came from zero-day vulnerabilities (meaning those that are so new, they have yet to be patched by software vendors).

99% of all attacks, the report said, came from unpatched but known vulnerabilities and/or social engineering (a whopping 45% there). Just as sad, 90% of infections were attributed to a vulnerability exploitation that had a security update available for over a year. Over a year!

Granted, the report wasn’t looking only at web browsers, but it’s common knowledge that older versions of IE are the ones causing the most trouble. According to Internet security firm Secunia.com, there are over 200 vulnerabilities in IE 6, for example, 15% of which are unpatched. Even Microsoft can’t stand the thing, having set up a web page devoted to “moving the world off of IE6,” a browser built 10 years ago.

And yes, despite Chrome’s advances, what happens with IE still matters. The thing still has a 53% market share (source: netmarketshare). 

So while, in the past, it’s been funny (sad?) to have “upgrade your mom and dad’s web browser day,” doing so has not just been about the browser wars – it’s about the web’s future (hello, HTML5) and safety as a whole. And frankly, that’s not really a job everyone’s parents are up to. Even as a fairly tech-savvy person myself, it’s not a job that I want to be burdened with, either. The vendor should be pushing the updates down to me. (Hey, you too Apple! I have to hit the App Store Upgrades section daily. Lame.)

There’s more of a benefit to pushing down the new version, at least in terms of security. Let those who care figure out how to opt-out and leave the rest of us alone.