Microsoft will automatically upgrade earlier versions of its Internet Explorer browser beginning in January.
The updates will be for PCs running Windows XP, Windows Vista and Windows 7, Redmond said.
Users in Australia and Brazil who have turned on the automatic update feature in Windows Update will be the first to have their browsers automatically updated, and Microsoft will roll out this capability elsewhere over time.
Customers will be given the ability to opt out of the automatic browser updates.
About the Auto Update
Microsoft’s automatic browser update will leave users’ home pages, search providers and default browser settings unchanged, the company said.
Auto updates are becoming increasingly important because of the rising threat of socially engineered malware, which typically targets outdated software, including Web browsers, Redmond stated.
The automatic browser update feature “should hasten the demise of IE 6 and 7 and reduce the need for Web developers to support these older browsers, Eric Leland, a partner at FivePaths, told TechNewsWorld.
It will “save project time and costs in developing sites … [and] most importantly, auto update should reduce the risk of vulnerability by keeping most users up to date, reducing the occurrence of IT fire drills to solve surprise security breaches,” Leland added.
What If You Don’t Wanna?
Users of IE 8 and IE 9 can use these browsers’ automatic update blocker toolkits to prevent automatic updates if they prefer to continue with their existing setup.
Other customers, who have declined previous installations of IE 8 or IE 9 through Windows Update, will not be automatically updated, Microsoft stated.
Further, users can uninstall updates and continue to receive support for the version of IE that came with their copy of Microsoft Windows.
Future versions of IE will have a feature that lets users opt out of automatic upgrading.
To Block or Not to Block?
It would be wise for users to stick with auto upgrades of their browsers because “the latest browsers have much better protection mechanisms built in than the older versions,” Wolfgang Kandek, chief technology officer at Qualys, told TechNewsWorld.
While enterprises “might have legacy applications that require the use of older browsers, in which case the update blockers might be useful, I cannot see any reason for consumers to stay behind,” Kandek added.
Enterprises “usually have their own policies for testing patches and their rollout, and software that does not conform to those standards can have acceptance problems,” Kandek remarked.
“It’s great for IT to manage control of updates, and to be more predictive of and prepared for the consequences of these updates for users,” FivePaths’ Leland suggested.
“In a corporate environment, it may be prudent to block automatic updates if defense in depth is properly implemented,” IT security expert Randy Abrams told TechNewsWorld. “Things break in corporations with automatic updates,” he added.
Why So Slow?
Google beat Microsoft to implementing automatic browser updates because Microsoft “has this huge enterprise business, and they’re a dominant platform vendor, which requires it to hold an awful lot of pre-briefings with companies,” Rob Enderle, principal analyst at the Enderle, told TechNewsWorld.
Google, on the other hand, “can just throw their stuff out,” Enderle added.
Microsoft’s large installed base may have also been a factor in the timing of its auto update strategy.
“I expect the considerable volume of older Microsoft browsers that are still in use had something to do with this,” FivePaths’ Leland suggested. “Some large companies still use IE 6 as a standard.”
Taking Things Easy
Microsoft may have opted to begin rolling out its automatic update for IE in Brazil and Australia rather than in prime markets such as the United States and the EU as a tactical move.
“Australia and Brazil are test markets for Microsoft, they have a large installed base and enough users who have decided to stay behind in their browser updates,” Qualys’ Kandek suggested.
“When you make some major changes, you want to pick an environment where, if there’s a problem, things won’t go ballistic,” Enderle contends. “You certainly don’t want to try that with the U.S. or Europe and find out something got hosed.”
Microsoft did not respond to requests for comment on this story.