When I talk to security experts and ask for tips on how people can better protect their computers and networks, either the first or second tip they provide is to make sure your browser is upgraded to the latest version. That statement is often followed by some grumbling about the number of companies and individuals using an outdated version of a browser, which is usually Internet Explorer 6.
For some reason, upgrading the browser - or any software, for that matter-has become a tedious chore that many of us put off until tomorrow (and then forget about until the next reminder). Maybe no one wants to have to reboot their computer while in the middle of checking Facebook? Whatever the reason, procrastinating on upgrades also makes our computers and networks more vulnerable.
Well, it seems like Microsoft has decided to get proactive and force its customers to make sure they have the latest and most secure version of its IE browser. Microsoft announced that the company plans to automatically upgrade Windows customers to the latest version of IE available for computers. The version will depend on the operating system the computer uses.
It won't happen all at once. Microsoft will start with customers in Australia and Brazil who use automated updating through Windows Update. Eventually more customers will be phased in to the automatic browser upgrade. According to PC Magazine:
Customers on Windows XP, Windows Vista, and Windows 7 with automatic updating enabled via Windows Update will be bumped up to the latest version of IE in the coming months. For Vista and Windows 7, that's IE9, and for XP, that's IE8.
Now, for most upgrades, the person who controls the downloads on a computer has to take an action to make it happen. As Microsoft introduces its automatic browser upgrades, it will allow users to opt out. But to do so, customers will have to take specific action to block the upgrade or to install the Automatic Update toolkit. Kind of ironic, isn't it, that it would take more work to prevent an upgrade?
Microsoft's plan isn't exactly innovative. Chrome automatically updates already. I like how the Sophos Naked Blog put it:
Their new policy seems to rest somewhere between Google Chrome's "You don't know it but you just upgraded major versions" and Mozilla Firefox's "You know that our weekly major revision is available, would you like it now? Would ya? Please?"
While the automated update makes a lot of sense, Sophos does put out that this could be a problem for enterprise computer systems, pointing out:
Most organizations that use Internet Explorer are stuck on older versions because of IE-only proprietary code, and the fact that you can only have one version of Internet Explorer installed at the same time.
Hence, the reason for the blocker toolkit and for allowing users or IT folks the opportunity to decide how and when a browser will change.
I'm sure companies have a good reason for staying with their browser version, but, personally, I'm happy to let Microsoft ensure the browser I'm using is the most up-to-date and hopefully the most secure version available. After all, a secure browser is one of my first lines of defense.