Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

Jun 12, 2011

Making the web safer: From auto-update to auto-upgrade

The Firefox team has decided to stop supporting Firefox 3.5. They've put a great deal of thought into how they will handle the ~12 million Firefox 3.5 installations around the world. Firefox 3.5 will be updated to the latest 3.6 version, through the auto-update system — which really makes it an auto-upgrade. The plan is to start pushing the upgrade on June 21st, in conjunction with the release of the new Firefox 5. The team has shared their assumptions and rationale for the decision in a Firefox 3.5 EOL article on the Mozilla wiki.

The decision to upgrade users' soon to be outdated and unsupported browsers is important. Home users' computers are under constant attack. The stream of software updates is both endless and rapid, especially when taking into account that there are updates to the operating system, web browsers, and commonly installed software such as Adobe Acrobat and the Java Runtime. The average user should be relieved from having to deal with all the different update notifications and procedures. Apple have been leading the way here for many years already. If you do a Google search for "security update" flash you'll see why: They've been supplying updates to the Flash player for many years through their update system. The Chrome team chose the same route in April when they included an updated version of Adobe Flash with their latest Chrome release — fixing a vulnerability in the Flash plugin in addition to three in Chrome. The simpler the job for users to keep their systems up-to-date, the more users will be running the latest, greatest, and safest software.

The Firefox developers are not the only ones having to deal with the responsibility for aging software versions. Microsoft decided not to auto-upgrade IE 6 to IE 7 through Windows Update, and specifically gave corporations the possibility to block upgrades. They also took steps to hinder upgrades of pirated installations. IE 6 has been unsupported since July 13th 2010, but today there are still so many IE 6 installations left that Microsoft has launched a campaign to educate/convince IE 6 users to upgrade their browsers. You can follow their progress at theie6countdown.com. Judging by the data published by Netmarketshare at the time of writing, Firefox 3.5 has a market share of 1.38%, and IE 6 has 10.36%. If there's ~12 million FF 3.5 installations, IE 6 accounts for ~90 million installations! Microsoft has quite some way to go before reaching their goal of 1% IE 6 installations.

But how dangerous are these outdated browser installations? For one, vulnerabilities are surfacing for all IE version, including IE 6, ref CVE. You can't rely on these vulnerabilities getting fixed for IE 6. Next, consider the amount of IE installations. Just a small fraction of those ~90 million machines would make a pretty decent botnet, right?

Though the Firefox team is doing the right thing by not leaving user's behind, they did not take the risk of going the extra mile and upgrade the users to FF 4. They've taken a softer approach, which is still pretty cool, by motivating their existing FF 4 users to help their friends upgrade. This is what the FF 4 Web Hero start page looks like:

While Microsoft has chosen to not automatically upgrade their users, and the Firefox team upgrades their unsupported versions to the closest supported version of the browser, Opera and Chrome take a different approach. Opera has one timeline for their browser, and will bump the major version number when they introduce notable new features. But they will not be maintaining two separate major versions simultaneously. To get the latest security fixes, you'll simply have to update/upgrade to the latest version.

Google has taken Opera's approach even further with Chrome, avoiding the whole notion of version numbers. I use all the major browsers, IE, FF, Opera, and Chrome on a daily basis. I'm conscious that I'm now using IE 9, FF 4 and Opera 11. But Chrome is different, I just use the latest Chrome. I actually had to check the version now. Apparently Chrome has reached version 11, which was a surprise. I would have guessed it to be a version 2.X, after all it hasn't been around that long! It's the latest, greatest and safest — that's all that really matters. Google is doing things right as long as I can keep letting Chrome update itself, and keep on being ignorant about the version number.

So arguably, things are happening on the client side through simplified update/upgrade procedures for users, as well as campaigns to educate and notify users that they are running outdated software. But we need to create stronger incentives to keep browsers up to date, and that is mostly a server side problem.

An important reason for many users and enterprises to run old browser versions has been aging web applications that haven't seen the necessary maintenance to function properly in modern browsers. Hence, a browser upgrade might break business critical applications. In turn, this has caused a strong incentive to support outdated browsers even in new web applications. If a company is running IE 7 because of business critical legacy applications, and your web application only works in IE 8 and newer, they probably won't buy your application. You see the catch-22 here, as there are also little or no incentives to start fixing the legacy web applications as long as we keep supporting old browser versions in new apps.

Google is now changing the rules of the game, like only one of the really big players can. A couple of days ago they announced on their blog that, starting from August 1st, Google Apps will be supporting the two latest versions of IE, FF, Safari, and their own Chrome. The most notable effect is that they're dropping support for IE 7, even though Microsoft will support it until 2014. According to numbers from Netmarketshare, Google is dropping support for ~20% of the browsers on the Internet, that's quite drastic! And judging from their blog, they seem to mean business:
In these older browsers you may have trouble using certain features in Gmail, Google Calendar, Google Talk, Google Docs and Google Sites, and eventually these apps may stop working entirely.
It'll be very interesting to see how this plays out. The fundamental shift here is important, and I strongly believe that Google is doing the right thing.


  1. Thanking you for this post shared with us. It is a type of review and I hope it will be more helpful to the readers. Today most of the students have the trouble with their academic tasks. Therefore they want valuable help from genuine sources. And expect a better answer for their questions like custom essay writing service. Today most of them are experienced with best services.

  2. Replies
    1. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
      Network Security Projects for CSE

      JavaScript Training in Chennai

      Project Centers in Chennai

      JavaScript Training in Chennai

  3. Google has taken Opera's approach even further with Chrome, avoiding the whole notion of version numbers.

    What? According to this, Opera is following Chrome!

  4. Now Discover the latest news about freebies, games hacks & tips, gift cards and much more. Keep coming for Latest Gaming Updates, Tech news, and Guides. 6 Easy Methods to Get Unused Free eBay Gift Cards in 2019

  5. We have mastered the art of assisting and supporting students who are in need of quality Graduate Paper Writing Service. Our services are customized to meet your Research Paper Services needs.

  6. Sensible content on your blog. Very useful post for all information seekers. Keep updating the blog with nice content.
    Affiliate marketing

  7. Good read always prefer to read the quality content

  8. You might feel like asking, “Can someone help me with my assignment” due to a lack of clear concept. Our assignment helpers are highly experienced and have a vast knowledge. Thus, they can easily prepare a highly informative assignment for you. With their help, you can also clear out all your concepts.
    Marketing assignment help
    Nursing assignment help
    Online assignment help
    Case Study help
    Urgent Assignment help
    Essay help online

  9. Nice Blog. Here are some good profile of educational sites.
    V380 Pro Mac

  10. Every student should get access to our Economics Essay Writing Services because we have professional writers who deliver Economics Dissertation Writing Services as well as offer Affordable academic Help Online that are original and authentic.

  11. These tips are very useful for us because through these tips, we can get rid of auto upgrade issues and save our data. Many users were facing this issue but now they are satisfied, and they can solve their problems easily. Dissertation writing services.

  12. Yeah my web is safer now. Thanks a lot fireboy and watergirl adventure game.

  13. I was reading your article and wondered if you had considered creating an ebook on this subject. as you got Professional Essay Writing Services In Uk Your writing would sell it fast. You have a lot of writing talent.

  14. I have read it completely and got really impressed. Love to read more about similar types of articles Like Dissertation Writing Services . Thanks a lot.

  15. The Law Essay Help - Buyessay.org.uk emphases you to do use the safe browser to protect your payment details


Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts