Microsoft will start silently pushing out updates for Internet Explorer beginning in January, the company said.
The automatic updates will help improve security online because users would always be at the most updated version of the Web browser, Microsoft said in the Exploring IE blog Dec. 16. Many Web scams take advantage of vulnerabilities in unpatched software such as outdated Web servers, according to statistics gathered by Microsoft’s security tools, making it even more important for users to have updated browsers when surfing online.
Users on Windows XP, Vista and 7 will all be included in this plan, with Windows XP users being automatically upgraded to Internet Explorer 8. Windows 7 and Vista users would be bumped up to Internet Explorer 9. The new update mechanism will be first rolled out in Australia and Brazil in January.
“The Web overall is better-and safer-when more people run the most up-to-date browser,” wrote Ryan Gavin, general manager of business and marketing for Internet Explorer.
Previously, users who had automatic updates enabled were still presented with a dialog box to confirm the Internet Explorer update. This new process removes the dialog box altogether.
Users who don’t want to be updated in the background can opt out by turning off Automatic Updates or uninstalling the browser, Microsoft said. Only users who currently have the option to run operating system updates automatically enabled will be included in the browser updates. However, turning off Automatic Updates to stop IE updates poses its own risks, as users will then be at risk for missing updates, or being late to patch, to close security vulnerabilities in the operating system.
“Customers who have declined previous installations of IE8 or IE9 through Windows Update will not be automatically updated,” Gavin wrote.
Internet Explorer 10 and later versions will have an opt-out setting users can select to disable automatic upgrades. Enterprise users can also download Blocker Toolkits to stay on the older browser and avoid an upgrade, according to Microsoft.
Once the user has the latest version of the browser, all future updates would be automatically downloaded and installed without requiring any user intervention, according to Gavin. Internet Explorer security updates, which are delivered every other month as part of the Patch Tuesday release, would not be affected as they are downloaded and applied separately from browser updates.
The idea is not new, as Google has been delivering automatic updates to its Chrome Web browser ever since its initial launch three years ago. Mozilla has recently started moving toward a “Firefox Update Service” that will allow silent updates and aims to deliver it in Firefox 12, expected April 24, 2012. Adobe announced earlier this year that it will start automatically updating Adobe Reader and Acrobat X.
“Silent updating is generally seen as a big improvement to security on the Internet,” said Wolfgang Kandek, CTO of Qualys.
Microsoft has been “struggling” with “browser stragglers” for years, said Chester Wisniewski, senior security advisor at Sophos, wrote on the Naked Security blog. He noted that 8.3 percent of the world’s users still employ Internet Explorer 6, a browser released 10 years ago and tremendously outdated. While many businesses are stuck with IE6 because of some critical applications that won’t run on modern browsers, many of those lagging behind, such as those using Internet Explorer 7, do not see the importance of staying up-to-date, according to Wisniewski.
Globally, Internet Explorer is still the most popular browser, with more than 52 percent of people using it, according to net market research firm Net Applications. Mozilla’s Firefox and Google’s Chrome are battling it out for second place.