Microsoft next year will change its automated update process for the Internet Explorer (IE) Web browser to push out the latest version of the browser for XP, Vista and Windows 7 without the notification-style install prompt.
Rival Google Chrome has had automatic, no-questions-asked updates since its release in 2008.
For those who have opted into the general Windows Update process, the current yes-or-not style install prompt for IE has confused the end user and has slowed browser upgrades, says Ryan Gavin, general manager of IE at Microsoft. Simply updating IE automatically would be a more secure approach, he says.
“The browser is always a big attack space for malware,” says Gavin. “Updating browsers is fairly simple. And security researchers are unanimous about getting users to the latest version.”
Microsoft’s plan, which will commence in January for certain parts of the world, appears to be getting the thumb’s up from some security researchers.
Automatic updates improve web security
“Automatic updates are a very good idea based on every piece of security research I’ve seen,” says Jeremiah Grossman, chief technology officer and founder of White Hat Security. “Keeping software up to date — particularly Web browsers — is critical to online security. With that in mind, I’m pleased that Microsoft is moving toward an automatic update model, particularly because their approach balances the needs of enterprise customers who still need a mechanism to manage software updates.”
Microsoft’s plans call for starting the new update process for IE in January 2012 with customers in Australia and Brazil. Based on how the new IE update process fares, Microsoft intends to scale it up gradually across the rest of the world. Though Microsoft won’t say exactly how many versions of IE are used today worldwide, Gavin acknowledges its well into the “hundreds of millions.”
The latest version is IE9, released last March. Gavin points out about 35 percent of users in the US have that version today Not all Microsoft operating systems support the exact same latest browser version, but Microsoft’s goal is to move end users to the latest version available for each platform. Microsoft says it will take care not to change any of the user’s personal browser settings in the process, such the home page, search provider or user’s default browser.
The automatic update process is expected to only occur when a major new browser version is made available, and would likely happen only about once or twice a year depending on the Microsoft schedule for completed new versions of the browser.
If for any reason the end user does not want to have any automated IE browser update, it is possible to make a registry change for that by using the Windows Automatic Update Blocker Toolkit, says Gavin. The user can block updates altogether and upgrade whenever they want.
Consumers affected more than enterprises
Microsoft says customers who have declined previous installations of IE8 or IE9 through Windows Update will not be automatically updated. Future versions of IE will provide an option in the product for consumers to opt out of automatic upgrading.
After being updated to the latest IE, anyone who prefers an earlier version will be able to uninstall it and use an older version that came with their copy of Windows. But Gavin says he’s doubtful many people would want to go backward on the browser. “We really want to push the Web forward.”
Microsoft’s planned changes may affect consumers more than enterprises, which may have strict controls over version-update processes, says Gavin, but adds that “enterprises get two benefits. A lot of computers come into enterprises that aren’t necessarily managed. Having the latest version of the browser has advantages.”
However, the changes Microsoft is initiating are not intended to compel any change to the way enterprises manage software versions today.
Gavin says Web developers should benefit from Microsoft’s goal of more proactively trying to phase out older versions of IE in this way. But Microsoft also says it will continue to support older versions of IE and that the new way of updating browsers won’t affect how security and performance updates will be delivered.