That's all fine and dandy, but here in the good ol' US of A well more than 50% of the country still has no access to broadband, and the broadband services they CAN use (like Hughes) actually have policies in place that make patching a machine that's been offline more than a few months (or has never had patches applied) near impossible.
It's simply absolute folly to rely on security on the users' end. As hosts, webmasters and industry professionals, we simply have to prevent them from accessing dangerous content (like through DNS filters), or by being far more aggressive in filtering user-supplied content to our sites, thus preventing that avenue of attack.
It's also disingenuous to claim that IE7 or FF3 are the 'most current' versions. Quite a few of my local clients are still using Windows 2000, Windows 98, and OSX 10.2 - which do not support 'current' versions of IE or Firefox.
I disagree with the conclusion, though. The best thing that Microsoft could do to get people to update Internet Explorer would be to give people the option of EASILY rolling back the dubious Vista-style user interface "improvements" in IE7.
Because IE7 is the biggest roadblock to people who are happy with IE6.
I have purposely avoided upgrading to IE7 because of the horrible user interface 'improvements'.
Firefox 3 is amazing, but we have compatibility problems with old web-based user manuals that were written for IE. (Updating the documentation would take far, far longer than simply not updating the browser.)
I sure hope in IE8 they give us more interface customization options (like a freakin' FORWARD button! And a 'stop' button you can put next to the other navigation buttons so that you don't have to scroll all the way across my 21" widescreen to push!)
Jeremy Gordon said: "Firefox 3 is amazing, but we have compatibility problems with old web-based user manuals that were written for IE. (Updating the documentation would take far, far longer than simply not updating the browser.)"
The solution is simple: Use Firefox 3 to browse everything else, and use IE solely to read the user manuals while they are being fixed.
I think you're not considering ALL costs. If your browser is exploited, then there's a big cost in the data loss and system recovery, including the time to do it. Obviously, the real error was in allowing someone to develop files that were tied to a particular browser, but instead of perpetuating the error, it's time to get that fixed.
It's probably worth noting w.r.t. Safari that users of relatively recent versions of OS X cannot upgrade to the latest version. Panther (replaced April 29, 2005) users are limited to Safari 1.3 and Firefox 2.
Similarly, Win9x users are limited to Firefox 2 and IE 6, but it's been a bit longer since this was the current version of Windows.
Jeremy Gordon said: "Firefox 3 is amazing, but we have compatibility problems with old web-based user manuals that were written for IE. (Updating the documentation would take far, far longer than simply not updating the browser.)"
Install the IE Tab add-on to Firefox. It displays the pages using IE inside of a Firefox Tab. Really saves the hassle of switching to IE when you run into a page that requires IE to view it.
The reason I have stopped updating Firefox every time an update is available is simple. My add on application extensions get broken (or so forefox says and disables them) nearly every time and I have to wait up to a month to get them back.
So, Google Security Team, if this "best before" warning is such a nice idea (and I think it might be), there's nothing stopping you from implementing it in the corner of the google home page (preferably as optimized for speed as possible). Try it with some of that split A/B testing Marissa Mayer is always talking about.
In response to the post that said "IE7's interface" is the biggest "Roadblock"; I beg to differ. I think your unwillingness to learn the slightest alterations in new technologies is the only road block sir. And if you are that unwilling to learn such a simple technology, then maybe you should try fishing.
Chris- you have that backwards. It is the burden of the programmer/publisher to give a compelling reason to upgrade. Interface changes that aren't a clear improvement are a clear detriment, precisely because any user interface change hurts usability.
If Microsoft, or Google, or anyone, wants me to accept a major UI change, then it had best be because once learned, the UI works *better* then before. Because otherwise, it means me ( and other users ) have to swallow relearning the UI. . . for no good reason at all.
ACTUALLY I THINK ITS A VERY GOOD IDEA ESPECIALLY FOR SOMEONE THAT DOES NOT SURF AND USE THE INTERNET ON A DAILY BASIS.SO WHEN U ACTUALLY DO LOGON THROUGH YR PREFERRED BROWSER YOU R IMMEDIATELY MADE AWARE OF ANY CHANGES.BUT!!!! AS LONG AS THE PROPOSED UPDATE DOES ACTUALLY WORK AND NOT CAUSE YR BROWSER TO KEEP ON CRASHING!!!!!!
Completely agree with the suggestion of letting users know of the current exact status of the browser in an understandable way (no heavy IT Jargons) that will compel users to take a little extra time in updating their browser by downloading a patch or a complete latest version.
One of the reasons why many users do not easily take to upgrade is non-availability of assurance in quality. If one upgrades and finds that in the process of closing a recent security threat, another security hole which existed long back has been opened, its a loss.
If only there was a assurance marked against every patch or a new version, cleanly and clearly for everyone to see, with some end-users experiences clubbed, then that might add to the quality of service as well as overall improvement of experience of users on web
Maybe google could help simply issuing an warning at the top of its search page (like those yellow background lines saying "You are not using the latest version of your browser") and alike.
Yes, ^^ Firefox is the best browser thus far. I recently had poll on my blog concerning this: http://eternalblackzero.blogspot.com/2008/11/poll-of-day-2-results.html
My analytic report also shows that my blog visitors are using FF as well, and IE in second place. IE still exists because it comes bundled with Windows.... -.- But maybe it will remain in the 2nd place forever, though.
@Shawn: What is the point of a secure browser on an insecure operating system? Obviously in the cases you state, the client needs to update both. Also, what bearing does the portability of a browser have to do with it's age. By this logic there are OS9 systems that need an IE update...
Follow
24 comments :
That's all fine and dandy, but here in the good ol' US of A well more than 50% of the country still has no access to broadband, and the broadband services they CAN use (like Hughes) actually have policies in place that make patching a machine that's been offline more than a few months (or has never had patches applied) near impossible.
It's simply absolute folly to rely on security on the users' end. As hosts, webmasters and industry professionals, we simply have to prevent them from accessing dangerous content (like through DNS filters), or by being far more aggressive in filtering user-supplied content to our sites, thus preventing that avenue of attack.
It's also disingenuous to claim that IE7 or FF3 are the 'most current' versions. Quite a few of my local clients are still using Windows 2000, Windows 98, and OSX 10.2 - which do not support 'current' versions of IE or Firefox.
Nice Post.
Neglected security patchesOver the past 18 months, the study also shows, a maximum of 83
@shawn k. hall:
FF3 will work with Windows 2000. They have abandoned support for Windows 98, though.
Shawn: I'm using Firefox 3 on Windows 2000.
I disagree with the conclusion, though. The best thing that Microsoft could do to get people to update Internet Explorer would be to give people the option of EASILY rolling back the dubious Vista-style user interface "improvements" in IE7.
Because IE7 is the biggest roadblock to people who are happy with IE6.
I have purposely avoided upgrading to IE7 because of the horrible user interface 'improvements'.
Firefox 3 is amazing, but we have compatibility problems with old web-based user manuals that were written for IE. (Updating the documentation would take far, far longer than simply not updating the browser.)
I sure hope in IE8 they give us more interface customization options (like a freakin' FORWARD button! And a 'stop' button you can put next to the other navigation buttons so that you don't have to scroll all the way across my 21" widescreen to push!)
Jeremy Gordon said: "Firefox 3 is amazing, but we have compatibility problems with old web-based user manuals that were written for IE. (Updating the documentation would take far, far longer than simply not updating the browser.)"
The solution is simple: Use Firefox 3 to browse everything else, and use IE solely to read the user manuals while they are being fixed.
I think you're not considering ALL costs. If your browser is exploited, then there's a big cost in the data loss and system recovery, including the time to do it.
Obviously, the real error was in allowing someone to develop files that were tied to a particular browser, but instead of perpetuating the error, it's time to get that fixed.
It's probably worth noting w.r.t. Safari that users of relatively recent versions of OS X cannot upgrade to the latest version. Panther (replaced April 29, 2005) users are limited to Safari 1.3 and Firefox 2.
Similarly, Win9x users are limited to Firefox 2 and IE 6, but it's been a bit longer since this was the current version of Windows.
Jeremy Gordon said: "Firefox 3 is amazing, but we have compatibility problems with old web-based user manuals that were written for IE. (Updating the documentation would take far, far longer than simply not updating the browser.)"
Install the IE Tab add-on to Firefox. It displays the pages using IE inside of a Firefox Tab. Really saves the hassle of switching to IE when you run into a page that requires IE to view it.
The reason I have stopped updating Firefox every time an update is available is simple. My add on application extensions get broken (or so forefox says and disables them) nearly every time and I have to wait up to a month to get them back.
using Opera now
It's Zürich >.> . We take pride in our Umlaut.
So, Google Security Team, if this "best before" warning is such a nice idea (and I think it might be), there's nothing stopping you from implementing it in the corner of the google home page (preferably as optimized for speed as possible). Try it with some of that split A/B testing Marissa Mayer is always talking about.
In response to the post that said "IE7's interface" is the biggest "Roadblock"; I beg to differ. I think your unwillingness to learn the slightest alterations in new technologies is the only road block sir. And if you are that unwilling to learn such a simple technology, then maybe you should try fishing.
Chris- you have that backwards. It is the burden of the programmer/publisher to give a compelling reason to upgrade. Interface changes that aren't a clear improvement are a clear detriment, precisely because any user interface change hurts usability.
If Microsoft, or Google, or anyone, wants me to accept a major UI change, then it had best be because once learned, the UI works *better* then before. Because otherwise, it means me ( and other users ) have to swallow relearning the UI. . . for no good reason at all.
ACTUALLY I THINK ITS A VERY GOOD IDEA ESPECIALLY FOR SOMEONE THAT DOES NOT SURF AND USE THE INTERNET ON A DAILY BASIS.SO WHEN U ACTUALLY DO LOGON THROUGH YR PREFERRED BROWSER YOU R IMMEDIATELY MADE AWARE OF ANY CHANGES.BUT!!!! AS LONG AS THE PROPOSED UPDATE DOES ACTUALLY WORK AND NOT CAUSE YR BROWSER TO KEEP ON CRASHING!!!!!!
Completely agree with the suggestion of letting users know of the current exact status of the browser in an understandable way (no heavy IT Jargons) that will compel users to take a little extra time in updating their browser by downloading a patch or a complete latest version.
One of the reasons why many users do not easily take to upgrade is non-availability of assurance in quality. If one upgrades and finds that in the process of closing a recent security threat, another security hole which existed long back has been opened, its a loss.
If only there was a assurance marked against every patch or a new version, cleanly and clearly for everyone to see, with some end-users experiences clubbed, then that might add to the quality of service as well as overall improvement of experience of users on web
Maybe google could help simply issuing an warning at the top of its search page (like those yellow background lines saying "You are not using the latest version of your browser") and alike.
Yes, ^^ Firefox is the best browser thus far. I recently had poll on my blog concerning this: http://eternalblackzero.blogspot.com/2008/11/poll-of-day-2-results.html
My analytic report also shows that my blog visitors are using FF as well, and IE in second place. IE still exists because it comes bundled with Windows.... -.- But maybe it will remain in the 2nd place forever, though.
@Shawn: What is the point of a secure browser on an insecure operating system? Obviously in the cases you state, the client needs to update both. Also, what bearing does the portability of a browser have to do with it's age. By this logic there are OS9 systems that need an IE update...
Google - please warn IE5/6 users to upgrade their browser!
Post a Comment