eWeek's Lisa Vaas has a good post on Microsoft's latest chest thumping about browser security: Microsoft Report on IE Security Draws Mozilla Rebuttal. Larry Seltzer also commented on this at Browser Insecurity Wars Still Rage.
I have to agree with Mozilla's Mike Shaver on the issue that Microsoft doesn't necessarily report how many problems it fixes and that (as reported is Lisa Vaas's post) "The vast majority [of the Firefox user base] is updated to the most secure version of Firefox in less than a week". The implication, of course, is that Microsoft users do not upgrade, and I think that's probably true.
For one thing, Firefox users probably cluster more heavily in the "technical" group. Your typical non-techy user may not even know that Firefox exists, and even if he does, he isn't going to upgrade that or IE in most cases. So Firefox does probably get upgraded more often than not.
But what about those technical users? Do they upgrade?
Well, I think I can offer a little insight on that through the stats that Google Analytics provides me for this site. I think it's fair to say that most of the visitors we get here are more or less "technical" people. Sure, we may get an accidental visitor now and then who was searching for something completely non-technical, but I bet that's rare: most visitors here have some background or knowledge in the computer field. So what do the Google stats for this site tell us?
Well, first, most of our visitors use Firefox. All of the stats quoted below are for the period of November 2d, 2007 through December 2d. Here are the browsers detected:
|Mozilla Compatible Agent||108||0.06%|
"Oh, sure", you say, "they are all Linux and Unix users!". Well, no, that's not the case at all. Most visitors are using Windows (or at least their browser makes that claim):
|Operating System Versions|
Now let's look at browser versions. As we know, at this time IE7 is "current" (though it has been available for more than a year now), IE 6 is not so horrible, and anything older is just shameful.
|IE Browser Versions|
Not too bad, right? Let's pretend most of those IE5 and lower are techs working at customer sites - they'd never run that on their own machines, would they?
At first glance, the Firefox results look similar. The most current Firefox is 220.127.116.11, but that's only a few days old as I write this. Firefox 18.104.22.168 was released just about the same time as IE7:
|Firefox Browser Versions|
So, when you consider the release history, it's pretty obvious that our visitors tend to upgrade Firefox more quickly than they upgrade Internet Explorer:
|Release History Recent Firefox Versions|
|22.214.171.124||December 19, 2006|
|126.96.36.199||February 23, 2007|
|188.8.131.52||March 20, 2007|
|184.108.40.206||May 30, 2007|
|220.127.116.11||July 17, 2007|
|18.104.22.168||July 30, 2007|
|22.214.171.124||September 18, 2007|
|126.96.36.199||October 18, 2007|
|188.8.131.52||November 1, 2007|
|184.108.40.206||November 26, 2007|
|220.127.116.11||November 30, 2007|
Over 80% of our Firefox visitors are running a version that is less than three months old, while only 44% of IE users are running anything less than a year old. That's a pretty big difference, and let's not forget that these are likely mostly technical people: if this were a different kind of website, the disparity would probably be much higher.
By the way, our Opera users are almost as conscientous as the Firefox users: over 80% are at least at version 9.22 (June 2007).
It does help that recent versions of Firefox watch for upgrades and will even automatically install them.. and as you don't even lose your tabs, many of us are probably in the habit of letting it do that. Windows IE doesn't update itself, though Windows update might (it hasn't for a while now). You also might argue that IE7 has been updated, but that my stats don't break that down. True enough, but still: only 44% are using IE 7 to start with, and it is a year old!
So, I definitely agree that Firefox (and Opera!) users are more apt to update, and I suspect that the stats for this site are actually even biased in Microsoft's favor because of the number of technically savvy visitors we're more likely to attract.
Final conclusion: Microsoft is spewing FUD as usual.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2012-07-13 Anthony Lawrence