Calling it an important step in moving the Web forward, Microsoft announced plans to automatically upgrade all Windows customers to the latest version of Internet Explorer, starting in January.  

With 40% market share, Microsoft's Internet Explorer (IE) dominates both the worldwide and US browser markets, and the company wants to leverage that position to make the Web a safer place from the likes of malware and other malicious software.

New Versions Keep Malware at Bay

For consumers, the safety benefits are one of the reasons that the industry has been moving towards automatic updates as the norm, according to Microsoft's Ryan Gavin, the General Manager of Internet Explorer Business and Marketing. He called the auto updates increasingly important due to the growing risk of socially engineered malware, which typically targets outdated software like Web browsers. Gavin said this specific type of malware is "the biggest online threat these days."  

Microsoft Security Intelligence Report (SIRv11)

Microsoft Security Intelligence Report (SIRv11)

This advice isn't just coming from Microsoft; the chief technology officer and founder of WhiteHat Security, Jeremiah Grossman, supports the plan stating, "Automatic updates are a very good idea based on every piece of security research I've seen. Keeping software up to date -- particularly Web browsers -- is critical for online security. With that in mind, I'm pleased that Microsoft is moving toward an automatic update model, particularly since their approach balances the needs of enterprise customers who still need a mechanism to manage software updates."

MS Security Intelligence Report 

Gavin also referred to the latest Microsoft Security Intelligence Report (SIRv11), based on data from over 600 million systems in over 100 countries, is good reading to give you a sense of risks that stem from outdated software.  The report, published in October, was presented at the RSA Conference in Europe, includes a multifaceted approach to managing risk, that includes the upgrade strategy.  Here's the relevant excerpt from that October report: 

Upgrade to the latest products and services. Making the move to the most current products and services helps increases protection against the most prevalent online threats. For example, Windows 7 and Windows Server 2008 R2 have the lowest infection rates of any previous Windows operating systems -- in the first half of 2011, Windows 7 Service Pack 1 for 32-bit systems were three times less likely to be infected than Windows Vista Service Pack (SP) 2 and six times less than Windows XP SP3. Windows Server 2008 R2 was 32 percent less likely to be infected than Windows Server 2003 SP2."

Other considerations highlighted by Microsoft in the report include: 

  • Build products and services with security in mind
  • Educate customers and employees regarding "responsible secure behavior
  • Consider cloud services--where the vendor takes on the Security process

Gavin revealed the IE Upgrade plans for his company in a recent Exploring IE Blog targeting users of the popular browser that ships free with Windows OS software. The Microsoft plan is to use a "measured approach" starting in January that scales over time. This is similar to its IE9 upgrade release. Australia and Brazil are the first regional targets and upgrades to the latest IE version will begin with customers using automatic updating via Windows Update system application.