The Microsoft announcement is welcome news, and it's been typically well received. In fact, one amongst the foremost prevailing sentiments seems to be “it’s about time.” Google’s Chrome browser has been automatically updating for some time, and Mozilla already announced plans to implement an analogous updating system.
My first thought was that this was Microsoft’s means of pulling the plug on web Explorer half dozen. Microsoft stopped supporting the archaic browser back then. it's spent the last year imploring users to abandon the damn issue, and actively campaigning for its death. I assumed Microsoft determined it had played the waiting game long enough, and it had been ready to just push people in the right direction. Then I browse the fine print.
I was expecting a clean sweep to drive everybody to the most recent version of IE. However, there seem to be lots of conditions and caveats to the automatic updates: enterprises can opt out, users who already opted out won't be updated, future versions of IE can have an option to opt-out of the upgrades, and the silent updates only apply to legitimate copies of Windows set to use Automatic Updates.
When you boil it all down, it doesn’t seem to go away many users who are pushed a method or the opposite. IE8 has been around for quite awhile, and even IE9 has been offered through the Windows Update system for some time. It seems affordable to assume that the vast majority of these who don’t currently have IE8 or IE9 have, in fact, declined the update at some point—which puts them out of scope for the silent updates anyway.
Microsoft would be doing us all a favor if it did more to forcefully “persuade” users reluctant to upgrade. Wolfgang Kandek, CTO of Qualys, cites a study that illustrates that web security is greatly improved with current browsers. “Being on the most recent potential web Explorer (IE8 on WIndows XP, IE9 on Vista/Win7) brings a major increase in security and robustness to malware infections attributable to better design, sandboxing and the included URL filtering feature.”
It is still a great move by Microsoft. But, the impact and benefits are more a long-term culture shift than a short-term suggests that to kill legacy versions of IE. Andrew Storms, director of security operations for nCircle, says, “I don't suppose we tend to are about to see some dramatic upgrade across the board once the modification happens. this can be more of a strategic direction shift than obtaining all the laggards to upgrade.”
There are also users who haven’t truly “declined” the update, but instead just ignore or postpone the request. Kandek explains, “Apparently there's a major consumer population on older platforms (XP,Vista) that's not upgrading their browser to the most recent version potential (IE8 and IE9) attributable to "update fatigue", i.e. they elect to postpone the update when the dialog box comes up. These users are the primary target/beneficiary of this new policy.”