Despite automatic updates, old browsers are still a problem

Despite automatic updates, old browsers are still a problem

Summary: These days, every major browser developer pushes automatic updates to its user base. So why are so many people still using out-of-date browsers?


At the beginning of each month, when Net Market Share and StatCounter release their scorecards for the previous month, there's a flurry of coverage in the technical press about which operating systems and browsers are up and which are down. (For a detailed breakdown of the differences between the two analytics services, see "Net Market Share vs. StatCounter: Whose online measurements can you trust?")

Part of the attraction of this data is the pure horse-race aspect of it. It's easy pickings for journalists, and if you're a fan of a particular platform, you want bragging rights when your horse pulls ahead.

But there's a more practical reason why this data matters. For software developers and website managers, knowing which operating systems and browsers your customers and prospects are using matters a great deal.

The good news for website developers is that modern browsers generally do a good job of rendering standard HTML. For visitors using recent versions of Internet Explorer, Chrome, Firefox, and Safari, most websites will just work.

The bad news is that not everyone is using a modern browser. When I dug into the detailed browser versions reported by Net Market Share and StatCounter for December 2013, I found a depressingly large number of versions still in use. Here's what the StatCounter data looks like, with outdated browser versions in red and up-to-date versions in green.


A note about methodology: For Chrome, I considered the most recent version, in this case Chrome 31, plus the one immediately prior, as up to date. I did the same for Firefox, with versions 25 and 26. (I also considered any higher versions from the beta and developer channels as up to date.)

Both of these independent browsers have automatic update mechanisms that do a good job of making sure the most recent release is applied relatively soon after it's released. But even then, some users resist. Roughly 10 percent of Chrome users have apparently turned off automatic updates, and nearly 20 percent of Firefox users are still using out-of-date versions. Of all pageviews that StatCounter tags as coming from Firefox, roughly 1 in 20 is from a version that's more than two years old.

But the picture isn't so rosy when we look at Microsoft's Internet Explorer and Apple's Safari.

For Internet Explorer, I count versions 10 and 11 as up-to-date. Microsoft introduced automatic browser updates two years ago this month. Anyone using Windows 7 received Internet Explorer 9 in 2012 via Windows Update and should have received Internet Explorer 10 last year, with Internet Explorer 11 appearing as an automatic update in recent weeks. Windows 8 shipped with Internet Explorer 10, and the free update to Windows 8.1 includes an update to Internet Explorer 11.

The good news is that IE6 and IE7 have nearly dropped off the map. The bad news is that versions 9 and 10 are still unreasonably popular. Why, according to StatCounter, are 14.5 percent of all Internet Explorer users still stuck on version 8? Because that's the latest version available for Windows XP. That outdated, soon-to-be-unsupported OS is saddled with a default browser that will be five years old in March, a month before the OS itself is retired. Likewise, anyone still using Windows Vista is stuck with Internet Explorer 9, which is the latest version supported on that platform.

Apple treats browsers in similar fashion. If you want Safari 7.0, you need to upgrade to the latest version of OS X. Anyone using Lion or Mountain Lion can get version 6.1. For the chart above, I considered Safari 6.1 and 7.0 up-to-date. Apparently a surprising number of people running OS X Lion and Mountain Lion have ignored the free update to Safari 6.1 and are still using 6.0. And anyone using OS X Snow Leopard is stuck with Safari 5.1, which was originally released in 2011.

All those outdated browsers make web development messy, and they come with security risks too. Apple and Microsoft need to get more aggressive about the way they deliver browser updates, ideally decoupling them completely from operating system releases. The sooner we can get those old clunkers off the road, the better we'll all be.

Topics: Web development, Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Compatibility ...

    some business apps and home grown web based apps don't like newer browsers much (compatibility mode takes care of most problems, but not necessarily all). IE 10 looks pretty workable, but if your company has been struggling to keep it's head above water the last couple of years, browser updates have taken a back seat to more revenue generating tasks.
    • Not to mention

      Microsoft stopped making new IE versions available quite a while ago even on versions of Windows that are currently supported.
      • Depends on what you mean by supported.

        Microsoft has stopped making new versions of IE available on Windows versions which are out of mainstream support.
        • Sure, but...

          ...remember how long it took for Microsoft to make IE10 available on Windows 7? It's been months after Windows 8 was generally available, so you had to upgrade the entire OS if you wanted to use the new version earlier. I'd suspect that this happened not only because of technical issues but was a deliberate decision to push people to upgrade to Windows 8.

          It's been better with IE11, though. It only took some weeks until they released it for Windows 7, but it's not available for Windows 8, for example. Again, you have to update the entire OS to get it. I know, Windows 8 and the 8.1 update are quite similiar and 8.1 can been seen like a SP+ for Windows 8, but still it shows the update politics in case of IE are too complex and limited and unnecessarily bundled to a specific OS release.
      • All active (mainstream)

        versions of Windows get browser upgrades. Those that have fallen out of mainstream support (new features and bug fixes as well as security patches) into extended support (security patches only) don't get any new features.

        New versions of IE are new features, not securit patches, so won't be available for extended support versions.
      • No they did not

        They stopped making the latest version of IE available on Windows versions that are out of mainstream support (which means XP and Vista currently). However the latest version of IE still capable of running on XP (IE8) and on Vista (IE9) are still supported and fixed in case of vulnerabilities.
    • Compatibility and OS

      I think most users either find that a older version works better or that they are reluctant or unable to update to a newer version because of the OS they are using. This is especially true for Internet Explorer. Chrome Browser is probably the best example of forced updates although Apple also tries to push Safari as well to users. Firefox has some stragglers but most keep up with new versions. Again some find issues with Extensions and new versions. I question anyone who says a newer IE is so much more secure as we have seen many times exploits running the gambit of IE versions. IE has improved but a lot of its core goes back a ways. Proving that Microsoft does more refreshes then actually core improvements.
      • IE is more secure when run on Vista and later.

        Due to Protected Mode.
        • Yep..

          Unless they turn all that stuff off. Don't ask.
          • all permutations of group policy will be used somewhere

            It's a corrolary of Murphy's Law.
    • Totally agree..

      Seems like every browser update brings a list of fixes, and then Applications or websites it breaks. IE is one of the absolute worst when it comes to that. Then again, there are a lot of internal applications it seems like IE is the ONLY thing that works. Very frustrating. Toss in the various versions of Java and it makes things even more fun.
  • OK you have that all sown up

    How about now you tell us why they do not want to update and which country they are from etc.
    • USA

      Many govt and large corporate workers don't have a choice and is dependant of their IT folks. I was just refreshed from XP to Win 7 and It came with IE 8... until the feds IT allow the update, nothing can be done. I am sure large private companies are the same way.
      • Thats the problem...IT

        IT is left to tell the users what is good for them. That is why IT is looked as a cost center and not a business partner. IT needs to adapt and be more flexible. I work for a government agency, and it is mind blowing how they talk about security, yet Flash and Java (huge security threats) are never updated.

        It must become a working partner with or they will be left outside looking in. this is why the whole BYOD is popular. IT is stuck in the past.
        • The problem is historical websites, and internal apps.

          I can tell you that Oracle's EBS seems to always be behind 1 or 2 releases. SharePoint, has it's issues unless, you patch. The list goes on and on. So you can't go to the latest releases out of the gate.
  • Administrators

    One problem is admin rights. Most business PCs are locked down and only get updates as and when the admins get around to rolling out updates or installing them. Terminal Server is another area where even Firefox and Chrome can fall behind, because the users cannot update themselves.

    I think 25 -> 26 was the first update on Firefox that didn't ask me for the administrator's password.
  • Supported vs. Not Supported

    I'd be curious to also see a chart of users using supported versus not-supported versions. An older browser version in the wild isn't as much of a security problem if it still is getting security patches from the vendor but one that is in active use but is NOT getting patched for security fixes is a threat to the whole Internet community since it becomes a probable entry vector for botnets.
    Mike Galos
  • Part of it is Apple and Microsoft, but another large part of it

    is IT shops that insist on year long evaluation procedures, rather than permitting automatic browser updates. Corporate IT really needs to learn to be a bit nimble, and even a bit tolerant of the fact that maybe some part of the Intranet will go wonky at unexpected times. (If Intranet devs start coding to the W3C standards, they won't have that problem either.)
    • I disagree.

      A business PC is intended to support the business, not the user. Therefore if the internal applications require an older version of a browser then that's the browser which should be used. Browsing the web is, generally speaking, not a business function.
      • Nonsense

        Most IT shops are terrified of installing binary local apps, and get the corporate devs to do it all Intranet style. Browsing is most DEFINITELY a business function.

        Companies that avail themselves of the ability to use the latest web technologies are companies whose empowered workers are a step ahead of the competition. Corporate IT administrators have security duties, but those do not come at the expense of a company's ambitions. Anyone who ignores this does so at their own peril.