Microsoft's Ryan Gavin recently announced a new strategy to keep the web safe. His message is simple, its all about keeping the Internet Explorer up to date and the company is now going to lend its users a helping hand. That's great news for Windows users , many of whom often don't appreciate the importance of staying up to date when it comes to browsers.
Microsoft has been struggling with these browser stragglers for years. They even ran their own campaign comparing IE 6 to spoiled milk. Creaky old versions of IE leave a considerable number of users vulnerable and simply don't provide anything approaching a sufficient level of defence.
The plan outlined by Gavin will see Microsoft protect automatically upgrade Windows customers to the latest version of Internet Explorer available for their PC. The initiative is set to be rolled out in Australia in January for customers who have turned on automatic updating via Windows Update.
While bringing everyone up to Internet Explorer 9 is a great initiative, and doing so automatically will help things along, there are still some big issues ahead for Microsoft, and if Microsoft updates everyone's browser how will companies like Google have their "Aurora" moments?
Their new policy seems to rest somewhere between Google Chrome's "You don't know it but you just upgraded major versions" and Mozilla Firefox's "You know that our weekly major revision is available, would you like it now? Would ya? Please?"
This could be a big problem for some enterprises that followed Microsoft's advice 10 years ago and adopted a fully-integrated, Active-X, .aspx, optimised for Internet Explorer 6 (or 7!) internal web application.
Most organisations that use Internet Explorer are stuck on older versions because of IE-only proprietary code, and the fact that you can only have one version of Internet Explorer installed at the same time.
It only takes one application. Which is why Microsoft introduced the Internet Explorer 8 and 9 upgrade blocker. This allows you to stay as stale as Internet Explorer 7 if you wish.
Australians will be one of the first to see the automatic upgrades in action, and users who have already said no to IE 8 or 9 will remain at their current version.
Microsoft has said that it will take a measured approach to automatic updates, scaling it over time and its finally good news for web developers, good news for security and most of all a demonstration of why open standards are such a good idea.
Chester Wisniewski is a senior security advisor at Sophos Canada.