In Praise of Modularity (Again)
News that Firefox users tend to be more up-to-date with their security patches is interesting, especially for on account of the suggested explanation:Much of this patching success has to be credited to Firefox's automatic update mechanism, which debuted in version 1.5 but was improved in version 2.0. The browser checks to see if a new version is available and notifies the user when it finds one. The security updates tend to be small (around 200KB to 700KB), which also makes the updating process less painful.
Internet Explorer, in contrast, is typically updated along with the rest of the system with Windows Update. Regular users of Windows Update automatically got upgraded from IE 6 to IE 7, so it is not surprising that people still stuck on IE 6 are not updating as much as IE 7. It's possible to assume that many of the people who aren't using Windows Update are avoiding it because the Windows Update web site checks (using WGA) to see if the user has a legitimate copy of the operating system, but as critical updates for IE 6 are still automatically downloaded by Windows even if WGA fails, it seems more likely that the numbers include legitimate users who have turned automatic updates off.
Once again, the virtues of modularity become clear - and turn out to have very clear real-world benefits too, in this case.