Why Don’t People Update Software?
This question applies to personal software more so than IT-supported software.
I understand the complexities involved with taking updates to software that IT is on the hook to support. What I don’t get is why people aren’t more vigilant with their own software, specifically browsers and O/S.
Over the years, updates have become more in-your-face, with good reason. They’re usually bug fixes that you should take to prevent bad things from happening to you on the interwebs. Bugs happen, and you’d think the pop-up message, system tray notifier, or bouncing update icon would be enough to get people to pay attention.
Not so much.
For example, I routinely perform updates on my wife’s computers. I asked her one how she managed to ignore the Mac’s Software Update bouncing icon. That thing drives me nuts, so I’m happy to address it, which usually means taking the update. The only times I wait on an update are when it requires a reboot or when I’ve read people are seeing issues with them, typically this applies to OS X patches.
In the latter case, I’ve learned the hard way.
Reboots are a pain when you’re cranking out work, so I doubt I’m alone in that practice. But, I always make a mental note to go back and install the update.
Why? I guess working in development for a decade helps you understand that updates are generally a good thing.
IT gets this too. We get monthly reminders to take the Windows patches for XP, which is a required step for everyone runing Windows. It just makes sense to patch because the risk of running a vulnerable system can be high. Obviously, this is what botnet masters rely on to build their networks of zombie machines, and they’re still quite successful, even though the software makers do everything they can to scare and annoy people into staying current.
Thinking about this, I wonder if updating is a function of use, i.e. infrequent use leads to a backlog of patches. I suppose if I only used a computer a couple times a week or even once a day, I might not be in a hurry to download large patches and wait for a reboot. That would reduce the utility of my computer time.
Maybe the process is intimidating to people, or maybe they don’t trust updates. Like my wife, maybe they’re just good at ignoring the update notifications; she probably thinks I’ll do it eventually. Plus, being married to me, I’m sure she’s a pro at ignoring noise 
I can’t really come up with the reasoning. Can you help?
So, maybe silent updates are the solution. Research by the Swiss Federal Institute of Technology (ETH Zurich) and Google Switzerland found that within three weeks of the release of Chrome version 1.0.154.48, 97% of users were using it.
The full study, “Why Silent Updates Boost Security” has some pretty interesting information. It could be a bit skewed; after all, Google participated, and Chrome came out on top. Plus, the Chrome accounts for less than 10% of the overall browser market. Still, the silent update that cannot be disabled seems to have legs as a good way to keep people safe, assuming your patch is solid without regressions and without breaking dependencies.
As we all know, that’s sometime a tenuous assumption.
And, Firefox and Chrome still represent a pretty highly skilled user-base.
Beyond the factors that could influence the numbers, the method for signalling updates could matter. IE and Safari updates are delivered in the same fashion as O/S and other software updates, which probably contributes to a lower percent of uptake.
I like the way Chrome does updates. In fact, I didn’t think it had an update function until I stumbled on it by accident, hidden away in the About Chrome dialog. This seems like the best way, at least right now, to force users to stay updated. I’m surprised Apple hasn’t gone this route for at least Safari; it applies to the 80/20 rule of users. The 20% are vocal because they want total control, but the other 80% are blissfully unaware and safe.
What do you think about all this? Why do people skip or ignore updates? Do you? Why? Is the silent update the best way?
Find the comments.
Pingback: Bad Things, Man | Oracle