Conversely, before automatic updates web developers were stuck supporting Internet Explorer for the best part of twenty years. Many of the people using it had neither reason or knowledge to update it, and it became the reason my parent's computers got riddled with malware.
There's a sensible middle ground here. Take the paternalistic approach that (generally) protects people like my mum. Add settings that allow people like you and me to turn off updates or roll backwards. Push the people controlling the updates (like the Chrome store) to better protect their users.
Users need to be motivated to upgrade. If their current software works sufficiently on the sites they care about, then they have no need to upgrade. If the sites themselves are enabling this behavior, by bending over backwards to work on with old browsers, then they are part of the “problem”.
I don’t like automatic updates and generally keep them disabled. Software upgrades tend to reduce functionality and instead force unnecessary UX redesigns on users, so I’d rather avoid them. I wish developers had the [EDIT: incentive] to release security patches independently from functionality changes, but few do that anymore, sadly.
It's been an age since I've worked in an agency, but back in the IE era, at least once a month a dev would ask to use a 'modern feature'. Something to support some a new piece of design from the design team, or save hours or days of dev, or remove the need for hacky 'fixes' that could be done cleanly with modern browser support.
So off to analytics they would go. "X thousand users are using IE8. We're converting at X%. Removing support for IE8 just means these people will shop elsewhere and we'll lose X thousand pounds a month. You need to support IE8."
Believe me, I wish it was as simple as saying developers are "part of the problem," because it would be an easy fix. But try selling that (without a huuuuge struggle!) to the person who holds the purse strings.
Sadly the new features usually only came on new sites. It's much easier to push it through when you're not cutting off an existing income stream.
Despite automatic updates, web developers are still stuck with Safari, IE, old android browsers and old edge. Automation doesn't help with bugs and functionality if there are just no updates to be installed that fix bugs and bring new functionality.
>Conversely, before automatic updates web developers were stuck supporting Internet Explorer for the best part of twenty years. Many of the people using it had neither reason or knowledge to update it, and it became the reason my parent's computers got riddled with malware.
The failure is not that of Internet Explorer, but rather the OS in which it runs, which has a faulty security model. No operating system should trust executables with everything by default.
I would say that "protecting users from applications" (or at least, external attackers) has been commonplace for maybe even two decades now, ever since major malware 'plagues' of the early 2000's (pre-SP2 Windows XP) like Blaster or Sasser.
That said, in that era it was often assumed (more so than now) that software the user installed himself is trusted.
The major problem with internet explorer was that it was impossible to update without updating windows which costs money so most people and organizations didn't do it.
There's a sensible middle ground here. Take the paternalistic approach that (generally) protects people like my mum. Add settings that allow people like you and me to turn off updates or roll backwards. Push the people controlling the updates (like the Chrome store) to better protect their users.