

The dirty secret of browser security #1 - TheCowboy
http://scarybeastsecurity.blogspot.com/2012/01/dirty-secret-of-browser-security-1.html

======
jiggy2011
Perhaps someone should maintain a list of vulnerable versions of software
(similar to bugtraq) and then whenever a browser executes an external program
it could be checked against this and display a warning.

As a side note I don't think we've successfully educated users on how
important updated software is to security.

I know a number of people who have disabled automatic updates for anything on
their computer (often on the advice of more IT savvy friends).

I think this is often because of a fear that automatic updates for software
may apply unwanted changes to the software functionality or occasionally break
things.

Security updates and general updates need to be cleanly seperated.

~~~
vibrunazo
I agree with the separation. Two separate checkboxes for disabling regular
updates and security updates, would probably stop most users from disabling
security updates.

------
obtu
This page lists installed plugins, finds those that are updated and tells you
where to get updates:

<https://www.mozilla.org/plugincheck/>

Though that isn't as newbie-proof as what Chromium does (blocks outdated
plugins, though they an infobar allows running them from the current page).

------
Yaggo
One reason why I keep plugins disabled in Safari.

~~~
jiggy2011
The problem is that we are probably not the target users here.

We can disable plugins and then selectively re-enable them (we probably keep
them upto date anyway) but many people are going to get annoyed if they try
and access something that uses (say) flash and it doesn't work immediately.

