Perhaps someone should maintain a list of vulnerable versions of software (similar to bugtraq) and then whenever a browser executes an external program it could be checked against this and display a warning.
As a side note I don't think we've successfully educated users on how important updated software is to security.
I know a number of people who have disabled automatic updates for anything on their computer (often on the advice of more IT savvy friends).
I think this is often because of a fear that automatic updates for software may apply unwanted changes to the software functionality or occasionally break things.
Security updates and general updates need to be cleanly seperated.
I agree with the separation. Two separate checkboxes for disabling regular updates and security updates, would probably stop most users from disabling security updates.
>Security updates and general updates need to be cleanly separated.
Debian is very good at that BTW. At least they were when I ran Debian in 2006. (And you can use a 56K modem to keep a Debian box updated with security patches; can't do that with OS X or even Arch Linux.)
The problem is that we are probably not the target users here.
We can disable plugins and then selectively re-enable them (we probably keep them upto date anyway) but many people are going to get annoyed if they try and access something that uses (say) flash and it doesn't work immediately.
As a side note I don't think we've successfully educated users on how important updated software is to security.
I know a number of people who have disabled automatic updates for anything on their computer (often on the advice of more IT savvy friends).
I think this is often because of a fear that automatic updates for software may apply unwanted changes to the software functionality or occasionally break things.
Security updates and general updates need to be cleanly seperated.