It's time to stop using IE6
Summary
If your organization is still using Internet Explorer 6 on Windows XP, just stop. Stop it now.
The marketplace is filled with credible alternatives to IE6, including significant updates from Microsoft, but some large organizations insist on sticking with this old, insecure platform. Any IT professional who is still allowing IE6 to be used in a corporate setting is guilty of malpractice. Here’s why.
Topics
Blogger Info
Ed Bott
Biography
Ed Bott
Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.
If your organization is still using Internet Explorer 6 on Windows XP, just stop. Stop it now.
The marketplace is filled with credible alternatives to IE6, including Mozilla Firefox and Google Chrome. If you need to use Internet Explorer because it’s required for compatibility with specific websites or apps, you have alternatives from Microsoft itself. IE6 was replaced with the newer, more secure Internet Explorer 7 in October 2006, more than 40 months ago. And Internet Explorer 8 was released in March of 2009, nearly a year ago. Both browsers have large improvements in usability, including tabbed browsing, but their biggest selling point is security.
Any IT professional who is still allowing IE6 to be used in a corporate setting is guilty of malpractice. Think that judgment is too harsh? Ask the security experts at Google, Adobe, and dozens of other large corporations that are cleaning up the mess from a wave of targeted attacks that allowed source code and confidential data to fall into the hands of well-organized intruders. The entry point? According to Microsoft, it’s IE6:
At this time, we are aware of limited, targeted attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other versions of Internet Explorer.
[…]
Newer versions of Internet Explorer and later Windows releases are at reduced risk to the exploit we have seen due to platform mitigations explained in the blog post below.
Under the “Mitigating Factors” heading, the Microsoft Security Response Center specifically notes that the exploit used in this case does not run under IE7 and IE8 in Windows Vista or Windows 7. You’ve got one extra layer of protection if you use IE8, even under Windows XP Service Pack 3, thanks to Data Execution Prevention, which is enabled by default.
The accompanying blog post from Jonathan Ness of the Microsoft Security Research Center Engineering group is even more blunt:
I want to make one thing perfectly clear. The attacks we have seen to date, including the exploit released publicly, only affect customers using Internet Explorer 6. As discussed in the security advisory, while newer versions of Internet Explorer are affected by this vulnerability, mitigations exist that make exploitation much more difficult.
If your organization is still forcing you to use IE6 on Windows XP, send this blog post to your CEO, your CIO, and every member of your company’s Board of Directors. Be sure to include this graphic:
Yes, this vulnerability will be patched, probably within days. But the next one is just around the corner, or perhaps an exploit is being deployed right now. In 2010, with multiple alternatives available, there is no excuse for continuing to use an insecure Internet infrastructure.
IE6 users, it’s time to move on. Your IT staff has had more than three years to come up with alternatives to IE6. If they can’t handle it, maybe it’s time to replace them, too.
Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications.
Disclosure
Ed Bott
Ed Bott is a freelance technical journalist and book author. All work that Ed does is on a contractual basis.
Since 1994, Ed has written more than 25 books about Microsoft Windows and Office. Along with various co-authors, Ed is completely responsible for the content of the books he writes. As a key part of his contractual relationship with publishers, he gives them permission to print and distribute the content he writes and to pay him a royalty based on the actual sales of those books. Ed's books are currently distributed by Que Publishing (a division of Pearson Education) and by Microsoft Press.
On occasion, Ed accepts consulting assignments. In recent years, he has worked as an expert witness in cases where his experience and knowledge of Microsoft and Microsoft Windows have been useful. In each such case, his compensation is on an hourly basis, and he is hired as a witness, not an advocate.
Ed does not own stock or have any other financial interest in Microsoft or any other software company. He owns 500 shares of stock in EMC Corporation, which was purchased before the company's acquisition of VMWare. In addition, he owns 350 shares of stock in Intel Corporation, purchased more than two years ago. All stocks are held in retirement accounts for long-term growth.
Ed does not accept gifts from companies he covers. All hardware products he writes about are purchased with his own funds or are review units covered under formal loan agreements and are returned after the review is complete.
Biography
Ed Bott
Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.
More from “Ed Bott's Microsoft Report”
Related Discussions on TechRepublic
Did you know you can take part in these discussions with your ZDNet membership?Talkback Most Recent of 161 Talkback(s)
-
ZDNet Blogger
Is your organization still using IE6?
If you work for a corporation that is still using IE6 on XP or Windows 2000, why? Have you asked your IT staff why they haven't moved to a more secure browser?
Ed Bott01/16/2010 06:00 AM -
The UK's National Health Service
These guys should be concerned about the security of their files....
The NHS, the largest employer in Europe, refuses to upgrade to IE7, and deliberately downgrades PCs to Windows XP without upgrading the browser. This is blamed on compatability and finances, and to be fair the companies who make a lot of software for Primary Health Care have done little to make switching easy, if anything. Costs on the other hand is ridiculous, the NHS is a sinkhole for money already this would save time and money.
Security issues have been pointed out and flat out denied by the IT departments. Often the decision to upgrade or not is made by the Health Care Trust in charge but I can say from experience that I haven't seen an NHS machine in the North West of the UK using anything past XP and browsers other than IE6 are discouraged at best.
* I write this as a Junior doctor working in Hospitals and General Practices. My family is in healthcare and we are constantly reminded that we aren't "allowed" to upgrade.
NortherngeekUK01/16/2010 06:49 AM -
I suggest we stop using HTML all together
It started as a bunch of documentation tags. It was never designed to be an APP framework to meet nowadays online app development requirement. The current HTML5 is loaded w/ backward compatibilities that just don't fly at all.
LBiege01/16/2010 03:37 PM -
Partly . . .
I'd agree with the basic point - that HTML/CSS was never, originally,
designed to be the one true presentation layer (at the time it was
conceived, that was probably DisplayPDF).
However . . . the history of IT in the last few decades is that we don't
really get a choice in what technology is used. Windows was the worst
available GUI system (compared to GEMM, OS/2, X-Windows,
AmigaOS, MacOS, and NeXT) - but it thrived.
With Web apps, I've seen my teams productivity become a quarter of
what it was a decade ago - but it is what people demand.
On the other hand, HTML 5/JavaScript 5 do at least approach things
from the perspective of application development, rather than a static
document focus. And far from being backward compatible, HTML 5
deprecates earlier HTML elements (browsers, of course, need to
remain backwardly compatible with earlier specs).
And I can't think of any security problems with HTML itself - as
opposed to, say, CSS Expressions, or some of the flaws that are
inherent in JavaScript's defined behaviour (which V5 will correct - the
ability to protect your objects from modification or access by third
party scripts).
The other alternatives (Flash/Flex) have their known security problems
too.
julian.lawton@...01/19/2010 12:09 AM -
web apps, web services are not going away
To think we should move away from web apps, web
services etc is foolish. Its become a highly
portable, very capable platform for delivering
applications via a network. It also makes the
concept of server deployed apps far more
feasible, easier to manage and deploy. The
problem are companies that are lazy about
upgrading their applications and more so,
companies like Microsoft for not enforcing an
expiration of these older legacy browsers. We
are heading into an age where web standards are
finally reaching some cohesion. Even Microsoft
is following suit with IE8. For years many web
developers have been pleading to get people off
of IE6. Hopefully this time some IT managers
and users will wake up to the problem and
upgrade.
jimk_z01/22/2010 12:09 AM -
Typical Government SNAFU.
I have written before* about the complete ineptitude of UK government projects that are specified and planned by the non-technical bureaucrats. This is just another example of stupidity that will cost a lot to fix (at government prices and tax payer expense.)
*http://talkback.zdnet.com/5208-13604-0.html?forumID=1&threadID=73115&messageID=1417953&tag=content;col1
SNAFU = Situation Normal All F#%ked-Up
Agnostic_OS01/17/2010 03:33 AM -
Don't know of many governments
that are are void of those types of problems
John Zern01/17/2010 03:42 PM -
Our main customers are
Noone in my company uses IE6 besides for testing purpose. However most of us are stuck with Windows XP and this is seriously becoming annoying if not painful. Fortunately, we should start a full migration toward Windows 7 this year. Most of our servers are already running on WIndows 2008 and Windows 2008 R2.
Our main customers on the other hand, are still using XP and IE6 on many of their computers. One of them has reccurent security problems linked to how outdated is their Information System. As both their software provider and solutions consultant, we have been trying since several years to make them upgrade their system. Unfortunately some of their main IT managers are fighting our efforts with a passion. Fortunately, they are considering upgrading to Windows 7 before the end of the next year. So with some luck they will be almost up to date for 2012.
timiteh(Edited: 01/16/2010 07:45 AM) -
re
I don't understand why these IT managers don't at
least want to upgrade people to IE7 or better yet
IE8, Chrome, Firefox etc. I know one of the
reasons is that they may have old internal web
apps that were built specifically for IE6. If
thats the case, don't they realize if they upgrade
to windows 7 (a good thing) there is no way to go
back to IE6? I don't get the logic?jimk_z01/22/2010 12:17 AM -
Intranet sites & testing
I've found the excuse is usually web apps and Intranet sites, often in a semi-abandoned state, where there are fears that changing browser will break them.
Nobody wants to put up the budget to even test the sites to see if the fears are valid, let alone the budget to fix them if required.
It's gotta happen one day, though...
Corporate IT is usually extremely short sighted, at least at most of the large organisations I have worked. It's always seen as a drain on the organisation's budget, a necessary cost that needs to be minimised, rather than something that if you spent and plan wisely can boost your company's performance by providing good tools (e.g. NOT Lotus Notes, heh).
LeoD01/16/2010 07:32 AM -
lol lotus notes
I would probably be close to committing suicide if
I had to use lotus notes =Pjimk_z01/22/2010 12:19 AM -
Nope
We're still running Xp for now but, have switched to Firefox for student browsing.
NStalnecker01/16/2010 12:56 PM -
It's time to stop using IE
I fixed your title.
IE has been the bane of web standards for far too long, it needs to die. It doesn't even have a Firebug equivalent in this world of AJAX. How are you supposed debug AJAX in IE?
T1Oracle01/16/2010 01:25 PM -
its time to stop taking any post of yours seriously
There fixed your messup.
CrashPad01/18/2010 10:48 AM -
HP server management tools
HP Server, network and SAN management tools still require IE6 to manage servers (iLO Advanced with virtual media, Virtual Connect Manager, and so on), so I keep a VM with XP around for that purpose - severely locked down of course. The VM has DNS resolution turned off and has to be configured with a static IP appropriate for the management LAN.
I keep another one for twisted partner portals and management tools that require it, similarly locked down.
Some enterprises embraced .ASP and .NET (and MS Java) very early, and enthusiastically hired contractors to build them line-of-business applications around those technologies to migrate away from mainframes. Now they have neither the source code nor the skills to migrate away from IE6. No matter how much they wanted to adopt Vista they could not - and they did want to top to bottom and bottom to top. They will be among the last to adopt Windows 7 - and they will build in dependency on Microsoft platforms again, forcing a skip of the next generation of OS as well when dependencies for W7 prevent migration again. That's fine for Microsoft though because they're all on SA and are buying the licenses regardless. Sometimes IT is a theatre of the absurd. I have no doubt that the refresh of the HP management tools will require IE8.
These VMs and browsers are special purpose tools like SAE wrenches. They're not for every day use but handy when you need them.
The trap of IE6 continues with IE7 and IE8 BTW, and will continue to do so with ensuing versions. The nonstandard features of Microsoft browsers serve only to create dependency on Microsoft web platforms like Sharepoint and .NET - to our detriment. They ensure that I'll need VMs with version specific browsers from now until my IT career is done. It's sad, really.
There's no excuse for this nonsense. People who aren't Microsoft should know better than to implement web applications as browser dependent tools. They should have known this a decade ago. They get paid to know these things - it's just not professional. There are good standards and they work fine - see Google Maps for a nice example. If your app needs an interface more sophisticated than that it probably should be a client/server app rather than web based. I can see why Microsoft's partner portal requires Silverlight - but I can't see why any non-Microsoft website on the Internet or web management tool does. It's plain laziness.
symbolset01/17/2010 09:03 PM
Talkback - Tell Us What You Think
Get it the way you want it
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Blog Roll
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- A Developer's View
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Five Nines: The Next Gen Datacenter
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- India IT
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
Blog Archive
White Papers, Webcasts, & Resources
- 2010 IT Skills & Salary ReportAre you wondering how your salary compares to your colleagues? Or how ... (Global Knowledge) Download Now
- 10 Dying IT SkillsThere are some things in life, like good manners, which never go out of ... (Global Knowledge) Download Now
- Dealing With Specific Types of Difficult PeopleAbout 10 percent of the typical workforce falls into the category of ... (Global Knowledge) Download Now
