ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

For security reasons alone, you should ditch IE6

By | March 4, 2011, 12:58pm PST

Summary: Microsoft has an aggressive initiative to kill Internet Explorer 6, the 10-year-old browser version that has outlived its usefulness.

Microsoft has an aggressive initiative to kill Internet Explorer 6, the 10-year-old browser version that has outlived its usefulness.

The Twitter message above links to a special web site aimed at helping businesses upgrade to newer versions of Internet Explorer.

[ SEE: Microsoft: Friends don't let friends use Internet Explorer 6 ]

A big part of that story is security.  Internet Explorer 6 is riddled with security vulnerabilities and does not contain many of the necessary anti-exploit mechanisms in newer IE versions.  Microsoft’s new site mentions the security angle as well:

The web has changed significantly over the past 10 years. The browser has evolved to adapt to new web technologies, and the latest versions of Internet Explorer help protect you from new attacks and threats.

I just looked at the ZDNet Zero Day stats for February 2009 and saw that we still have a few stragglers reading this blog on IE 6:

Keep in mind that the famous Operation Aurora targeted attack that hit Google, Adobe, Juniper and countless other U.S. companies actually exploited a vulnerability in IE6.

This browser version needs to die.  Please spread the word.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Microsoft Internet Explorer 6, Ryan Naraine, Security

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

25
Comments
Add Your Opinion

Join the conversation!

Just In

RE: For security reasons alone, you should ditch IE6
LTV10 7th Mar 2011
Kill WinXP and you will kill IE6!

@Cylon Centurion 0005 The Chinese aren't going to cater to your whims Nor will they cater to your Win7 sales quota for that matter. You will just have to live with it.
View in thread
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
Cylon Centurion 4th Mar 2011
Kill WinXP and you will kill IE6!
0 Votes
+ -
Oooh
klumper Updated - 4th Mar 2011
@Cylon Centurion 0005

Wonder how I ever got IE7 or IE8 - or any other arguably better non-MS browser - on the WXP machines I've built? hmmm lemme ...

*THINK*
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
Cylon Centurion 4th Mar 2011
@klumper

I am thinking. And in this point, if you look at the stats Microsoft provided, it is all but the third world (China being the biggest offender) keeping XP and IE6 usage share so high.
0 Votes
+ -
No
klumper Updated - 4th Mar 2011
@Cylon Centurion

Just IE6. Don't oversimplify things by lumping XP + IE6 together, like they're fused at the hip. Even relatively novice PC users upgrade their browsers, and have been doing so going back to day one. Haven't you?

I shouldn't have to remind you that such bump-ups are also pushed through various Windows updating mechanisms. IE6 remains big where 1) 3rd world piracy flourishes (mostly China) and 2) where MS allows such offerings for next to free, for their PC-illiterate taking (mostly China). You know, like a pusher does to a junkie. Initially. [They'll worry about any potential "leveraging" later].

XP remains popular everywhere peeps and businesses want to save a buck, and for anyone not riveted to the Windows treadmill (ok, and in the Mongolian backlands). You want me to shock your monkey and build you a SECURE and fully patched XP config, just to prove it can be done? I'm on such a unit as we speak, sans AV. *GASP* But it doesn't include running an outdated browser.

Now don't let any of this break your heart, there's an NT6 unit or two around here I fire up a-plenty too. wink
0 Votes
+ -
Same mistake... as always...
cosuna Updated - 7th Mar 2011
@Cylon Centurion 0005 : you make the same mistake most analysts and techno-bablers do when addressing Windows XP and IE6.

Most of you think that upgrading is just a matter of hitting the "upgrade" button on any Microsoft page to download the better browser.

Wrong! Dead Wrong! IE6 is really here to stay. Why? Because tens of thousands of internal programs--mark my words, there, internal in-house developed programs--behind the firewall, proprietary web pages only work with IE6. But they can't move forward 'cause Windows accepts one IE at a time and IE7/IE8 renders things in a different way, thus breaking those internal sites. With that said, all Microsoft stats about IE6 are wrong, 'cause no one--in its right mind--accesses the Internet with IE6.

Microsoft never figured that if they were going to be the market leader and "de-facto standarist" they would have to be faithful and jealous to their standards, even if they were against the modern trends.

Witness IBM's stance. z/OS still allows COBOL 1985 programs. IBM i (AS/400) can still be programmed in RPG III developed for the System/38 (in 1979). They not only support them, but have created intermixed solutions to allow safe inhabiting of both systems (aka RPG IV or ILE RPG allows C++ to be intermingled with old tabular style RPG).

Not Microsoft. Then wanted to move forward. But forgot to look back. Their problem, not ours.

In the mean time, just like in my machine: all internal web pages are rendered using IE6, all external Internet stuff is left to Firefox. Best of both worlds.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
LTV10 7th Mar 2011
Kill WinXP and you will kill IE6!

@Cylon Centurion 0005 The Chinese aren't going to cater to your whims Nor will they cater to your Win7 sales quota for that matter. You will just have to live with it.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
Grayson Peddie 4th Mar 2011
Will you please include the legend for the pie graph? Stats are meaningless without it, even with IE6 mentioned in it.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
statuskwo5 4th Mar 2011
@Grayson Peddie I was thinking the same thing. That graph is pretty bad.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
DannyO_0x98 4th Mar 2011
@statuskwo5
I liked the colors.
0 Votes
+ -
Again, it's been only 5 years since EI7 was released.
jacarter3 4th Mar 2011
And the Internet hasn't changed that much except that everyone now knows the vulnerabilities in IE6. What we don't know are all the vulnerabilities that are in IE8, ESPECIALLY when used on an XP platform.

Personally, I use IE ONLY for updating my XP machines and have had that policy in place since XP was introduced. Perhaps I SHOULD worry about vulnerabilities in IE6!

LOL happy

Methinks that thou doth protest too much.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
iluvmsft Updated - 4th Mar 2011
http://www.ie6countdown.com/

based on the chart, most ie6 users are from China, India and Saudi Arabia. Probably they are still using old hardwares. New Softwares and OS requires new hardwares. I think that is one of the main reason that XP (and ie6) cannot be killed easily.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
alsobannedfromzdnet 4th Mar 2011
You won't see the hundreds of XP machines using IE6 we've got at work, they are locked down tight and this site is inaccessible, everything is inaccessible apart from the company intranet.

It sucks.

Good thing I can pull out my iPhone and break free, so you'll see that instead.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
bradavon 5th Mar 2011
@ klumper: IE along with plenty of MS Apps pushed through Windows Update is an optional download, no matter how you've got your Windows Updates set.
0 Votes
+ -
Clarification
klumper Updated - 5th Mar 2011
@bradavon

As long as the notification appears as a high-priority update via Automatic Updates (AU), as IE7 and IE8 have, and as opposed to something one would have to hunt down on their own, the solution remains at hand. These updates are also offered via the Windows Update (WU) and Microsoft Update (MU) sites.

As for those who don't opt in when given the choice, well, the same kind of decision-making applies when it comes to using the seatbelts in your car, no? wink

Reference:
IE7 to be distributed via Automatic Updates
http://blogs.msdn.com/b/ie/archive/2006/07/26/678149.aspx

Prepare for Automatic Update distribution of IE8
http://blogs.msdn.com/b/ie/archive/2009/04/10/prepare-for-automatic-update-distribution-of-ie8.aspx
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
Chipesh 5th Mar 2011
IE6 was very secure.
All the vulnerabilities were only because of its popularity.
The same with Windows and Linux.

Wasn't this is what all the Microsoft sheep told us at the time ?

When a new version of Windows or IE comes out the previous arguments disappear to fit in with Microsoft's financial needs.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
Martmarty Updated - 5th Mar 2011
@Chipesh
All the vulnerabilities were only because of its popularity.
The pie chart above, though lacking in legend, tells us that IE6 is one of the LEAST popular at the moment. But I agree, it was previously popular during its release. And has the biggest chunk long time back.

When a new version of Windows or IE comes out the previous arguments disappear to fit in with Microsoft's financial needs.
The only sentence which I think I'll agree.

The same with Windows and Linux.
http://www.zdnet.com/blog/open-source/ubuntu-security-holes-found-holes-fixed/8402?tag=mantle_skin;content
I wonder what's your opinion on this.
You seem to be hiding when your favourite OS is on the hot seat. (you see, lots of bugs unearthed there even if it doesn't have a huge chunk of the pie, what more if its being played and tinkered with by nearly everybody on the planet)
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
Chipesh Updated - 5th Mar 2011
@Martmarty
My opinion is that it reaffirms my beliefs.

Insomuch as it's relevant to our transient existence, I really believe in the beliefs that underpin Linux.

Microsoft represents all that I don't believe in, a company based on lies and corruption, a company that stagnates progress for short term profit.

Microsoft is and always has been about Microsoft.
The gullibility of Windows users saddens me, but such is the way of the world.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
CobraA1 6th Mar 2011
@Chipesh

"IE6 was very secure."

Relative to Netscape Navigator, perhaps.

But I'd bet Firefox, Chrome, IE8, IE9, and Opera against that claim today.

"When a new version of Windows or IE comes out the previous arguments disappear to fit in with Microsoft's financial needs."

Yeah, just forget all of the well documented security changes in the last few years. Ignore those technical papers, they make your brain hurt too much.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
Chipesh Updated - 6th Mar 2011
@CobraA1

Looks like my comments went straight over your head.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
CobraA1 7th Mar 2011
No Chipesh, I know you're just taking a cheap shot against Windows. It's too easy to lump everybody in the same category and hate them. Which is what you're doing, and it's a big disservice to the community.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
ardenthash 5th Mar 2011
Install Linux
Use entire partition
Use Links as web browser
??????
PROFIT!!!
0 Votes
+ -
I'm curious how much of this is really about pirated Windows copies?
UrNotPayingAttention 5th Mar 2011
The IE6 countdown graph? a definitive majority of IE6 users are in the same areas where software piracy, particularly XP, is rampant. i would think that's more than just a coincidence?

After all, isn't it a prerequisite of installing IE7 or higher, sp2 or sp3, to pass genuine?
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
VRSpock Updated - 7th Mar 2011
@chmod 777
Perhaps Microsoft will issue a shutdown command to all Windows XP machines still running IE6 after a certain point (because they obviously are failing the genuine advantage check). It would be very funny if they did.
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
CobraA1 6th Mar 2011
"Microsoft has an aggressive initiative to kill Internet Explorer 6, the 10-year-old browser version that has outlived its usefulness."

Define "aggressive." Annoyingly enough, too many people are still using it.

"I just looked at the ZDNet Zero Day stats for February 2009 and saw that we still have a few stragglers reading this blog on IE 6"

Yeah, you're a tech blog, so that number is low. Unfortunately, it's much higher elsewhere sad.

"This browser version needs to die. Please spread the word."

Absolutely. It needs to die. I agree. IE8, IE9, Firefox, Chrome, Opera, anything but IE6. IE6 needs to go away!
0 Votes
+ -
RE: For security reasons alone, you should ditch IE6
VRSpock 7th Mar 2011
My company's intranet website complains because I don't have IE6....LOL

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix