Internet Explorer's woes can be put to good use

Internet Explorer's woes can be put to good use

Summary: Whether it's safer to stick with Internet Explorer or switch away, a middle way has its advantages

TOPICS: Security

After Google came under attack from China, national bodies in both France and Germany have recommended their citizens avoid Internet Explorer. Yet only the Germans have a word for the main global side effect: schadenfreude.

There is little that adds to the gaiety of nations quite so much as Microsoft being caught with its trousers down. Perhaps it's the company's tendency to ponderous pomposity that enhances its deflation; perhaps it's the sheer irritation many feel at its relentlessly upbeat assessment of its own merits.

None of this should blind us to the company's genuine achievements. Both Windows and Internet Explorer are reasonable products, equal in many respects to their peers. And don't forget Firefox has had plenty of security problems of its own — not all of them silently installed by Microsoft.

However, there has been another, less widely appreciated side effect: a modest but significant number of press releases from companies saying that the French and Germans are over-reacting, and that switching from IE can cause more problems than it solves. Think of the support costs. The unexpected security vulnerabilities. The incompatibilities. The training requirements.

These people are united in their concern for companies who may unthinkingly enter the dangerous world of alternative browsers. They are also united in their business model, which involves selling extra security software and services to Microsoft users. It's a good business. One can see why they're keen to keep it.

Moreover, their proposal — that any change is laden with unforeseen danger — has merit for conservatives, popes and civil servants. We haven't polled the Vatican, but we know that IE6 remains popular in Whitehall. However, we would like to suggest a middle way between switching and sticking, one with benefits even for outfits with a very buttoned-down attitude to desktop IT.

It's simple. Let those users who wish, run IE and an alternative browser in parallel. There'll still be the risk that the alternative browser will be struck by some dreadful attack while IE remains safe, but evidence suggests this chance is moderate indeed. If the users can't understand or use the other browser, then nothing has been lost. And there's no problem if the other browser proves incompatible with some internal systems — except, perhaps, a bit more pressure to build those systems to proper standards.

On the plus side, if IE breaks or is attacked, the users have a backup in place and ready to fly. It could even result in fewer support problems, as the more experimentally minded will try both browsers when an online service is proving problematical, narrowing the issue down.

As always, the best response lies in plurality, in keeping options open. If the current flap over IE, for all its hype and schadenfreude, does nothing but convince companies to change a few rules and try something new, it will have been worth it. Is gut, oui?

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Agreed, mostly

    I generally agree with this - I am certainly in favor of more choice and more flexibility. The one thing I would point out is that while it is true that an alternative browser might be struck by some serious security problem while waiting for IE to finally be fixed, it is at least equally possible, and probably more likely, that IE will be struck by yet another serious problem during the same time frame.

    In fact, on second thought, I would disagree with at least one other part of the article - i do not beleive that Internet Explorer provides equal value to at least the four major alternatives. I honestly believe that Firefox, Opera, Chrome and Safari are all superior to Internet Explorer, and provide better "value" to users.

  • If anything...

    This just proves that people shouldn't build business upon dependencies of closed standards of any sorts, closed standards served there purposes well long ago before the net, but times have changed and its the wrong peace for the hole now.
  • You can't plug holes in a sinking ship with chewing gum

    Many of the points made in this article, when taken in isolation, are good ones. However, I'm sorry to report that I disagree with the overall gist of the report.

    While it's true that all browsers have had their share of vulnerabilities, only IE (6, 7 or 8) is so closely built in with the bricks of the operating system files that IE and not another browser is most often an integral part of zombie networks. In addition, the article linked to regarding Firefox is actually to do with a plug-in for Firefox compatibility with MS .NET and was installed on millions of machines by Microsoft update. Obviously MS do not spend too much time testing either their own output or those of partners etc. before the automatic updates get them out in the public.

    I cannot understand why there is so much reluctance to blatantly state that alternative browsers MUST be used. What's the point in using Opera or Firefox whilst keeping MS IE? There is no really valid reason for suggesting this, and in fact to state that MS IE would be available if your chosen alternative browser broke is a nonsense (in real world terms).

    And remember, in this case we're talking about a serious issue that has caused serious problems, not just the discovery of a theoretical vulnerability. It is being exploited in the wild even as we speak.

    Make the break from faulty software before the faulty software breaks your business.

    Fat Pop Do Wop
  • IE6's big advantage

    Large organisations must control what software is on their systems.

    The reasons are many, mostly related to having a large user base:

    Rule 1.
    Users cannot install any software they fancy.
    Security, licencing and support issues are some of the entirely reasonable reasons why not.
    Common sense does not apply, because in a large organisation, the people without this handy feature eventually outnumbers the support team. In other words, the support team get hammered

    The outcome of rule 1 is:
    Rule 2.
    Authorised software must work properly.
    If it doesn't then it will break; the support team get hammered.

    This leads to:
    Rule 3
    All software must be tested.
    If it isn't then it will break; the support team gets hammered.

    and hence:
    Rule 4
    All software upgrades must be tested.
    You can probably guess what happens if they aren't tested. Yes, something, somewhere, breaks, and the support team get hammered.

    For a web browser "testing" means someone testing every single business-critical web application used by the organisation. And even then someone's non-business critical web application will fail, probably resulting in the support team getting hammered.

    If you allow users to have two browsers, then the workload for testers doubles.

    So IE6's big advantage for these large organisation is that it does not get upgraded.
    Functionality, security and standards are hugely outweighed by this.

    Perhaps what is needed is a browser which is guaranteed to never be upgraded. It can be as slow and simple as you like as long as it is bombproof.
  • It's not what's best, it's what's possible

    Everyone's right, of course - you can just move to an alternative browser and it'll probably be better for you, and you can just stick to what works and never move on, and that'll work for you too.

    The reason it's a good idea to run two browsers in parallel is that it gets the best of both worlds. You make it perfectly clear that the other browser isn't going to be supported, on the grounds that any user that's going to have the gumption to install another browser is going to have a good chance of being able to find other help if necessary (and if not, it's not your problem). Set rules ("Make sure the latest patches are installed") which in any case will be the same as if you're letting users in over the VPN from home.

    IT departments, and companies in general, have to stop seeing employees as problem monkeys set on causing damage, and start to see them as useful resources that can help make corporate IT work better and more efficiently. Engineering company culture and policy to let that happen may be the biggest hurdle.
  • But is it their job?

    The only issue there, Rupert, is of course whether you want to encourage end users to go around installing software, trying things out and so on, when they should doing stuff they're paid to do.

    Despite my technophilia, I might be a tad peed off if my staff started playing around with software when they should be churning out reports (or whatever) - especially since there's probably 20% fewer people now than a year ago, all trying to do twice as much work...
    Manek Dubash
  • You have to be sensible about it...

    ... and if you find that people aren't doing their job because they're faffing around online (surely not!) then that's something to deal with.

    The question is: if you tell your staff that they can run another browser apart from IE, provided they expect no support and keep it up to date, will the result be beneficial? I think that, in general, it will. Not risk-free, but potentially capable of improving productivity. And I know expert users in very locked-down companies who are really, really miserable that they can't use FF with their favourite plug-ins, because it would make their jobs much easier... and, ahem, isn't that the point?

    And if you don't fancy having everyone at it, try it on a pilot group, or one department, or whatever.

    Corporate IT needs more involvement and feedback from its users, not less. The places that need it most are those with the most conservative rules. IE proving itself a liability may be a starting point towards a more enlightened, and productive, approach.
  • Pandora's Box

    The only trouble with these kind of ideas in the world of large organisations is the effect they have on users.

    People have been reported as being depressed after watching "Avatar" when they contemplated that Pandora didn't exist.

  • better "value"

    "I honestly believe that Firefox, Opera, Chrome and Safari are all superior to Internet Explorer, and provide better "value" to users."

    I totally agree.
  • Two Browsers?

    I'm still disappointed with some of the posts. If there's advantage in having a plurality of browsers then why not use say Firefox and Chrome? Or three? Add a text-only browser because that's so interesting.

    I still don't see the need for one of your browsers to me MS IE.
    Fat Pop Do Wop
  • IE6 Big advantage

    I totally agree with all 4 points on this one. Being a member of the Support Team for the Education Department, 5 years ago we trusted certain members (teachers) to handle the IT in their school, only to discover that the admin account details were passed onto other teachers in the school (and sometimes pupils) to allow them to install programs which they claimed were needed. And of course, when it didn't work, the support team always had a job getting rid of 'other unwanted' programs which were installed alongside (all different versions of browsers installed with 'toolbars' etc) and conflicting with other software which did the same job. Needless to say, the support team now does not allow anyone but ourselves to install anything due to this. Since this action I can safely say that the PC's and networks run much more smoothly since we taken control back from the schools, making our job much much easier. You can't just let anyone, install anything nowadays onto networks without first being tested. Prime example is the latest 'sparklebox toolbar' which is used for Education resources, but as we discovered 'uploaded data' in the background about the PC, and wasnt able to identify exactly what this data was. Oh, and the owner of the toolbar has just been jailed for downloading indecent images of children. I dread to think.
  • IE has a place

    I feel as if I've ended up as the IE cheerleader - an odd spot to be in since I don't use it if I can help it. My daily web tool is Firefox.

    But there are occasions - still - where I need to run IE. Infrequently, but not never. Some sites insist on it. It's all very well saying 'don't use that site' but it's a financial site that I'll lose other benefits from if I shift. In that context, running IE once a month is not such a hardship. IE6 maybe. IE8, not much.

    Additionally, at times Windows itself insists on using IE for its own purposes. No getting away from that one.

    I don't run it on the Linux box of course :) but on a Windows box, it's inescapable. Live with it...
    Manek Dubash
  • IE's role as a thorn in the side

    Yes, I use it too - when I have to. As work is a Windows shop, it's there on the desktop (although I don't use it at all); at home, I've got XP and Windows 7 running under VirtualBox on Ubuntu, and I only use those for IE (and iTunes, 'cos I've got an iPod and can't be bothered to try and keep up with the arms race between open source and Apple).

    IE is necessary because Microsoft cripples Outlook Web Access for non-IE browsers (I understand they may have relented on the most recent version, but of course it takes a long time for that to percolate through the corporate upgrade process).

    I could (and probably will) go on for a very long time on the number of ways MS deliberately engineers Outlook/Exchange in ways that diminish the user experience but benefit Microsoft, but I suppose it's good that it's a daily dose of pain to remind me why open source, for all its infelicities, makes my time on earth better than it might be.
  • There's no...

    ...argument there! As they say: I feel your pain :)
    Manek Dubash