If IE6 decommissioned; Google attack may never have happened?

Exploit-ridden IE6 should have been replaced through a compulsory upgrade to IE7/8 long ago, significantly reducing the risk of a 'China-style' attack,
Written by Zack Whittaker, Contributor

There are many, many variables and factors involved in the China/Google attack which has been extensively covered here on ZDNet (see the special report); probably more so than I can recall of even consider. Dancho Danchev has pulled together all of the content into a full FAQ for your reading pleasure.

I hate to say, "I told you so" and perform my ritualistic victory dance, but I saw this coming a long time ago - albeit not on this scale.

My selfish perspective is that of the academic community. We all knew long ago the insecurities and issues that Internet Explorer faced, which led me to pose the question as to whether Internet Explorer had ever been safe. This along with performance issues led me to ending my relationship with the browser.Even though I thought Firefox would be more "less secure in a university environment", I still hoped that Firefox 3.5 would wean universities and the academic community off the world's most used browser.


I finally asked if the life support machine could be pulled from Internet Explorer. What I should have clarified at the time was even though my nit-picking is with later browsers, at least they are far more secure through underlying technologies than the bane of our lives - Internet Explorer 6 - which should have been pulled long ago.

Had it been, maybe we wouldn't have seen the massive attack on Google and other major players in the technology arena. While IE7 on Windows XP could also be exploited, it nonetheless still boils down once again to Internet Explorer 6.

Had Microsoft, even governments should it had been necessary to impose their mighty hand, cut IE6 from the world's computers, perhaps this wouldn't have happened. Upgrades to the browser had been optional through downloads and automatic updates, but had they been compulsory (and not just a high priority which could have been cancelled), the chance of an attack like this would have been significantly reduced. Maybe the major corporations attacked in this recent event would have taken the upgrade, instead of leaving it, had the upgrade been mandatory.

My theory is that Microsoft was desperate to hold onto the browser marketshare, and if letting Internet Explorer 6, with all its vulnerabilities and exploits stand with it in order to maintain that share, then that would be a risk it would have been willing to take.

Should IE7/8 have been a compulsory upgrade, instead of being just a high priority one?

Editorial standards