Will IE6 security issues finally force organisations to take action?
Now that the security issues of Internet Explorer 6 have been much in the news, especially with the China - Google affair, big companies have put the usage of Internet Explorer 6 high on their agendas. They want get rid of it, but will they succeed?
Recently, another vulnerability was discovered that allows access to files on the local computer, it only works when the file is known to the attacker, but this is often the case with many local configuration files.
IE6, the facts
- IE6 is a relative old browser, the first version dates from August 2001.
- This is very old if you consider that the modern internet only exists since the early 90s of the last century.
- Many large companies are still using Internet Explorer 6 as their corporate web browser.
- IE6 still has a market share of about 20% globally.
- In the nineties Microsoft's major concern was winning the browser war from Netscape.
- When that battle was won, Microsoft thought they owned the web and could dictate what happened.
- Fortunately, new browsers like Firefox emerged and the the next browser war started, but this time with standards in mind.
Update: 11 February 2010.
I just stumbled at this great comic strip about the history of IE created by Brad Colbow, an excellent piece of work, great stuff.
The Life, Times of Internet Explorer 6.
IE6, the actions
Now that the seriousness of the situation has received attention from enterprise companies, the application-, network- and security architects are desperately searching for solutions.
The simplest solution would be to upgrade to the latest browser version or even another browser. And to upgrade the operating system. But in many cases this will be a large and expensive logistic operation. Additionally, many organizations have internal business applications that will not work in a different browser (version). Or the (full) regression test is too expensive, remember... many companies just survived the credit crunch.
- Upgrade to the latest browser version/patch and operating system.
- Install a different browser for surfing the Web, but keep IE6 for the internal business applications. The firewall needs to be configured for the right access rules.
- One architect suggested installing Firefox with an IE tab and configuring it in a way that the internal applications will open in an IE automatically. (good one!)
- Rewrite internal applications according to the latest standards (this is also good for job opportunities)
Any other idea, please post a comment below, thanks.
Stop support for IE6.
Software companies and Internet service providers are starting to stop support for IE6.
Google recently announced that it will stop IE6 support for Gmail and Calendar Services later this year after it announced to stop support for Google Docs and Google sites.
Anti IE6 groups
Web developers want to get rid of IE6 already for a longer period:
- IE6 slows down development in the internet
- It does comply with W3C web standards
- No support voor CSS v2
- PNG transparency issue
- Z-index issues
In addition, HTML 5 and CSS3 are coming and that .... No, that does not work in IE6.
There are also groups that call for years to ban IE6. The idea is that companies only can be forced to switch. They will not do it by themselves. BUT.... THANKS TO CHINA!
“IE6 is the new Netscape 4. The hacks needed to support IE6 are increasingly viewed as excess freight. Like Netscape 4 in 2000, IE6 is perceived to be holding back the web.”
Jeff Zeldman, standards guru
Is the situation really that bad?
Personally, I think the situation is a bit overhyped. That can happen when companies have large PR departments. In the beginning of this century IE6 was a very good browser, if not the best there was. But the internet doesn't wait. With IE8, Microsoft has put a good browser on the market. I personally like this browser more than the latest Firefox versions. But I hope IE9 fully supports HTML5.
And to conclude...a silly list, but unfortunately not followed by most large companies
- Always upgrade to the latest browser version and operating system
- Install the latest virus definitions for the virus scanners
- Start writing good quality code for internal applications
- Secure the network