Saturday 23 January 2010

IE6: Almost Negligence

Last year I had the opportunity to meet with one of the directors from Microsoft and he made some interesting comments which made me rethink my view of history a little.

One of the things that he mentioned was that the release of Windows XP SP2 (and it's associated security features) was a really a moral obligation by Microsoft to increase the security and protection for their massive Windows client base.  Windows XP SP1 was a nightmare for people connecting to the internet/web as it just did not have the correct security settings and features for people to surf online safely. Windows XP Service Pack 2 (XPSP2) included these necessary features and was released free of charge by Microsoft. Which was good news!

Whether this was a pragmatic realization that if Microsoft didn't do something quick to stem the flow attacks and vulnerabilities that Windows XP Service Pack (XP SP1) suffered they would be subject to a massive class-action legal suit or a true understanding of client requirements. Given the discussions I had with other people close to the development of XP SP2, I think it was the latter and a tacit acknowledgement of the responsibility Microsoft incurred when releasing Windows XP just prior to the rise the web and subsequent cyber-attacks.

I feel that we are in a similar position now with IE6. And this time, Microsoft is not in the moral hot-seat.

It is the now the IT directors who are maintaining Windows XP clients with Internet Explorer 6 (IE6). Internet Explorer 8 (IE8) has been released for a while now and with the recent, coordinated and sophisticated attacks used to hack into Google largely mitigated by IE8 and IE7, the further use of IE6 is getting into the arena of negligence.

I recognize that upgrades are time consuming, expensive and may require resources that could be used elsewhere. However, the savings of the continued use of IE6 may soon be far out-weighed by the costs of a successful attack on the corporate network.

Internet Explorer 8 and it's contemporaries (Chrome, Firefox) are now readily available , with much improved security and protections against internet attacks. It's time for these large (and mid-sized organizations) to get the planning and migration effort started - lest those high-backed leather executive styled chairs become uncomfortably warm.

No comments: