Corporate IT Just Won't Let IE6 Die
alphadogg writes "Security experts, industry analysts, and even Microsoft recommend that IT departments upgrade Internet Explorer 6, yet new research shows that while there may have recently been a mock funeral for the aging browser, IE6 is still around and doing well, especially during standard business hours." The article says that they are seeing 6-13% peaking during business hours. Around here we see less than 1.5% IE6, but since we see only 10% IE in general, I imagine we're just lucky.
Many apps that run on IE 6 will not run correctly on IE 7 (not even thinking about IE8 yet). It can cost a company millions of dollars to upgrade or redevelop their proprietary applications and for what? Tabs? A fully patched IE 6 is just as secure as IE7, so why upgrade? I think many companies will skip over IE 7 and go straight to IE 8 when they upgrade machines from XP to Win7.
Just out of curiosity, what is the browser breakdown here?
.
A lot of embedded devices (example, ThinClients) won't allow you to upgrade to a later version of IE. That could be a small part of the reason.
In any case - all those in the surveys must be very lucky to see such low numbers when it comes to IE6.
A system that I run still has more than 65% of the traffic from IE6, luckily the last clients have abandoned using IE 5.5.
Other figures are 21.1% for IE7, 12.7% for IE8 and 0.8% for the other browsers (Firefox, Safari.)
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
It's because of familiarity, I'm pretty sure. I've had clients absolutely refuse to use anything else, even IE8, because it "felt" (in other words, looked) different from what they were used to. My solution to this is usually one of the Firefox themes that makes Firefox look like IE. The IE6 one is pretty flawless.
We're using the security hole in IE 6 and 7 where you can execute code with IE's image parser.
Our customer comes to our office for a meeting where he demands IE 6 & 7 support. We tell him to open his laptop and go to google.com. When downloading the google logo image we have configured our router to redirect to our infected image file.
Then we tell our customer to reboot. After the reboot we tell him to check his mail inbox in outlook and then tell us what the new mail he has says.
He gets really suprised when he sees his login password in clear text. And from that moment IE8 is a minimum requirement.
This works on every customer we have tried it on, they take it seriously when they see the security threat in action. Most people think anti-virus and firewalls protects them. Our job is to tell them that updated software also protects them, and we've failed bigtime when it comes to that.
I work as a consultant in a 5000 users company where the ONLY standard is IE6. The reason why we're stuck here is because mainly of poor development practices, using non W3C compliant standards to develop in house web applications that rely on IE6 proprietary features.
The only way to get rid of it is to put a LOT of resources (see money) on making our in house apps standards compliant. The problem is that the developpers do not have the budget necessary because the top company managers (non tech) say "Hey, we can browse the web with IE6? So no money until it does not work anymore!"
I just HOPE that in the future, development teams will fucking stick to standards!
The company I work for is begrudgingly moving to IE8 starting a couple weeks from now. The only reason they are moving to it is because they are also starting to role out Windows 7, and IE6 isn't available for Windows 7.
Therefore they have had no choice but to go through all of the internal sites and fix the numerous ones that only support IE6. Which was the only thing holding them back from pushing IE7/8 onto the XP machines. The good side effect of this is that for the most part all of the internal sites that have been upgraded to support IE8 also support Firefox now.
I'm an firmware engineer, but I recently built a few sites for internal applications. I wouldn't say I'm a web expert, but IE specific simply make things infinitely easier for an intranet.
For example:
We needed a way to submit jobs to a server and it required the full network share of a directory to process.
So we show an openfiledialog. The user chooses a file (abc.tsv). The server processes the entire directory where that file is..
In IE, you can extract the full path name of the file \\server\log\abc.tsv
In firefox, you can only get the file name itself (abc.tsv).
I fully understand why firefox does it this way from a security point of view. Anytime you upload a file, you certainly don't want the server knowing the harddrive structure of your local pc.
But from a get things done point of view, I went with the IE way. I didn't have to have a special server file browser or anything like that. The user is presented with a standard windows file browser...
As I said, I'm not a web developer, so maybe there were more elegant ways around this. Yet I don't consider my case very strange.
The fact that IE gave me a relatively straight forward and familiar way to do something solved my problem.
Firefox and other browsers don't.
Hence, my app is now IE independent (well it works on all versions of IE).
I can only assume others have taken a similar path.
You are wrong. This is not "the only way." Another way to get off of IE6 is to create a "legacy application terminal server" which contains shit that you can't get rid of but don't want to have widely-deployed. Such a system should have tight security controls and should be very difficult to use (to encourage people to upgrade their apps).
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
It's pretty hopeless, as far as I tell. The past 2 major aerospace/defense corporations I've worked for have invested heavily in rolling out all of their mandatory on-line training and timecard accounting using software that happens to only work in IE6. This mandatory training is required to meet all kinds of legal and policy requirements... ethics training, security training, etc. So it's not really the IT department per se that's holding everything back, other than not being more successful in standing by web standards back when they were deciding to deploy all that cruft.
On the bright side, Firefox has really taken off as a secondary day-to-day browser. Microsoft really shot themselves in the foot with their vendor lock-in this time, since no major corporate customer could successfully upgrade to IE7 or IE8 because it would break all of their meticulously tested training and timecard apps. But they can certainly install and develop new apps for alternative browsers.
This has also been a boon for virtualization... I've been running the corporate load of WinXP+IE6 under VMware, so I can actually have a 64-bit OS on the bare metal, yet comply with all the corporate application and security and encryption policies on my VM. As a nice side benefit, Outlook can't thrash more than 1 CPU or gobble up all my memory this way.
I think Microsoft might finally regain some ground with corporate deployments with Windows 7 only because it provides a WinXP mode that might let them run all their legacy cruft. But it will still take 6 months to a year after Windows 7 was released for the IT departments to finish testing and remastering for widespread deployment, so we won't know for sure for another while yet.
Yes, the path you describe is exactly the problem. You stepped outside your field, and did a poor job. Not your fault really, nobody should have asked you to do it, and I understand that you probably couldn't say no. But someone with the proper skills could have done it correctly and probably around the same kind of cost.
I run a large website in the financial sector. About 30k visits per day from "normal people", not techies:
IE----75.34%
Firefox----17.49%
Safari----4.00%
Chrome----2.35%
Within IE:
8.0----61.29%
7.0----23.50%
6.0----15.19%
With the first link, the chain is forged.