Corporate IT Just Won't Let IE6 Die
alphadogg writes "Security experts, industry analysts, and even Microsoft recommend that IT departments upgrade Internet Explorer 6, yet new research shows that while there may have recently been a mock funeral for the aging browser, IE6 is still around and doing well, especially during standard business hours." The article says that they are seeing 6-13% peaking during business hours. Around here we see less than 1.5% IE6, but since we see only 10% IE in general, I imagine we're just lucky.
It's because of familiarity, I'm pretty sure. I've had clients absolutely refuse to use anything else, even IE8, because it "felt" (in other words, looked) different from what they were used to. My solution to this is usually one of the Firefox themes that makes Firefox look like IE. The IE6 one is pretty flawless.
We're using the security hole in IE 6 and 7 where you can execute code with IE's image parser.
Our customer comes to our office for a meeting where he demands IE 6 & 7 support. We tell him to open his laptop and go to google.com. When downloading the google logo image we have configured our router to redirect to our infected image file.
Then we tell our customer to reboot. After the reboot we tell him to check his mail inbox in outlook and then tell us what the new mail he has says.
He gets really suprised when he sees his login password in clear text. And from that moment IE8 is a minimum requirement.
This works on every customer we have tried it on, they take it seriously when they see the security threat in action. Most people think anti-virus and firewalls protects them. Our job is to tell them that updated software also protects them, and we've failed bigtime when it comes to that.
It's pretty hopeless, as far as I tell. The past 2 major aerospace/defense corporations I've worked for have invested heavily in rolling out all of their mandatory on-line training and timecard accounting using software that happens to only work in IE6. This mandatory training is required to meet all kinds of legal and policy requirements... ethics training, security training, etc. So it's not really the IT department per se that's holding everything back, other than not being more successful in standing by web standards back when they were deciding to deploy all that cruft.
On the bright side, Firefox has really taken off as a secondary day-to-day browser. Microsoft really shot themselves in the foot with their vendor lock-in this time, since no major corporate customer could successfully upgrade to IE7 or IE8 because it would break all of their meticulously tested training and timecard apps. But they can certainly install and develop new apps for alternative browsers.
This has also been a boon for virtualization... I've been running the corporate load of WinXP+IE6 under VMware, so I can actually have a 64-bit OS on the bare metal, yet comply with all the corporate application and security and encryption policies on my VM. As a nice side benefit, Outlook can't thrash more than 1 CPU or gobble up all my memory this way.
I think Microsoft might finally regain some ground with corporate deployments with Windows 7 only because it provides a WinXP mode that might let them run all their legacy cruft. But it will still take 6 months to a year after Windows 7 was released for the IT departments to finish testing and remastering for widespread deployment, so we won't know for sure for another while yet.
Oh but you forget the joys of virtualization. IE6 can live forever in a VM. Enterprises can go for the next 20 years forcing their workers to use something that barely worked and was horrible even when the tech was current. I know there are people out there virtualizing Netware and NT4 which I fully expect to be doing some critical operations inside a VM like controlling machinery or whatever 100 years from now. I doesn't have to die, even though it probably should die.