UK Government Rejects Calls To Upgrade From IE6

pcardno writes "The UK government has responded to a petition encouraging government departments to move away from IE6 that had over 6,000 signatories. Their response seems to be that a fully patched IE6 is perfectly safe as long as firewalls and malware scanning tools are in place, and that mandating an upgrade away from IE6 will be too expensive. The second part is fair enough in this age of austerity (I'd rather have my taxes spent on schools and hospitals than software upgrade testing at the moment), but the whole reaction will be a disappointment to the petitioners." Update: 07/31 11:43 GMT by S : Dan Frydman, the man who launched the petition, has posted a response to the government's decision.

Reading Comprehension?

[Manip]

Their response was to the suggestion of changing browsers. Their post sets out very clearly that they're migrating their applications and workstations to IE8.

Complex software will always have vulnerabilities and motivated adversaries will always work to discover and take advantage of them. There is no evidence that upgrading away from the latest fully patched versions of Internet Explorer to other browsers will make users more secure

And:

Upgrading these systems to IE8 can be a very large operation,

Does make one wonder if the submitter or the editor even read it.

Re:Reading Comprehension?

[maxwell+demon]

Their post sets out very clearly that they're migrating their applications and workstations to IE8.

I wonder if you have read it. Here's the complete paragraph from which you quoted one (partial) sentence (emphasis by me; the first emphasized sentence is the one you quoted):

It is not straightforward for HMG departments to upgrade IE versions on their systems. Upgrading these systems to IE8 can be a very large operation, taking weeks to test and roll out to all users. To test all the web applications currently used by HMG departments can take months at significant potential cost to the taxpayer. It is therefore more cost effective in many cases to continue to use IE6 and rely on other measures, such as firewalls and malware scanning software, to further protect public sector internet users.

So it's quite clear that they are not upgrading IE versions.

Re:Frosty Pizzo?

[Tubal-Cain]

Opera is far more configurable.
Firefox plugins leave Opera's configurability in the dust.
Chrome's interface is cleaner and more compact.
Only mobile and cli browsers score lower on Acid3.
Everything else runs circles around IE's rendering times.

Re:Assume IE 6 earns them 1 million dollars a day.

[Gordonjcp]

Assume IE 6 earns them 1 million dollars a day. If they stop using IE6. They start losing 1 million dollars a day. Thats the reality of the situation.

Except it's nothing like reality. They *only* lose 1 million dollars a day if they stop using IE6 *and then don't use anything else*.

Here's a car analogy. Using a Mercedes Vito van makes me a certain quantity of thousands of pounds per year (I'm British, we don't disclose ages or wages). So, if I stop using a Merc, I stop earning money, right? Wrong. If I stop using a Mercedes Vito, I start using a Citroën Berlingo, or a Ford Transit, or some similar van.

It's really a pretty simple idea.

Reality: deal with it

[DNS-and-BIND]

This is something called reality that has to be dealt with. I know this is typically not what petition signers encounter in their daily lives, but endure this explanation. The truth is that critical applications depend on IE6 to function, and upgrading from IE6 would cause work to stop. They shouldn't have built their apps on IE6? Blame Microsoft, their ruthless tactics led to that situation.

A fully patched IE6?

[nacturation]

IE8 is the patch to IE6.

Too expensive? Pah.

[Retron]

What a load of rubbish that "too expensive" excuse is. I work as a technician in a school with around 700 PCs (several hundred each of laptops and a mix of old/new desktops) and we ditched IE6 ages ago. The cost was near zero for the curriculum PCs, as RM issued an IE7 patch ages ago. Allocating it was as simple as selecting lists of PCs and clicking "allocate". We upgraded teacher laptops on a rolling programme, the same with desktop PCs. We're now redeploying Windows across the whole site - teacher machines now have Windows 7 so it's not an issue, while the curriculum builds of Windows XP have IE8 in the base image.
The only "expensive" bit was a day of my time fixing issues with some rubbishy Java applet that is used in the library, which isn't very happy with IE8. A day of my time is worth £40, so it wasn't exactly expensive to fix!
If a school can do it, I'm sure government departments can too.

Re:Cleanup

[phoenix321]

XPSP2 was not a browser upgrade.

Either way, no one is forcing the IT department to stay at the bleeding edge. It may be profitable to do so, because usually, newer systems have some perks the older ones did not. But staying half a decade behind on current issues is not prudent, but paranoid.

That doesn't apply to real-time systems, systems of major criticality and systems with human lives at stake, but for regular office systems, holding back on upgrades forever is not prudent but complacent and possibly paranoid. Some day in the future, even Big Bank, SCADA and mission control systems WILL need to be upgraded. How will paranoid IT departments handle *that* if they never dared to upgrade even a single notebook in the least important offices? How will they gain any experience with the new stuff?

We all like to rave about prudence and ultra-mission-criticality of our IT, but unless we're working for NASA, NORAD, Big Bank or Big Energy SCADA, it's self-aggrandizing paranoia to think upgrading from IE6 to IE8 will bring the enterprise down, financially or otherwise.