Slashdot Mirror
UK Government Rejects Calls To Upgrade From IE6
pcardno writes "The UK government has responded to a petition encouraging government departments to move away from IE6 that had over 6,000 signatories. Their response seems to be that a fully patched IE6 is perfectly safe as long as firewalls and malware scanning tools are in place, and that mandating an upgrade away from IE6 will be too expensive. The second part is fair enough in this age of austerity (I'd rather have my taxes spent on schools and hospitals than software upgrade testing at the moment), but the whole reaction will be a disappointment to the petitioners."
Update: 07/31 11:43 GMT by S : Dan Frydman, the man who launched the petition, has posted a response to the government's decision.
The second part is fair enough in this age of austerity (I'd rather have my taxes spent on schools and hospitals than software upgrade testing at the moment), but the whole reaction will be a disappointment to the petitioners."
That AutoRun virus that was going around a while back, how much did that cost to clean up?
An ounce of prevention is worth a pound of cure.
And:
Does make one wonder if the submitter or the editor even read it.
The German and French governments have started to encourage people to upgrade away from the browser Internet Explorer 6
Heh, can't start copying the French and Germans now, can we? Next thing you know we'll be on the Euro! That killed it right there. Made it politically unfeasible. All those petition signers are stupid francophiles.
Qxe4
Some online vendor sites have started requiring that you use IE8 to access the site, apparently because Mastercard is forcing them too. My company's standard is IE7, good thing I'm in IT so I have the rights to install 8 on one workstation for when I have to buy software from that company-selected portal that requires IE8 now...
Assume IE 6 earns them 1 million activex exploits a day. If they stop using IE6. They start losing 1 million activex exploits a day. Thats the reality of the situation. If the government stops using IE6, it costs them 1 Million British fake antivirus's a day (Or whatever the current malware conversion is.)
Opera is far more configurable.
Firefox plugins leave Opera's configurability in the dust.
Chrome's interface is cleaner and more compact.
Only mobile and cli browsers score lower on Acid3.
Everything else runs circles around IE's rendering times.
Assume I can fly...
Oh wait.
Assume IE 6 earns them 1 million dollars a day. If they stop using IE6. They start losing 1 million dollars a day. Thats the reality of the situation.
Except it's nothing like reality. They *only* lose 1 million dollars a day if they stop using IE6 *and then don't use anything else*.
Here's a car analogy. Using a Mercedes Vito van makes me a certain quantity of thousands of pounds per year (I'm British, we don't disclose ages or wages). So, if I stop using a Merc, I stop earning money, right? Wrong. If I stop using a Mercedes Vito, I start using a Citroën Berlingo, or a Ford Transit, or some similar van.
It's really a pretty simple idea.
Someone should inform them about the meaning of targetted attack. Malware detectors find widely known malware, but could have little clue about things made specially against you.
This is something called reality that has to be dealt with. I know this is typically not what petition signers encounter in their daily lives, but endure this explanation. The truth is that critical applications depend on IE6 to function, and upgrading from IE6 would cause work to stop. They shouldn't have built their apps on IE6? Blame Microsoft, their ruthless tactics led to that situation.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
IE8 is the patch to IE6.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
The consideration about costs is right, if you defer security decisions so much that you're still running IE6 in 2010.
The consideration about firewalls and scanners is also right, if your policy is to go on patching a broken roof instead or making proper repairs.
God save the Great Britain (as well as the Little one)!
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
I have a bit of a mantra when I talk about IE6. Whenever anyone asks me why anyone would run IE6, I give this response:
Assume IE 6 earns them 1 million dollars a day. If they stop using IE6. They start losing 1 million dollars a day. Thats the reality of the situation.
That's about the most nonsensical thing I've ever heard. If this is your mantra, then you should not be employed anywhere, for any job.
... and then they built the supercollider.
Unless you use old ActiveX programs that don't support newer versions of IE, that is.
With that said it provides a wonderful example of why organisations should avoid proprietary extensions to standards. One day the world will move on and you'll be stuck with an un-integrateable piece of shit platform.
"Linux is for noobs"-The new MS fud strategy
...ladies and gentlemen of this supposed jury, I have one final thing I want you to consider. Ladies and gentlemen, this is Chewbacca. Chewbacca is a Wookiee from the planet Kashyyyk. But Chewbacca lives on the planet Endor. Now think about it; that does not make sense!
http://en.wikipedia.org/wiki/Chewbacca_defense
"Unless you use old ActiveX programs that don't support newer versions of IE, that is."
And if you are , then you DESERVE to get infected.
"I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
Actually, the tech details are just pushing a .MSI file out with IE8, or just approving it from a WSUS server.
My rant: IE6 is 10 year old technology. A Web browser is on the front lines of keeping a machine secure, almost as much so as a router. IE6 is meant to deal with spyware from the year 2001. Not the botnets and SCADA-seeking malware of 2010. Anyone who has any sense can see this.
There is just no reason to run IE6 on XP unless it is testing backlevel versions. IE8 fixes a lot of security issues. Even Windows XP needs to be binned because it is going to be a decade old, and organizations need to move forward to operating systems more able to handle the security issues of this decade.
This doesn't even need a car example, but a war example: You don't send out Greek phalanxes in formation against people with 10,000 rpm chainguns, Apache helicopters, and flamethrowers. Fielding Windows XP is doing just this.
The blackhats, phishers, scammers, spammers, criminals, and other miscreants are not going to be easing up attacks anytime soon. So why deal with threats of 2010 with an OS made nine years ago?
Of course, firewalls mitigate this, but there is something sort of wrong with compensating for a poor OS's security by having to fortify the router and perimeter instead of having the OS be reliable enough so a blackhat isn't home free once they get into the core network fabric.
Sad that something which appears so trivial turns out to be expensive.
Stephan
http://stephan.sugarmotor.org
Can IE6 even render half of the internet anymore?! I don't believe facebook even works for it, not that facebook is educational lol. You know damn well all the kids at school are going to be like "Man this really sucks!"
What a load of rubbish that "too expensive" excuse is. I work as a technician in a school with around 700 PCs (several hundred each of laptops and a mix of old/new desktops) and we ditched IE6 ages ago. The cost was near zero for the curriculum PCs, as RM issued an IE7 patch ages ago. Allocating it was as simple as selecting lists of PCs and clicking "allocate". We upgraded teacher laptops on a rolling programme, the same with desktop PCs. We're now redeploying Windows across the whole site - teacher machines now have Windows 7 so it's not an issue, while the curriculum builds of Windows XP have IE8 in the base image.
The only "expensive" bit was a day of my time fixing issues with some rubbishy Java applet that is used in the library, which isn't very happy with IE8. A day of my time is worth £40, so it wasn't exactly expensive to fix!
If a school can do it, I'm sure government departments can too.
If I earned a million bucks a day by using IE6, I would sure as Hell put half a million aside for upgrading to the next version of that browser or even migrate to a browser I can upgrade independently from the core operating system.
Eating all you earn and not planning one or two years ahead is a mistake that even in prehistoric times happened only once per tribe.
Let me introduce you to the heretical idea of sunk costs.
Having erroneously paid big bucks for something that turned out to be crap is no reason to keep eating shit all day.
If *Quality Control* software is crashing every few hours and holding back the whole company on upgrades, despite being ridiculously expensive, IT or procurement will have to stand up to some rather unpleasant questions some day anyway.
That's about the most nonsensical thing I've ever heard. If this is your mantra, then you should not be employed anywhere, for any job.
Yet your post is one sided at best and naive at worst. If your company has 30000 employees who use tools that they quite heavily depend on that only runs on one particular application and you push out and update because "hahah I'm IT and I make the rules" which breaks everything then YOU should not be employed anywhere.
... when everything is working.
IT is an internal service. If IT just focuses on the enterprise (security, stability etc) at the expense of usability then the IT department should be dissolved and rebuilt (the reverse is also true). You the admin may push an update to IE6 to my computer once you have replaced all, and I mean ALL of the applications that depend on it, and in the fortune 50 company I work for that's actually a lot of web based applications. How you do it, and who funds it is none of my concern. This is a discussion for your department to make with upper management.
Don't forget, users are a nice and quiet bunch of people
Yet your post is one sided at best and naive at worst. If your company has 30000 employees who use tools that they quite heavily depend on that only runs on one particular application and you push out and update because "hahah I'm IT and I make the rules" which breaks everything then YOU should not be employed anywhere.
How does deploying Firefox remove the ability to run IE6?
IT is an internal service. If IT just focuses on the enterprise (security, stability etc) at the expense of usability then the IT department should be dissolved and rebuilt
What the hell does IE6 have to do with usability? If you'ev ever used any of these IE6 based web "applications" you would know that they are the least usable products on the market.
Don't forget, users are a nice and quiet bunch of people ... when everything is working.
Again, how does installing Firefox stop things from working?
... and then they built the supercollider.
The blackhats, phishers, scammers, spammers, criminals, and other miscreants are not going to be easing up attacks anytime soon. So why deal with threats of 2010 with an OS made nine years ago?
You seem confused a little. The marketing/branding event "Windows XP" happened 9 years ago, yes. But the last time Microsoft updated Windows XP was few days ago, and they update it for today's threats, not those from 9 years ago.
Do you remember we had SP1, SP2 and SP3? SP2 was six years ago, pretty big update. SP3 is from only two years ago.
Of course, Windows Vista/7 can be more secure in some select scenarios, due to some select features it introduced. It's not as black as white as you want it to be.
P.S. Greek phalanxes and Apache helicopters are separated by about 3000 years, not 9 years, you get scores for drama, but I gotta take them back for lac of accuracy.
On the surface, IE6 is free as is IE7 and IE8. So why would it be "expensive" to upgrade? Oh yeah... the man-hours spent and the applications that depend on IE6 are also considerations to make. Hrmmm... This is just the first thought in the realization that not adhering to open standards could be a costly mistake and that vendor lock-in, even one as large and ubiquitous as Microsoft, can lead to an extremely costly future.
I wonder, then, if the UK Government will start to reach a conclusion similar to the London Stock Exchange with regard to Microsoft. While the reason to switch would be quite different, the general reason would be about the same -- "staying with this vendor can, has and will lead to disaster." Moving forward, using open standards that multiple vendors can participate in will lead to a more flexible situation where, once again, the decisions about where to go next is not in the hands of the vendor.
anything interesting. Like round corners
And this is why the web has become a mess of eye-candy. I wish IE6's lack of modern shiny had forced producers to focus more on content, but no, it causes them to spend months figuring every hack possible to get things looking pointlessly pixel-perfect.
I still am caught several times a day by a broken back button because some dolt has decided it's okay to implement navigation by only reloading part of the page. And then there's the sites where parts appear in random order over the course of a minute, often not completing entirely, because some hipster decided it would be all Web 2.0 to make 50 small requests. And does that menu really need to animate itself into place over the text I'm reading? Oh, and I want to know when a link is a link so stop disguising them and making me guess.
If you want to inform my mind of how to view your content, just make an interactive PDF. It'll then be easier for me to know to ignore your site. I hate Facebook but I've learnt that Facebook is popular because it's fairly predictable and uniform - once you've browsed one person's page you can browse a hundred million pages without spending time re-learning navigation.
Maybe it doesn't support rounded corners, but now that all the major crap has been fixed, I'll do my rounded corners with a few css background: (url://foo.com/round.png) and call it good.
I can now do web sites entirely within linux, boot a laptop temporarily into windows, and guess what - it WORKS.
I don't need any browser sniffing, any shims, any of the crap that people have been using for years. xmlhttprequest is the same object across all browsers now so no checking for different methods for creating a new one.
THAT is what we've been asking for for a decade.
Now as for this:
Nobody is forced - you can always give them a separate url with a fugly site and tell them that it's to partition off the insecure users of IE6. Bring along a laptop to show them what they're missing. Tell them they don't have to upgrade from IE6 - they can always use Opera or Forefox in addition ... it's not a binary either-or choice.
After all, a fully-patched system is also just as safe for Firefox or Opera as it is for IE6. Or don't they really believe that their systems are secure, and it's just hand-waving.
I ran into a $16 billion company Thursday that still is on IE6. Will I change anything so my product works with them? No - its chasing the tail of the market. At some point in the next year or two they're going to have to upgrade anyway.
The last boss who insisted on pixel-perfect IE6 compatibility stopped complaining all of a sudden when his favorite porn site (or was it his favorite poker site) forced the upgrade issue. If you believe that people's reasons for not upgrading are based on logic or economics, you're mistaken. Those are justifications or excuses, but the real reason is inertia (or they would have switched to Firefox or Opera long ago).