informa
/
Vulnerabilities/Threats
News

UK Government Stays With IE6

Experts say Microsoft Internet Explorer 6 is a security risk and should be replaced with newer browser.
"We the undersigned petition the Prime Minister to encourage government departments to upgrade away from Internet Explorer 6." So reads an online petition begun in January 2010 and submitted in June 2010 with more than 6,200 signatures to the United Kingdom government.

Her Majesty's Government (HMG) posted its response on Friday, declining the request. "To test all the web applications currently used by HMG departments can take months at significant potential cost to the taxpayer," read the government's response. "It is therefore more cost effective in many cases to continue to use IE6 and rely on other measures, such as firewalls and malware scanning software, to further protect public sector Internet users."

The petition had been created by Dan Frydman, managing director of Inigo Media in Edinburgh. "The main point isn't actually the technology or any kind of IE hatred. The whole issue is to get the government to recommend a way forward, not to stay with what's easy, cheap, and (often) nasty," he wrote in his blog, in response to the government's response. "It's not far-fetched to launch IE6 in a virtual client and run IE8 for everything else."

Of course, the U.K. government is hardly the only organization that finds breaking up with IE6 hard to do. According to one study, as of April 2010, one-quarter of all Internet traffic flowed to IE6. Unfortunately, the browser's relatively poor security continues to make IE6 an attack magnet, leading security experts to question the U.K. government's reasoning.

"Where's the wisdom in sticking with IE6 when Microsoft itself has urged users to upgrade to a more secure version, many websites are dropping support for it, and security professionals advise that installations of Internet Explorer should be taken outside and beaten with a heavy stick?" asked Graham Cluley, senior technology consultant at Sophos, in his blog.

Without a doubt, upgrading would require time and effort, wouldn't happen overnight, and there would be some initial costs, he said, but it would be all be time and money well spent, he said.

Furthermore, "doing nothing is not acceptable from the point of view of security, and sends the wrong message to consumers and businesses across the country. IE6 simply isn't a safe place to be anymore, and should be ditched as soon as possible."

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5