Corporate IT Just Won't Let IE6 Die 479
alphadogg writes "Security experts, industry analysts, and even Microsoft recommend that IT departments upgrade Internet Explorer 6, yet new research shows that while there may have recently been a mock funeral for the aging browser, IE6 is still around and doing well, especially during standard business hours." The article says that they are seeing 6-13% peaking during business hours. Around here we see less than 1.5% IE6, but since we see only 10% IE in general, I imagine we're just lucky.
Legacy apps (Score:3, Interesting)
Hey Taco (Score:5, Interesting)
Just out of curiosity, what is the browser breakdown here?
Embedded Computing (Score:4, Interesting)
Re:Legacy apps (Score:3, Interesting)
Many apps that run on IE 6 will not run correctly on IE 7 (not even thinking about IE8 yet). It can cost a company millions of dollars to upgrade or redevelop their proprietary applications and for what? Tabs? A fully patched IE 6 is just as secure as IE7, so why upgrade? I think many companies will skip over IE 7 and go straight to IE 8 when they upgrade machines from XP to Win7.
Pretty much this, but I would like to expand this to state that at my company, we'd LOVE to upgrade and get the hell off of IE6 for some of our users, but we simply can't without spending literally millions of dollars. For a small firm, this isn't an option. (Finance industry) There's a ton of vendor lock-in, and several of our biggest applications have us stuck. Are we taking steps to move off their proprietary locked in software? Of course. But it is a ridiculously slow process, and some of the managers involved simply don't give it the time necessary, as they have "bigger and better things to do". (Not my call, I'm not in those meetings and actually don't do helpdesk stuff unless the world is exploding.)
Re:My plate is pretty full right now... (Score:5, Interesting)
In any case - all those in the surveys must be very lucky to see such low numbers when it comes to IE6.
A system that I run still has more than 65% of the traffic from IE6, luckily the last clients have abandoned using IE 5.5.
Other figures are 21.1% for IE7, 12.7% for IE8 and 0.8% for the other browsers (Firefox, Safari.)
Why not put pressure on the vendors? (Score:2, Interesting)
Enough with the bloody excuses! (Score:1, Interesting)
The browser is no longer supported - it's dead - there will be no more security patches. This last point alone should make any "IT dept" with any common sense at all push to get a new browser in place ASAP. In fact, it should have been planned for and implemented years ago. If your management is too stupid and obstructive to allow this, get a new job - you're working for morons.
If you have some piece of garbage intranet app running, for christ's sake install a second browser for use outside of the company network. It's not hard, and there's plenty out there.
Stop being lazy hand-wringers. Do your job.
Re:My plate is pretty full right now... (Score:5, Interesting)
We scare our customers who run IE 6 & 7 (Score:5, Interesting)
We're using the security hole in IE 6 and 7 where you can execute code with IE's image parser.
Our customer comes to our office for a meeting where he demands IE 6 & 7 support. We tell him to open his laptop and go to google.com. When downloading the google logo image we have configured our router to redirect to our infected image file.
Then we tell our customer to reboot. After the reboot we tell him to check his mail inbox in outlook and then tell us what the new mail he has says.
He gets really suprised when he sees his login password in clear text. And from that moment IE8 is a minimum requirement.
This works on every customer we have tried it on, they take it seriously when they see the security threat in action. Most people think anti-virus and firewalls protects them. Our job is to tell them that updated software also protects them, and we've failed bigtime when it comes to that.
Re:Yeah, we're one of the ones stuck with it (Score:4, Interesting)
The only way to get rid of it is to put a LOT of resources (see money) on making our in house apps standards compliant. The problem is that the developpers do not have the budget necessary because the top company managers (non tech) say "Hey, we can browse the web with IE6? So no money until it does not work anymore!"
I just HOPE that in the future, development teams will fucking stick to standards!
Windows 7 will finally kill IE6 (Score:4, Interesting)
The company I work for is begrudgingly moving to IE8 starting a couple weeks from now. The only reason they are moving to it is because they are also starting to role out Windows 7, and IE6 isn't available for Windows 7.
Therefore they have had no choice but to go through all of the internal sites and fix the numerous ones that only support IE6. Which was the only thing holding them back from pushing IE7/8 onto the XP machines. The good side effect of this is that for the most part all of the internal sites that have been upgraded to support IE8 also support Firefox now.
Re:Well... (Score:4, Interesting)
I'm an firmware engineer, but I recently built a few sites for internal applications. I wouldn't say I'm a web expert, but IE specific simply make things infinitely easier for an intranet.
For example:
We needed a way to submit jobs to a server and it required the full network share of a directory to process.
So we show an openfiledialog. The user chooses a file (abc.tsv). The server processes the entire directory where that file is..
In IE, you can extract the full path name of the file \\server\log\abc.tsv
In firefox, you can only get the file name itself (abc.tsv).
I fully understand why firefox does it this way from a security point of view. Anytime you upload a file, you certainly don't want the server knowing the harddrive structure of your local pc.
But from a get things done point of view, I went with the IE way. I didn't have to have a special server file browser or anything like that. The user is presented with a standard windows file browser...
As I said, I'm not a web developer, so maybe there were more elegant ways around this. Yet I don't consider my case very strange.
The fact that IE gave me a relatively straight forward and familiar way to do something solved my problem.
Firefox and other browsers don't.
Hence, my app is now IE independent (well it works on all versions of IE).
I can only assume others have taken a similar path.
Re:We scare our customers who run IE 6 & 7 (Score:3, Interesting)
Does this exploit still work? Thought this was patched some time back.
Re:My plate is pretty full right now... (Score:5, Interesting)
You are wrong. This is not "the only way." Another way to get off of IE6 is to create a "legacy application terminal server" which contains shit that you can't get rid of but don't want to have widely-deployed. Such a system should have tight security controls and should be very difficult to use (to encourage people to upgrade their apps).
Re:My plate is pretty full right now... (Score:5, Interesting)
It's pretty hopeless, as far as I tell. The past 2 major aerospace/defense corporations I've worked for have invested heavily in rolling out all of their mandatory on-line training and timecard accounting using software that happens to only work in IE6. This mandatory training is required to meet all kinds of legal and policy requirements... ethics training, security training, etc. So it's not really the IT department per se that's holding everything back, other than not being more successful in standing by web standards back when they were deciding to deploy all that cruft.
On the bright side, Firefox has really taken off as a secondary day-to-day browser. Microsoft really shot themselves in the foot with their vendor lock-in this time, since no major corporate customer could successfully upgrade to IE7 or IE8 because it would break all of their meticulously tested training and timecard apps. But they can certainly install and develop new apps for alternative browsers.
This has also been a boon for virtualization... I've been running the corporate load of WinXP+IE6 under VMware, so I can actually have a 64-bit OS on the bare metal, yet comply with all the corporate application and security and encryption policies on my VM. As a nice side benefit, Outlook can't thrash more than 1 CPU or gobble up all my memory this way.
I think Microsoft might finally regain some ground with corporate deployments with Windows 7 only because it provides a WinXP mode that might let them run all their legacy cruft. But it will still take 6 months to a year after Windows 7 was released for the IT departments to finish testing and remastering for widespread deployment, so we won't know for sure for another while yet.
Re:Legacy apps (Score:5, Interesting)
Oh but you forget the joys of virtualization. IE6 can live forever in a VM. Enterprises can go for the next 20 years forcing their workers to use something that barely worked and was horrible even when the tech was current. I know there are people out there virtualizing Netware and NT4 which I fully expect to be doing some critical operations inside a VM like controlling machinery or whatever 100 years from now. I doesn't have to die, even though it probably should die.
Re:We still see 22% (Score:1, Interesting)
22% of all hits to our site are from IE6
I wouldn't be to certain about that, I run all linux but for compatibility purposes every user agent string is IE6 on xp.
Considering the number of times user agent strings have been used as a type of password to enter a site there has to be quite afew of us with faked strings.
Re:My plate is pretty full right now... (Score:3, Interesting)
But you also have to remember the corporate politics of it. Ordering all web apps to be upgraded or replaced to be compatible with IE7/8 is a huge cost that's easy to put up on a powerpoint. A flow of IE6 problems may be hard to all count and estimate, and while it might add up over time it won't have nearly the same impact on this quarter's earnings. Particularly if it involves the risks of future security breaches where the estimates can be dismissed as alarmist. If you have the right (wrong?) kind of manager he'll figure that in a year or two he'll be at another position. So your request is declined, he gets a higher bonus by spending nothing now and by the time you really must do something with the problem it's no longer his problem. Even when people act rationally I'd go with personal rationality over corporate rationality 9 times out of 10.
Re:We scare our customers who run IE 6 & 7 (Score:1, Interesting)
This + silent Chrome Frame installer = happy internet. IE6 would still work as expected, but web developers could drop the Chrome Frame tag in their documents to get the compliant renderer.
Re:Well... (Score:4, Interesting)
Yes, the path you describe is exactly the problem. You stepped outside your field, and did a poor job. Not your fault really, nobody should have asked you to do it, and I understand that you probably couldn't say no. But someone with the proper skills could have done it correctly and probably around the same kind of cost.
Source code (Score:2, Interesting)
11.4% of total visits here (Score:5, Interesting)
I run a large website in the financial sector. About 30k visits per day from "normal people", not techies:
IE----75.34%
Firefox----17.49%
Safari----4.00%
Chrome----2.35%
Within IE:
8.0----61.29%
7.0----23.50%
6.0----15.19%
Re:My plate is pretty full right now... (Score:3, Interesting)
That's not a solution! Either IE6 keeps a high market share, dragging the whole web down because every site needs to spend 30% of their webdevs time writing hacks for it, or IE6 share drops and they won't be able to access many sites.
I can just see the hundreds of support calls "The internet doesn't work" when they all try to access Facebook using IE6, even though they were told multiple times they have to use that other icon.
Take this strategy: IE6 IS NOT A BROWSER... (Score:3, Interesting)
...it is a LEGACY CLIENT APPLICATION.
You don't have to go as far as making people connect to a terminal server IMO but I think you've got the right idea. Basically treat IE6 as what it now really is: a proprietary, lecagy client application. IE6 == 5250 terminal emulator is as charitable as you should get...in any case an enterprise app that uses IE6 (and no later version) is a proprietary, legacy application no different from those other old, early client-server systems with pre-WWW proprietary client apps.
Some corporate setups do indeed put legacy/proprietary apps on a Citrix or terminal services server te ease administration and deployment. Others deploy client emiages with pre-configured setups and the client app or terminal emulator runs locally. In any case IE6 should NO LONGER be considered a WEB browser, so configure it as it should be: Legacy client. Use Group Policy to lock down IE6 to only your intranet servers that require IE6. Then deploy Firefox since you cannot *reliably* install multiple IE versions on one computer, and set it to the default browser and make sure in no uncertain terms that users know Firefox IS "the internet". Remove the generic "big blue E" and only put shortcut(s) that open IE to the required lecgacy app(s) (bonus if you can change the icon to something else so as not to confuse users who think "big blue E" == internet).
I wish this was the strategy corporate IT would've taken. Not only would it be more secure than letting user's browse the public WWW with IE6, it would erode IE's market share even faster and really light a fire under Ballmer's butt.
Corporate proxy (Score:3, Interesting)