Lest readers interpret advice against affecting software source code as naive or trite, consider that Internet Explorer 6 market share still hovers around 13% world wide. That market share is predominantly due to corporate IT departments still clinging to 10 year old technology that is buggy, slow, and most importantly, an incontrovertible security hole.
The bug in the machine
IE6 has glaring CSS issues and security holes. There’s only one reason beyond laziness that corporate offices do not upgrade in the face of leaving their businesses open to hackers and covering the open door with costly virus software that exacts fantastic tolls on hardware. It is hard coded into their infrastructure and they can not stomach the upgrade costs the mistake is going to cost them.
Unfortunately, they are paying in hardware usage and virus overhead anyway. Security software is notoriously greedy on hardware and memory usage. And most of it is directed at IE6 viruses.
Digg, Google and others withdraw support of IE6
It was IE6 that allowed hackers to infiltrate Google and at least a dozen other companies in the latest large cyber attack. Soon after, Google announced it would no longer support IE6, and began phasing out its exposure to the browser in all their products, including their document suite and Gmail.
If you’ve wondered why Microsoft counsels and advertises upgrades to IE8 so close to their introduction of IE9, wonder no longer. Their support of IE6 is no doubt wearing thin, having long ago lapsed into a money loser. Besides, it hurts their reputation, especially when the largest web company announces they are fed up.
Legal recourse to preventable virus attacks
We suspect the heaviest culprits other than legacy in-house systems and VB runtimes (most IE6 requirements are undoubtedly due to in-house IT departments) are large vendors like Oracle, tying their customers to old browser shells because their software products have ignored foundational programming precepts. If the security of your company websites is being held hostage by third party programming, we suggest you have a chat with the vendor.
They might just be interested in shouldering your security or upgrade costs given the exposure of their programming. There is at least an argument to be made that they have voided their contracts by ignoring prudent and expected behavior. Legal departments might consider including explicit penalties for hard coding hardware and software technologies. There really is rarely any excuse for it, and there hasn’t been for decades.
Just as frighteningly, if you’ve ever been on the wrong end of an unjustified bank or other financial institution transaction and suffered for it while they decided the issue was theirs, you may be motivated to ask them if they are still using IE6. Of course they are liable if their systems are hacked. But it is your life, your cash and securities, and your identity that will be affected while they determine where the fault lies. Make no mistake.
Reduce your exposure as a customer
It is long past time that software vendors be asked to shoulder the full cost of their fiduciary duties. The cost of preventable cyber attacks is beyond all reason, and measured in the billions of dollars per year. Only one-fifth of the IT execs surveyed in at least one poll believe their systems are currently secure. In that same poll, concern for loss of customer personal information ranks third behind their own cash and reputation losses. Of course, company losses are just passed on to the consumer anyway in higher prices. But there is one simple way to rectify your exposure. After all, you are the customer.
References
Photo courtesy Ines at Stock.xchng
