In the news recently, Google has made accusations that people within China have used exploits within Internet Explorer to access Gmail accounts of activists and dissidents as well as going after tech and industrial companies in the United States. Versign’s iDefense unit confirmed that attacks had taken place.
A couple of days later, code used in the attack was released publicly. Microsoft confirmed that the code is included within Internet Explorer 7 and 8 but that the code could only be exploited in Internet Explorer 6 on Windows 2000 and Windows XP. Microsoft used this opportunity to tout Windows 7 and Internet Explorer 8 saying, “Hey! We have more secure products right here!”
I have a huge problem with this for a couple of reasons. Only a few months ago, Microsoft reiterated it’s continued support of IE6 explaining that people expect everything they got in an operating system will continue to work throughout it’s life span. Even with the massive security problems, Microsoft continued to support IE6. But with this newest and probably worst security flaw for IE6, is Microsoft singing a different tune? No, they are not. They only want to sell more Windows 7 DVDs.
As I explained in this posting, there are many companies – large and small – who are still using Windows XP. Many of those companies are still using IE6 to support web-based software written by hacks who thought it was a good idea to only develop for IE6. In that posting, I pointed out an Ars Technica article which supported Microsoft’s take that they could not stop supporting IE6. I still believe that this is a bad position to take. I can only point out the troubles I have developing web sites and programs trying to support a NINE YEAR OLD program. Web technology has left IE6 in the dust but yet we web developers are still expected to support it. And then we are told that while we support it, we need to tell people that they should upgrade to IE8 because, “It’s more secure!”
Cut the crap already! People won’t listen to people like me. I’m just some asshole with a blog. But they will listen to Microsoft. And the best thing Microsoft could say is that they will kill support for IE6. As for other web programmers, stop writing code for IE6. IT Admins, move the company to IE8. Stop hiding behind lame excuses about money, time or the “training” it will take to bring all of the automatons in the company up to speed with IE8.