Sophos Cloud Optix
Do you still use Internet Explorer 6? I really hope not.
The facts should be clear as day: Microsoft no longer supports Internet Explorer 6, and the creaky old web browser simply doesn’t provide anything approaching a sufficient level of defence with severely critical vulnerabilities left unpatched.
Microsoft itself has urged IE6 users to upgrade to Internet Explorer 8 (as a way of avoiding an attack by a zero day vulnerability). And yet still plenty of firms and organisations find themselves still running Internet Explorer 6.
The British Government has been strongly criticised for its unwillingness to upgrade from the insecure Internet Explorer 6, and I was one of thousands of people who earlier this year signed a petition to the Prime Minister calling on government departments to upgrade their browsers.
The answer at the time was that upgrading browsers was too expensive, so it’s good to read in a report in TechEye that the Home Office now plans to switch to Internet Explorer 8.
I’m not saying that it’s easy for a government department to upgrade or switch browsers, but the IT teams tasked with securing sensitive data inside organisations must be given the resources to keep on top of the latest security issues – or risk suffering from potentially serious consequences.
Let’s hope that other UK government departments follow the Home Office’s example and invest in a more up-to-date, more secure browser.
London Borough of Tower Hamlets uses IE6 as standard.
The important question for me is _why_ is it so hard to upgrade browsers? They're a central part of the user interface now, so any vendor whose browser is hard to upgrade is exposing its users to a wide range of security problems. That vendor also exposes itself to greater costs in terms of supporting users on old versions, and customers switching to competitor products because it's easier to do than to upgrade.
I limited my rant to the following below. Previously, I wrote a long rant in reply to the blog post. I then deleted it. The one word I believe best describe what is going on would have to be negligence. Some of you may find that a bit harsh. But seeing what goes on day in and out with lack of updates and patches. I believe a vast majority of issues could be eliminated due to proper preventative maintenance. I.E Patches and Updates.
I understand some software cannot be patched due to EOL. But something so simple as rolling out an upgrade from IE 6 to IE8. They are eligible for the bloody update!
If they are running these versions of Windows.
Windows Vista 32-bit
Windows Vista 64-bit
Windows Vista with Service Pack 1 (SP 1) or higher
Windows XP 32-bit with Service Pack 2 (SP 2) or higher
Windows XP Professional x64 Edition
Windows Server 2003 32-bit with SP 2 or higher
Windows Server 2003 64-bit with SP 2 or higher
Windows Server 2008 32-bit or higher
Windows Server 2008 64-bit or higher
I understand they are also saying expense of the roll out. Sometimes you have to just get it done.
My 2 Cents.
Don't forget Java, thankfully now Oracle's Java platform comes with an updater.
Updated AV, Java and IE = reduced surface attack
simples
Shouldn’t they be updating to Firefox? Why rely on closed code under foreign jurisdiction? There must be a security risk involved.
comodo dragon is a good browser