UK Government holds firm on IE6

Not compatible

Like with other comments on the same subject on this website. Businesses will not upgrade from IE6, purely because of the fact that their internal systems that were programmed specifically for IE6 will simply not work on IE7 or 8. So, it would involve heavy investment into upgrading their systems.

This reminds me of Swine Flu, major panic, but the actualy reality of things are slightly different. Scare-mongering.

By treadmill on 19 Jan 2010

Ah, our dear old government. Head in the sand as usual.

Idiots.

By Grunthos on 19 Jan 2010

hell will feeze over before this or any goverment will dump XP and IE6

plus all these computers never get patched as well

Mark

By mprltd on 19 Jan 2010

IE6 should have been dumped a long time ago

IE6 is ancient by web browsing standards and should be dumped wherever possible for security and usability reasons.

Chrome is my favourite as it is extremely slick and clean (plus now has an ad-blocking extension).

By atomz on 19 Jan 2010

@Grunthos

Actually, I'm no big fan of the goverment but in this case I think they're right. The method of the attack is now well understood and it should therefore be possible to guard against such attacks. Yes it makes sense to move away from IE6 long term. But short term better to take a step back and make a proper assessment of the risks and plan the upgrade path carefully.

Or alternatively, take the Grunthos headless chicken approach and launch head long into a pooly planned upgrade.

I know which approach I would take!

By rjp2000 on 19 Jan 2010

I'm with RJP

Take time to think about what HMG are saying: they don't believe that there is a safer place to go to, then where they already are. That *might* be head-in-sand, but it also might not - it's certainly not possible to conclude which from what is said here. I'm also not sure what is meant by "government" - I wouldn't treat every computer sat at by a Civil Servant as a monolithic whole with a consistent configuration, anyway. Having said all that, and freely agreeing that Government both big nd small make mistakes in IT, the statement that there is no better place to hide from this character of security breach, remains perfectly valid and accurate.

By Steve_Cassidy on 19 Jan 2010

@rjp2000 - Fair one, I think you're right. But let's be fair, the government doesn't exactly have the best track history when it comes to IT security. And it's not a rushed thing, IE6 was launched in 2001 it's long overdue retirement.

By Grunthos on 19 Jan 2010

The fact that some users may be forced to remain on IE6 "so that their internal systems can continue to work" only underlines the case for always coding standards based web pages, rather than just going along with the biggest commercial company's offering. Standards based systems do not depend on the fortunes of a single company or browser to work.

As for the Cabinet Office, the civil service hates change and probably secretly wants to return to the days of typewriters anyway.

By SwissMac on 19 Jan 2010

It's not necessarily the case that they stick with IE6 "so that their internal systems can continue to work". This implies a knowledge that they won't. It's much more likely that there is evidence of 1 or 2 systems that don't work and no evidence about the rest. Under no circumstances should anyone upgrade from IE6 to IE8 or Firefox or whatever until the prime functions of the business critical systems have been demonstrated to work. After all, in the case of government, it could be your tax that gets calculated wrong. The cost of testing the business critical systems and a sampling of the rest is non-trivial and has to be weighed against the benefit of moving.

After all - exactly why should big corporations move? To enable their staff to enjoy Web 2.0 in their lunchtime? I don't think so.

Concern about security is sensible enough but from experience in my previous job I can state that we DID religiously patch the Windows estate (XP) very much to time, while all access outside the company went through just 2 pipes using proxy servers patched up to the hilt, which should provide a barrier of itself.

While the idea of "always coding standards based web pages, rather than just going along with the biggest commercial company's offering" makes theoretical sense, just try telling Procurement that they should ignore Oracle or IBM... (that's not meant to suggest I've any experience of issues with their offerings - just that that's the issues you'll run up against if you try to propose standards based stuff rather than market leaders.

By AdrianB on 19 Jan 2010

Puzzled by reluctance to dump IE6

It is perfectly possible to run Firefox or Chrome alongside IE6. If businesses need IE6 for their intranet, just point it at a proxy server which prevents access to the internet. Then give the users a proper browser for internet access.

Microsoft, stupidly, will not yet you install IE8 alongside IE6, but there is nothing stopping you installing a third-party browser alongside. It will not even cost you anything.

If IT departments put as much effort into finding solutions to problems as they do into making up excuses for inaction the internet would be a much safer and better place!

By JohnAHind on 20 Jan 2010