IE 8 earns high marks for security in reports
Microsoft is putting out the word that users of Internet Explorer 6 should upgrade to IE 8
- By Kurt Mackie
- Aug 14, 2009
Microsoft is putting out the word that users of Internet Explorer 6 should upgrade to IE 8, primarily for security and standards-compliance reasons.
"Why would anyone run an 8-year-old browser?" asked Dean Hachamovitch, Microsoft's general manager of Internet Explorer, in a Monday IE blog post. "Should sites continue to support it? What more can anyone do to get IE 6 users to upgrade?"
More on this topic from GCN:
IE8 slowed by third-party apps
Microsoft slates IE8 udpate for Aug. 25
Microsoft: Run IE7 in "protected mode" for increased security
Potential bug found in Microsoft Web server app
People still do use IE 6, but some workplaces prohibit an upgrade. A Digg survey found that about 10 percent of its Web site visitors were using IE 6. A follow-up poll by Digg found that 70 percent of IE 6 users could not upgrade their browsers due to lack of administrator privileges on their computer or their workplace wouldn't allow it.
Organizations may resist allowing an upgrade from IE 6 because they have applications that might break using newer versions of the browser. In those cases, Microsoft has provided some help, according to Amy Barzdukas, who also holds the title of general manager for Internet Explorer.
"We have a host of guidance and tools and other offerings available for those companies to help identify and to remediate applications that may not in their current state work on IE 8," she explained.
Microsoft is working directly with independent software vendors (ISVs) on packaged applications that currently depend on IE 6 to help ensure compatibility, she added, but other challenges remain.
"The areas that are most difficult for us to be able resolve at one fell swoop are really homegrown apps," Barzdukas said.
IE 6 is part of the venerable Windows XP operating system that many companies continue to use, having ignored moving to Windows Vista. However, the availability of Windows 7 could change that picture, according to Barzdukas.
"In the cases where companies have chosen to skip an operating system, it's perhaps not so surprising that we have such a backlog of IE 6," she said. "But I think if we look at Windows 7 -- both the excitement and how well it's being received by our corporate customers -- we think it will really help significantly to move people off [IE 6]."
Some Web sites have been floating "kill IE 6" campaigns, arguing that Web developers are stressed out having to maintain code for a browser that wasn't standards compliant in the first place. Microsoft officials tend to be sympathetic. However, because IE 6 is part of XP, the company is committed to providing IE 6 support until 2014.
Consumers, unlike some organizations, face no costs in upgrading from IE 6.
"On the consumer front, where it's a relatively low barrier to upgrade, we would certainly say that consumers should get off IE 6," Barzdukas said.
Security is perhaps the one big reason why people should upgrade, Microsoft officials say. IE 8 got superior marks in two July security reports on browser security published by independent testing organization NSS Labs. IE 8 led other browsers in blocking social engineering-delivered malware and it tied with Firefox 3 in reducing phishing attacks. Those findings are summarized in a Thursday IE blog post.
The NSS Labs reports also measured the speed at which new vulnerabilities were detected and blocked, with IE 8 taking the lead. Speed turns out to be an important factor in protecting against malware.
"It's not just having the list of known bad sites, but it's how quickly you implement it, and the algorithms that are used in implementations can provide a significant variability in how well they perform at that task," Barzdukas explained.
According to the reports, Google Chrome beta 2, Firefox 3 and Safari 4 all relied on "the Google Safe Browsing feed," which is a list of sites known to harbor malware. However, the NSS Labs reports found that there were operational differences in how those browsers used that feed, resulting is speed differences in addressing threats.
IE 8 includes a SmartScreen feature that checks a dynamically updated list of Web sites for malware and phishing scams. Users get a big red warning screen when things are amiss.
A final reason to upgrade to IE 8 is its performance. Microsoft conducted its own internal tests, publishing results in March that described IE 8 as perhaps the fastest browser. However, Barzdukas backed off a bit from that claim.
"I would not claim IE 8 to be the fastest browser," she said. "But I would say that it is about 70 percent faster than IE 7, and I don't know how much faster than IE 6 -- but let's just say a whole lot. It is fast like modern browsers are fast. And the differences between most modern browsers now can literally be measured in a blink of an eye."
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.