Print 16 comment(s) - last by ipay.. on Jan 19 at 2:24 PM

You don't have to use the Wayback machine to go retro -- just go to work for Google. According to Microsoft, they still use IE 6, a dinosaur of a browser, release in 2001.  (Source: Wikimedia Commons)
Stale software products are endangering users, says Microsoft

It's been over eight years since Internet Explorer 6 was released (August 2001) and over three years since Internet Explorer 7 was released (October 2006). However, many IT departments cling to the stale browsers, rather than upgrading to Internet Explorer 8, which was released last March.  Justifications for not upgrading are diverse and include potential compatibility issues with applications, the cost in manpower hours to switch to the new browser, and the potential expense of buying new tools to manage the newer browser.

Microsoft's General Manager of Trustworthy Computing Security, George Stathakopoulos, has released a new statement which warns information technology departments to change their ways when it comes to the slow pace of browser upgrades, or risk losing valuable company information.  The statement follows on the heels of a successful attack on Google, Adobe, and others, which exploited a memory flaw in Internet Explorer 6 (and potentially IE7) to gain system access.

Writes Microsoft, "That said, we remain vigilant about this threat evolving and want to be sure our customers take appropriate action to protect themselves. That is why we continue to recommend that customers using IE6 or IE7, upgrade to IE8 as soon as possible to benefit from the improved security protections it offers. Customers who are using Windows XP SP2 should be sure to upgrade to both IE8 and enable Data Execution Protection (DEP), or upgrade to Windows XP SP3 which enables DEP by default, as soon as possible. Additionally customers should consider implementing the workarounds and mitigations provided in the Security Advisory."

Microsoft's statement touches on the fact that IT departments also frequently are slow in adopting new operating systems or service packs for similar reasons as the browser reticence -- compatibility, cost, etc.

More interestingly, Microsoft's statements indicate that attack victims Google and Adobe (as well as other undisclosed victims) are using the very outdated Internet Explorer 6.  Writes Microsoft, "In terms of the threat landscape, we are only seeing very limited number of targeted attacks against a small subset of corporations. The attacks that we have seen to date, including public proof-of-concept exploit code, are only effective against Internet Explorer 6. Based on a rigorous analysis of multiple sources, we are not aware of any successful attacks against IE7 and IE8 at this time."

That's somewhat surprising to discover that a cutting edge internet firm like Google still relies heavily on such a stale browser.  Microsoft says that it still does not have a solution to fix the memory flaw in IE6 and IE7.  However, it says that consumers can take comfort in that it is only aware of attacks on commercial users to date.

The company concludes, "In summary, we are not seeing any widespread attacks by any means, and thus far we are not seeing attacks focused on consumers."

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Discongruities?
By Joey B on 1/18/2010 9:54:50 AM , Rating: 5
I'd bet anything that IE6 is only used for testing purposes at Google. Even though everyone should upgrade to IE8 or a different browser, Google still has to support a browser that holds a large chunk of the market share.

RE: Discongruities?
By drycrust3 on 1/18/2010 10:32:16 AM , Rating: 2
Yes, it is logical to believe those affected at Google only used IE6 because they HAD to, but what if they didn't? What if their job was in accounts or somewhere unrelated to testing of websites?
As I understand their business, they are primarily a search engine supplier, not a website designer, so why the need to run IE6? Isn't Chrome sufficiently good for most of their work?
As an aside, I guess Microsoft's allusion to "other operating systems" does include Ubuntu.

I'm just wondering how bad things will have to get before Microsoft release a Linux distribution or a Linux compatible version of Internet Explorer.

RE: Discongruities?
By pbrutsch on 1/18/2010 10:46:26 AM , Rating: 3
Google Chrome is consumer-oriented and is a bad choice in a lot of corporate networks.

The lack of SSO (ie Kerberos or NTLM), the almost total lack of centralized control over the browser configuration, the very bad practice of installing the binaries in the user profile location...

Oh, and MS did have a version of IE for *NIX... more than 10 years ago.

RE: Discongruities?
By ipay on 1/18/2010 1:36:47 PM , Rating: 2
I'm just wondering how bad things will have to get before Microsoft release a Linux distribution or a Linux compatible version of Internet Explorer.

Yeah, I'm sure that Microsoft will try to get IE on every OS now. I mean it's not like the EU is going to accuse them of being a monopoly, and it's not like desktop Linux has a completely insignificant marketshare.

Oh wait.

"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." -- Bill Gates

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki