Use Internet Explorer, says Microsoft, but stop using IE6

So Google got hacked, or something, by cyber criminals in China, and Microsoft has acknowledged that their Internet Explorer browser was part of the problem. Specifically, Interent Explorer version 6 was part of the problem, and Microsoft is quick to point out that version 8 is much better, and much more secure. Cliff Evans, Microsoft’s Head of Security and Privacy in the UK, further states that switching away from Internet Explorer is also a bad idea. According to him, it’s MSIE8 or nothing. Firefox? Chrome? Safari? Opera? None of those will keep you as safe from cyber attacks as Microsoft’s Internet Explorer version 8.

Is that true? Microsoft’s Windows — in all its incarnations — is the most popular operating system on planet earth, meaning that if you’re looking to attacks something, attacking Windows is a fairly safe place to start. Similarly, if Internet Explorer is the de facto browser of choice, attacking it will yield a better-than-average chance of finding and exploiting a vulnerability. If you’re trying to attack an Opera exploit, for example, you’re going to be waiting a long time for some poor Opera user to visit your malicious website, simply because there aren’t many Opera users in the world.

Ed Bott makes a rather breathless attack against anyone still using MSIE6, claiming It’s time to stop using IE6 on his ZDNet blog. In general, I agree with the notion that there’s been ample time to move away from MSIE6; but the unfortunate reality is that there’s a bit of a chicken-and-egg problem with doing so. Until a software vendor certifies that a browser works correctly with their product, most organizations are reluctant to declare that browser a supported product (even though the browser may work flawlessly with the software). IE8 is a case in point: it works with Peoplesoft, but since Oracle (owners of Peoplesoft) haven’t certified IE8 on various Peoplesoft products and versions, it remains “use at your own risk”. If an organization wants to continue to enjoy receiving technical support, they need to use the application vendor’s supported browser versions, and the application vendor may be in no particular rush to certify a new browser version.

The bottom line? Whenever possible use the latest version of your preferred browser, whichever one that might be.