The British government has opted to stick with Internet Explorer 6 on its computers, despite its documented security risks
The British government has refused to upgrade its default web browser – Internet Explorer 6 – despite well publicised security issues with the outdated web browser.
In response to a 6,000-strong petition urging government departments to upgrade away from IE6, the government has said it is simply too expensive.
“Complex software will always have vulnerabilities and motivated adversaries will always work to discover and take advantage of them,” responded the government to the petition. “There is no evidence that upgrading away from the latest fully patched versions of Internet Explorer to other browsers will make users more secure. Regular software patching and updating will help defend against the latest threats.
“It is not straightforward for HMG departments to upgrade IE versions on their systems,” the government added. “Upgrading these systems to IE8 can be a very large operation, taking weeks to test and roll out to all users. To test all the web applications currently used by HMG departments can take months at significant potential cost to the taxpayer. It is therefore more cost effective in many cases to continue to use IE6 and rely on other measures, such as firewalls and malware scanning software, to further protect public sector internet users.”
The British government’s decision to stick with Internet Explorer 6 in these austere times comes despite the fact that, in January, the German government urged its citizens to ditch Microsoft Internet Explorer as a result of the Aurora attack on Google. The French government followed suit shortly after that, and urged its computer users to switch to a different web browser such as Firefox or Chrome.
The Aurora flaw is the same one that reportedly enabled hackers to break into the Gmail accounts of human rights activists in China. The attack resulted in Google reconsidering its policy of co-operating with the Chinese government, and threatening to pull out of the country all together.
Yet it seems that the government is not alone in sticking with IE6, as some organisations also prefer using the old browser, despite the fact that IE6 attracts cyber attackers because it lacks up-to-date security features. One of the reasons some organisations tend to stick with IE6 is because of its inability to render sites such as Facebook properly, meaning employees are forced to get more work done as opposed to posting or checking status updates.
Back in February, the Department of Health advised NHS organisations to abandon Internet Explorer 6, and said that they should upgrade to Internet Explorer 7.
IE8 Privacy Criticism
Microsoft meanwhile has hit back at criticism that IE8 could have offered better privacy tools if not for executive pressure.
According to the Wall Street Journal, whilst IE8 was being developed, it offered an easy way to block third-party tracking. Developers were keen on the system being left on by default, in order to give users the most privacy, but the Journal report claims executives successfully argued that tracking was necessary for advertising – and Microsoft’s bottom line.
Microsoft has objected to this version of events, and said that there is no single way to guarantee users’ privacy online.
“Because some of the technologies that can be used for tracking are also essential today for basic functionality, there is no ‘Just give me perfect privacy’ feature,” said Internet Explorer general manager Dean Hachamovitch in a Microsoft blog post.
“Distinguishing between a tracking technology (a beacon) and a useful piece of web content (a stock chart used as a beacon) is not obvious,” he added.