I decided to take one last look at the computer before heading to bed the other night... check the email, see if there are any interesting blogs in the RSS Reader and glance at Twitter. It was the last one that caused me to start writing this. One of the trending topics on Twitter was 'IE6 Must Die'. It took me a little bit to scroll through the tweets before I found a link to this article on mashable.com.
I was intrigued because it was just a few hours earlier that I had been cursing Firefox for making a small web page edit I was doing more difficult, so I read through the article.
I had to laugh when I got to this point as a reason for getting rid of IE6:
- General Security: Just like not updating your virus software can get you riddled with spyware, not updating your browser can be a gateway to attacks. There are even code snippets that will shut down IE6. I won't tell you what they are, but you can find them on Wikipedia. It's unstable.
I'm sure that this will draw some mixed opinions, but I think this is a prime example of why security is a specialized field and why we have so many security issues plaguing us. I'm sure that AV enthusiasts are noting that AV software doesn't have to protect you from spyware (even though most of it does these days)... but for me it was the second half of that comment that caught my attention.
The browser landscape is a scary place these days. There doesn't seem to be a period of time when at least one browser isn't the target of an unpatched 0-day. I actually think that this blog post highlights why we have so many computers that are members of botnets, and so many browser-based attacks. This opinion that an up-to-date browser makes you more secure is wrong, and given that IE6 still receives regular updates, it's also completely invalid. If you want to discuss additional security measures, then sure... IE6 has some issues, but it is still "up-to-date". To say that this is an IE6 issue is misleading and irresponsible.
If we move on, we get this "code snippets that will shut down IE6". There are plenty of ways to crash pretty much any browser; this is primarily because certain companies (*cough*Microsoft*cough*) don't feel that a denial of service attack is worthy of a patch. This means that DoS affecting IE7 and IE8 also aren't patched. You can also find conditions that affect other popular browsers. Which means that saying "It's unstable" is also completely moot -- no browser is stable.
Am I saying that everyone should continue to run IE6? Definitely not. What I'm saying is that uninformed comments, like these, can't lead to anything good. Readers of the mashable.com blog will be under the impression that these are issue plaguing only IE6, and this is incorrect. Making these claims is no different than if I claimed that you shouldn't buy a Ford simply because they can run out of gas and get in accidents. The same is true for all cars, but someone unaware of these facts could make poor choices because of misinformation.
In the end, users need to remember that their browser is *ALWAYS* at risk, and that, regardless of the browser and the protections that it offers, you need to be aware of that risk. It's really that simple.
