IE6 Still Used By 20% Despite Flaws

From: http://www.informationweek.com/blog/main/archives/2010/08/ie6_still_used.html

Summary

According to Zscaler's latest State of the Web report, one in five business users continue to browse with IE6, despite its being nine years old and far less secure than newer browsers.

Article

The latest State of the Web report from Zscaler holds plenty of interesting -- and scary -- insights into the threat environment, but one item in particular caught my eye.

According to the security firm's tracking of Web traffic, 20% of business users are continuing to use Microsoft's Internet Explorer 6, despite the browser's being seriously out of date, and seriously risky. While Zscaler's IE6 numbers are higher than some, it's clear that a large number of users continue to stick with the old browser, despite every encouragement -- not to mention need -- to upgrade or replace it.

At nine years old and counting, IE6 has been out of date and risky for a while. Over a year ago, Matt McKenzie described IE6 as a "Ford Pinto with a leaky fuel tank", and it's hard to top that -- except for the fact that another year has gone by and the leaky vehicle is still being driven by a lot of people.

Zscaler does see IE6 usage -- and Explorer usage overall -- declining. But the persistence of the browser says much about the dilemma of employees sticking with flawed, dangerous technology.

It's pretty easy to come up some obvious explanations for the browser's longevity. If you or your employees are still running IE6, ask yourself if any of these apply:

Budget: Your company bought machines with IE6 installed, and have never upgraded either software or hardware.

Inertia: IT is not a primary focus your company; if it's working, keep working with it.

Good enough technology: One of the non-security knocks against IE6 is that it's not up to the demands of the Brave New Web -- hence the number of apps that are dropping support for IE6. If your company isn't interested in the new Web, why should you invest the time required to upgrade your browsers?

Lack of awareness: A subset of both inertia and good enough technology, this one probably explains a large per centage of the holdouts. It's the same thing that explains why so many security remain unpatched long after patches are released.

Stubbornness: The best example of this is the UK government's recent decision to stick with IE6, explaining that it's "more cost effective in many cases to continue to use IE6 and rely on other measures, such as firewalls and malware scanning software, to further protect public sector Internet users." In other words, put a catchpan under the leaky gas tank, but keep on driving.

None of the explanations make much more than surface-level sense today.
With browsers of every variety rapidly becoming the attack vector of choice, holding onto an old, flawed browser that's unprepared for either today's threats or today's Web.

Time to retire IE6 from your business, if your business is one of the ones still running it.

And while you're at it, you might take a an age and ability check on all the other software you run.