UK.gov unmoved by Internet Explorer 6 security concerns
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts. On Friday Google - which was recently the victim of a high-profile attack from hackers understood to …
This topic is closed for new posts.
Version 7?
Why version 7? This is continually annoying me.
Every time I see a group of people declaring that they're finally moving from IE6, they move to IE7. Why not 8? If you're going to move, you might as well move to the latest version, right?
uhm
IE7's XP+ only, is it not?
so win2k would be out of the loop no matter if IE6 or 7
Er
At what point does Admiral West say he's happy with IE6? He says "There is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure." which suggests he expects departments to be using IE8 to me.
What a joker
"There is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure."
Perhaps he should gain the ability to research this, maybe just looking at this graphical display of the relative number of security holes in IE and other browsers:
http://www.webdevout.net/browser-security#graphs-total
UK gov + computers = Fail
Proof
It just shows how entrenched MSFT is in UK.gov. No amount of facts can change financial relationships between those guys and MSFT sales guys.
"latest fully patched versions"
Well yes. But that was *not* the question being asked. It seems serveral departments of HMG can't get this brownser dumped.
But why? Did idiot developers (all the usual suspects) rely on V6 specific features. Or is existing hardware simply too knackered to run anything more up to date?
Umm
"additional security measures, unlikely to be available to the average home computer user"
What is he on about ? I call shenanigans !
Additional security measures
He's on about those extra little checks that UK Gov does on every piece of traffic it can snoop into. The results are not likely to be available to anyone but the spooks, who are not average home computer users.
Excuse me, there are a couple of large blokes with an unmarked van knocking on my door. Time to use the emergency exit ...
... (fading into the distance) "you'll never take me alive copper^H^H^H^H^H^H unnamed persons who may or may not be working for a government department. AAARGH".
Pass my coat ...
Politician-speak
What they really mean is "we haven't got anywhere near the time or budget to contemplate testing, certifying, redeveloping, and moving ALL our systems en-masse from IE6.
The wonders of single supplier lock-in (which was what the corporate browser market had at the start of this millenium).
I understand the issue...
The issue is that public sectors have to put up with shit software and support companies - a lot of the software uses nasty ActiveX hacks which stops Firefox in it's tracks; some of the said companies only make their latest version of their software work on IE8.
The reason they have possibly picked IE7 is that something important works on IE7 but not IE8 so the DoH are possibly picking IE7 as it works without a lot of problems but IE8 cause a few which they cannot afford to fix and offers them slightly more security.
Anon as I work in the public sector and I doubt they would appreciate this post.
just pick the right day to say it
"There is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure."
Some days of the month it is literally true, right after the MS patch day what he says about evidence may be true; but just before the scheduled patch-day it may not be.
It's just a case of picking which day to make those statements.
His advisor may have picked the right day, but did he?
The most sensible thing ever said about security
“Complex software will always have vulnerabilities and motivated adversaries will always work to discover and take advantage of them,”
Major Fail
There is no reason to do IE7 when IE8 has a fully compatible IE7 renderer built in
Why still on IE6?
I wonder if the reason that UKGov is still using IE6 is because everything is outsourced now to companies like EDS, Crapita, et al and getting them to change the browser involves a huge amount of bureaucracy and red tape, plus not forgetting the huge charge the outsourcers will put on even the most minor of change requests.
Crapita et. al. incompetence...
...not exactly a surprise. If you're one of these public sector contractors it seems you can get away with crap which would get you sacked in the private sector.
And they don't just get away with it, they have the government coming back for more.
Insanity.
It's all about risk!
The security risk is less expensive to cover up then the security improvements cost.
Same goes for bank's and smart cards, they have always picked the cheaper option.
It looks good when they save money, later when the shit hits the fan, they have moved on.
Long live the contractor.
The buck stops with the next fall guy, LOL.
IE8 doesn't go on Windows 2000 so it's a big deal to change up.
Microsoft are often to be found posting useful or at least interesting features in their software t!and then dropping them from the next version. A calendar and schedule tool in Windows for Workgroups 3.11wasn't in Windows 95. Disk data compression comes and goes and comes and goes between versions. So IE6 probably has a boatload of web embrace-extend-extinguish features that developers used, that were extinguished by Microsoft in IE7 and IE8 - even with compatibility options in the latter. Bastards. (I didn't want to use the word but it's clearly necessary.)
Not Surprising
The BBC is riddled with ex-Microsoft staff, no reason the government isn't either.
Rearrange these words to make a sentence
Tentacles
Government
Orifices
Has
Microsoft
In
Its
Many
Jammed
Excellent. You've now earned 'Gold Partner' status.
In fairness...
...it's hard to see the problem when your head's stuck that far up your arse.
tfl.gov.uk site
Crapita sounds right. I tried to find out our vans status via thier site and it rejected requests from firefox but was OK with MSIE7. I then tweaked FF to submit with MSIE headers and hey presto it worked. Looks like Crapita have coded the servers to detect MSIE User-Agent: and bounce FF et.al.
Really?
And Lord West was in charge of the defence of the realm? Might well be closer to the truth that the upgrading will cost money and resources. Much better to spend it on a nice new lock to be used when the horse is halfway down the road.
There is no evidence ...
"“There is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure."
Typical Government response. We avoid researching things that we think we might not like the answer to, so that we can say "there is no evidence".
But maybe the government should research advocating firefox together with flashblock and noscript. They should be advocating a browser that at least tries to comply with standards instead of inventing new substandards.
"government security"
@Dino Saur 17:03 --
uk .gov network security services are provided by commercial vendors; their identity is a matter of public record.
This topic is closed for new posts.
