Microsoft's creaking Internet Explorer 6 is more secure and popular than either Google's Chrome or Opera US banking giant Chase has determined. The bank's therefore decided its online baking services will continue to support aging the IE 6 but drop support for Chrome and Opera. IE 6 is nine years old and even Microsoft is now …
...its online baking services...
Would that be for any customers wanting to cook their books?
used almost everything
But keep going back to IE8. It's slightly slower but everything appears just better, it's the fonts that don't work well with other browsers. Whether it's the websites optimised for IE or IE has some better font handling capability not sure, but looks smoother in IE8. I also like the magnifier button. Opera is probably the fastest but doesn't look smooth. I don't lke that google probably stores every website you visit with the common web address & search field.
Very recently I also noticed that IE8 will shut down a website it thinks is unsafe. Whether this is correct or not I can't say but seems to have improved security recently, some websites are cr*p anyway. Does anyone know they maintained a list or can detect compromised sites?
IE8 loads damn quick...
...but that's to be expected, given half of it is part of Windows. From then on, it feels like an exercise in pain, and that's compared to Firefox which isn't exactly the nippiest browser around.
I can't say much for IE's font handling, I don't tend to visit sites laden with embedded fonts (not sure even if they'd be blocked by default?). What I can say is even WITH HTML 4.01 compliance, the sizing of tables and such is almost-but-not-quite the same as Mozilla/Webkit. Most of the time it doesn't matter, but sometimes it does.
There's a magnifier button? With Firefox I just "pinch in" in the touchpad to zoom in, and pull my fingers apart to zoom out (by default it was the other way around, I changed that because I felt it was more logical like this). It's a touchpad driver thing. Which, I might point out for the hell of it, I never figured out how to do in Ubuntu... Anyway, don't need a magnifier button. For those with boring mice, you do know ^+ and ^- zoom in and out on Firefox? Don't even need a button!
You do know Firefox (and I believe Opera too) maintain a list of dodgy websites? I have only once this year had Firefox throw up the big red "piss your pants now" message - and that was for a website claiming to provide and Amish cross-stitch pattern. I was looking for my mother, and I guess the sort of person looking for stuff like that is not likely to be tech savvy (in other words, easy to pwn), but Firefox had other ideas!
In short, you and Chase can take the IE way if you like. More power too you. But you know, when you're on the bridge and the way out of town is congested and the roads in are relatively empty... maybe there's a reason for that.
...some people are just born for the IE. Thats a genetic thing, and as hard as one might try, beatings alone won´t help.
IE 8 uses Cleartype for font rendering in Windows XP and Cleartype is very nice. Without it some typefaces such as Georgia look pretty terrible. You can enable it for everything through the display settings.
Very recently I also noticed that IE8 will shut down a website it thinks is unsafe.
I noticed this recently in Opera as well, I say recently, it is, if 3 and a half years and 2 major versions, (including 8 or 9 minor versions), ago is recent.
Every time I hear about someone's positive experience with MS products, I wonder what their criteria are.
I hate IE. It's a piece of shite. It crashes all the time, some websites don't render properly, it's just awful - I only run it because we have a company policy.
One thing good I can say about it is that the experience using it is consistent with the experience I have using other MS products. FFS I actually encountered a blue screen of death on Vista the other day.
Makes me ill a company got to be so big and wealthy selling mediocrity.
XP v Win7
Font anti-aliasing (Cleartype) is on by default across all browsers on Windows 7 it seems (unlike XP) - well, I say all browsers I've only got IE8, Firefox, Opera and Chrome installed.
Without font AA most serif fonts are virtually unusable, or at least butt-ugly, at anything less than about 14 "point" (yes, yes, I know) - especially if they're italicised.
Good to know that...
..."The security of your accounts and private information is one of our highest priorities."
Maybe it is refreshingly honest, but it would be good to see their list, and where security of customer accounts ranks compared to their salaries, bonuses, pensions, healthcare, etc.
"Chase could be looking for ways to curb its IT costs by focusing on just a handful of browsers on the app-development front."
Err, surely if you simply code your site to be standards compliant then you don't need to worry about supporting multiple browsers.
Isn't that the whole (original) point of TBL's World Wide Web?
Trouble is, as we all know too well, Microsoft haven't exactly followed those standards, for whatever reasons they may have; and we all really know what they are! It's only with IE8 that Microsoft really got on the standards wagons and now with IE9 they see it as a marketing drum to bang, just like everybody else...
"Also making the cut are Mozilla's Firefox 2.0 and higher and version 3.0 and higher of Apple's Safari on the Mac - but not the PC."
I really hope they meant "and lower."
I suppose it's easier for them to maintain the hideous IE6 web code than try to write something remotely standards-compliant.
I can understand why a bank might assign different browsers different tiers of support, e.g a site must work perfectly in IE7 and Firefox and acceptably in Chrome, Safari. So QA tests in the main browsers and does cursory validation in others. But dropping support altogether is sheer bloody laziness and nothing else.
It's incredibly shortsighted in this day and age to even support browsers by name rather than a particular set of capabilities that many browsers may implement. For example, if the site can take advantage of canvas, test for the canvas, don't test if user agent == Firefox. Coding to the capabilities rather than the browser version is a much better strategy for development and for maintenance when inevitably the site needs to be updated for new browsers.
It's about popularity
Direct from the Chase Faq:
"Why are some browsers not supported?
There are two primary reasons—security and popularity. There are dozens of browsers in use today, but not all offer the minimum levels of security that we require while others may not perform well with our site. The security of your accounts and private information is one of our highest priorities and some browsers, especially older versions, are simply higher security risks to use with our site."
Obviously the inclusion of IE6 means that Chase's choice was based predominantly on popularity over all other factors. The security argument is a bit thin. In the end their decision really came down to what browsers their customers are using, which is what everybody else does too.
I was a customer of theirs, the biggest problem I had was that each time I logged in to the online banking using a "new" computer, it would require an out of band telephone activation. The problem was it would forget about the previous computer that had been activated. So half the time I needed an automated telephone call to login. This was so asinine that I deliberately called tech support each time I needed to login so that they got the message.
And what are the bets that Opera or Chrome would work on the site perfectly well just they are blocked due to the user agent. So if you change the user agent, (can you do that in Chrome without an add-in?), to mask as IE or Firefox then it lets you in and works correctly.
I agree that checking for capabilities rather than name is a better idea, it is not right to force site admins to have to check and code for the idiosyncrasies of every single browser out there, and be prepared to give in depth support for how to use all of those browsers. But they shouldn't need to do that if they code to W3C standards, declare which of those standards are required to use the site effectively, and notify you if that standard is not available in the current browser when you go to the site.
If they want then name the browsers they have tested with, know work and are prepared to give specific help with, then fair enough, but don't block others just because you haven't tested them. If you have coded properly then the only reasons they shouldn't work is that the browser doesn't support the standard or is broken anyway.
For example the site uses ECMAScript and this has been switched off in the browser for security, serve a basic HTML page saying ECMAScript is required, with details on how to enable it in the tested browsers, and advice to ask the browser developer for that info in non tested browsers.
Re: Browser Sniffing
Browser sniffing would be a bad approach, as per usual. I think the article is wrong to suggest there is an active block however, the faq merely says it may not work since its not supported.
"The decision blocks users accessing their accounts at their convenience on PCs using the Opera Desktop browser and mobile devices including the iPhone..."
Chrome more popular than safari
Wasn't that one of the articles on el reg?
On Windows perhaps - the bank said it didn't support Safari on Windows, only Mac.
they can't be arsed to test their site properly.
Chase Bank rated highly for "truthiness"
What the fuck is he talking about?
MSIE > The safest (Chrome) + The fastest (Opera) browser in the world?
The safest (Chrome)
You might want to reconsider that statement... Google are on record as being anti-privacy.
"while others may not perform well with our site"
Translation: our cutting-edge web designers hard-baked so much IE6-specific crud into our site that we have no clue how to pull it out.
Nor can we be bothered to fix this as we badly need cash to pay bonuses to our execs.
That's not even close to the truth. It works fine in Chrome, I use(d?) it every day. They're making damn near non-existent savings- if it works in Firefox, it'll work in Chrome.
IE6 + XXS + Banking = Secure?
They've just thrown down the gauntlet... let the attacks on their online banking customers commence, using age old IE6 security holes :P
How many script kiddies are now going to put up proof of concept pages which open the Chase online banking log on page in a new window, inject ECMAScript into it and alter the DOM to add "HaX0r3d by Timmy! Libilar!" next to the password field... with the help of good old Internet Explorer 6 ?
Online baking service
So they serve cookies ...
These are the 2nd biggest group of banking morons I've ever dealt with. Their mobile site is basically useless.
I miss WaMu, as their system was real-time. I could buy gas and by the time I got back to the office, it was posted and cleared on my account. I've still got outstanding transactions from 22 days ago still "pending" on my Chase account.
I wonder if the MS Australia info could be used against them in a lawsuit if someone's account got haxx0rzed... I certainly hope so.
I'm pretty much thinking of the effort it would take to drop them. It would be a lot of work, but this is about the limit of stupidity I'm willing to put up with.
And I just opened a checking account with them... *sigh*
thats not so Bad
Last time I looked when functionality didn't work useing the latest public build of Firefox after logging in to a big Australian bank it offered me this advice:
To access Balance Sheet you will need to be using a Microsoft Internet Explorer version 6 browser or above, and a Windows based operating system.
Select proceed if you would like to upgrade your browser.
In Other News...
...Google reportedly behind buyout of Chase Bank.
I was a happy Washington Mutual customer.
After a year or so of dealing with Chase after the buy-out, I've moved all my personal and business accounts to another financial institution. Chase is absolutely clueless when it comes to individuals. I advise all and sundry to avoid em at all costs. Worse than BofA, even.
No, I'm not naming my current banker ... this isn't an advert.
"while others may not perform well with our site"
aka - We're under a lot of pressure from MS to use only MS browsers and no one in our IT Department has the knowledge or will to stand up to them.
The IT world, after all, is filled with treachery and danger - Opera is made by foreigners and Mozilla is probably staffed by hippies or some other such godless scum.
MS, on the other hand, are a straight down the middle, sell your kids and smile at you while they're doing it, good old fashioned, money loving US Corporation and therefore "our kind of people".
I almost feel sorry for anyone that has such a warped view of reality that they can actually utter such a paranoid scenario.
20% of Chase's customers are using IE6 and most of those don't have any other browser installed. Maybe 5% of their customers are using Chrome or Opera, and all of them have access to some version of IE. They can't afford to refuse to support the IE6 users. They can afford to tell the Chrome and Opera users that they need to use IE.
Talking of delusions
20% of Chase's customers are using IE6 and most of those don't have any other browser installed. Maybe 5% of their customers are using Chrome or Opera, and all of them have access to some version of IE
What magical copy of IE do Chrome and Opera users on a Mac or Linux have access to ?
And as has already been discussed, you don't need to support a browser, you just need to support standards. If you do then the browser is irrelevant to the functionality of the webpage, except for IE which of course then needs the page to be broken to get the functionality.
"...while others may not perform well with our site".
In other words, they can't be bothered to rewrite their site from the old IE6-specific code to a cross-browser codebase.
security or popularity?
As a developer i hate IE6, but looking at some stats for a site i host yesterday it was 70% IE6 (mostly from the US).
SO, maybe Chase are referring to the 'popular' part of their statement when talking about IE.
However, its quite irrelevant what a bank tells me anymore as they were the ones who thought it would be a good idea to invest in bad debt - much to all our costs.
If i thought they had half a clue this could be a conspiracy against their customers to fleece them even more, but i cant see a bank having the coordination to do that!
Is this the same American banks....
that lend to people who cannot afford to pay it back? ...and there is me ignoring *anything* they have to say.
Well, if I were a Chase customer, I would drop support for that bank right now... The bank I use (Nordea) has supported nearly every browser on every OS, since the beginning of Web, without breaking sweat... They also have fairly fool-proof security, with two codes (one of which is single-use only, one reused but randomly selected from a large table) needed to make transactions. Having said that, some fools, amazingly, have been known to fall for a phishing attack against this scheme, and entered a large number of these codes by hand when requested by a phony mail message... The point being, the user is probably the weakest link in security, not the browser.
Chase Bank about to become as Obselete as IE6
Even if you are stupid enough to forget the fact that IE6 is old, creaky, an industry wide security risk and downright crap. You must surely be able to grasp the fact that these days your customers want choice and if you try and force them to use software they don't want to they will make another choice and just go somewhere else for their banking. Bunch of losers...
oh no children, not THOSE kind of cookies...
So, IE is more secure than Chrome or Opera eh?
Note to self: ensure you don't have any money in a bank owned/operated by Chase - they are quite clearly smoking crack!
As a dominantly Opera user: I find most banking (and shopping) websites to be too insecure to use with Opera anyway. XSS galore etc.
Only Chrome and Opera were unhacked actually.
I've had a number of banking "Security features" refuse to work properly if i block XSS,
Er, libel much?
Surely Chase have just publicly defamed Opera and Google. Why didn't they just say that they don't support browsers with marginal market share?
My Penguin First Hardback Book of Defamation Tort Law says that in the US defamation is:
1. A false and defamatory statement concerning another;
2. The unprivileged publication of the statement to a third party (that is, somebody other than the person defamed by the statement);
3. If the defamatory matter is of public concern, fault amounting at least to negligence on the part of the publisher; and
4. Damage to the plaintiff.
So, yip, points 1-4 covered. Time for Carter-Fuck to take over..
Unfortunately, you forgot US libel Law 0.0.0.0:
(Okay, so actually it is US Law 0.0.0.0.0) The guy who can afford the most expensive lawyer for the longest period of time wins. In this case I rather suspect that will be Chase.
There is another `truism`
That one being, don't pick a fight with someone who can buy ink by the barrel.
In this case, Chase may have to watch out for the law of `unintended consequences`.
Is it a good idea to p!ss off Google??
Can you see your search engine rankings go directly to hell??
I am not saying Google would do that, but...........
How can you possibly fail to support standards compliant browser UNLESS you fill yer pages with browser specific crud? Code to the standards and then do the work to fix IE (and it is almost certainly just IE that will freak).
We need some hackers to p0wn Chase's website with IE6 only hacks. The sooner IE6 is wiped out, and the more Microsoft are blasted for writing that ****, the better.
Choice of browser
Though a few years back... I flimsily remember an incident at a security conference when one unnamed hack was asked why he used IE since it seemed to be infamous for its security flaws. The answer, in essence: "I do know the source code of IE and of alternative browsers."
I for my part regarded IE6 as the worst user experience but still have to use it at work. No question for home use, it doesn't run on Linux anyway. Then again, until very recently I couldn't browse El Reg with my preferred browser and even now Opera lists loads of errors on each and every El Reg page.
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND