U.K. government nixes 'kill IE6' campaign

Computerworld - The British government has rejected a call to dump Microsoft's Internet Explorer 6 (IE6), saying that it is saving taxpayers' money by staying with the nine-year-old browser.

Late last week, Her Majesty's Government (HMG) officially responded to a citizen petition that urged it to "encourage government departments to upgrade away from Internet Explorer 6" because the aged browser is vulnerable to attack and requires Web developers to specially craft sites.

The petition was added to the government's online petition site in February 2010 by Dan Frydman, the managing director of Inigo Media, an Edinburgh, Scotland-based Web design firm.

IE6 won't be dropped, the government said, for a variety of reasons, ranging from migration costs to its opinion that patching keeps users safe.

"Complex software will always have vulnerabilities and motivated adversaries will always work to discover and take advantage of them," the government said in its statement. "There is no evidence that upgrading away from the latest fully-patched versions of Internet Explorer to other browsers will make users more secure. Regular software patching and updating will help defend against the latest threats."

That might ruffle a few feathers at Microsoft, which as part of its own year-long campaign to drive users away from IE6 has been touting the newer IE8 as more secure because of features including anti-malware blocking and sandboxing on Vista or Windows 7.

HMG's belief in patching also flies in the face of the occasional zero-day. Late last year, for example, hackers deliberately targeted PCs running Windows XP and IE6 to steal confidential information from Google and scores of other major technology companies.

The U.K. government also used the same defense some enterprises have rolled out to explain why they haven't dumped IE6.

"Upgrading these systems to IE8 can be a very large operation ... [and] to test all the Web applications currently used by HMG departments can take months at significant potential cost to the taxpayer," the government said. "It is therefore more cost effective in many cases to continue to use IE6 and rely on other measures, such as firewalls and malware scanning software."

Last February, Frydman admitted that his petition was probably a long shot. "We could have a million signatures on the petition and they still could ignore it," he said at the time. "But it's a starting point."

But others called out the government for the decision.

"Doing nothing is not acceptable from the point of view of security, and sends the wrong message to consumers and businesses across the country," said Graham Cluley, a senior technology consultant at U.K.-based antivirus company Sophos. "IE6 simply isn't a safe place to be anymore, and should be ditched as soon as possible," he wrote in a Tuesday blog.

Although IE6 has gotten the brush-off from the likes of Google and Facebook -- and actually been eulogized in a Denver mock funeral -- it continues to account for a significant share of the browsers in regular use.

According to Web analytics firms Net Applications, IE6 accounted for a global share of 17% last month, a larger slice than the newer IE7's 11.4% and more than twice that of Google Chrome's 7.2%.

Microsoft will provide security patches for IE6 until April 2014, when it retires Windows XP from all forms of support.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com.

Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.