When another security hole was uncovered in Microsoft Internet Explorer last week, the third in the past month, the U.S. Computer Emergency Readiness Team issued six workarounds to minimize vulnerability, including a suggestion to switch to another browser. Although the idea of ditching IE created lots of industry buzz, the reality of such a move is much different.
"Impossible," says Jim Knight, senior desktop systems analyst for a $2.7 billion global restaurant company he didn't want identified.
"It would take a complete rewrite of quite a few applications and would be similar to switching from Windows to Linux for us," he says. "We have too many applications that require IE 5.5 or greater, and if we were to switch browsers more than half of our client base would be unable to perform their jobs."
US-CERT's advice to switch came with a caveat, in that using a browser other than IE could reduce features when viewing IE-specific Web sites and that IE, which is baked into the Windows operating system, still would be used with various applications. US-CERT also suggested disabling Active X, which was at the heart of the most recent vulnerability, and maintaining updated anti-virus software and refraining from clicking URLs within e-mail.
Also: Microsoft aims to save $1 billion this fiscal year
The IE caveat wasn't news to those who have tried to switch browsers but keep getting pulled back to IE because of its proprietary scripting features and deep integration with Windows. IE is used to render HTML within many Web-based applications that run on Windows.
Keith Mann, network engineer for Harrison School District Two in Colorado Springs, says: "We tried to be an all-Netscape shop, but we ran into too many applications that don't work without IE. We can't do Windows Update downloads with Netscape." Windows Update is the Microsoft site that provides security patches for Windows software.
Mann, who says the growing list of IE vulnerabilities is why he wants out, says the inability to leave IE can be traced to developers who have had to decide how to prioritize their time. With IE owning 94% of the browser market, according to Web analytics firm OneStat.com, Mann says Web developers naturally use the Active X and scripting controls that are proprietary to IE and not supported in other browsers such as Netscape and Mozilla.
Despite the complications of moving from IE, discovery of the security hole last week led to a one-day spike in downloads of Mozilla, the second-leading browser, from 100,000 to 200,000, according to the Mozilla Foundation.
"If developers don't start writing to the broader Web standards then we won't have any choice outside IE," Mann says.
Experts agree that browser choice is something hard to come by these days.
"There is not a real good answer for the enterprise," says John Pescatore, an analyst with Gartner. "IE is really bad. It is riddled with security problems, but it is pretty much impossible for companies to move away from it."
Rss FeedRss Feed
The Leader in Network Knowledge
Comment