Who’s Still Using IE 6? – Some Outrageous Surprises

image One of the most frequently repeated pieces of advice on this site is – “Keep all applications (including your operating system) patched, and up to date”. Sounds like good, practical advice – and it is. But as those of us involved in computer security know; this is advice that is not always followed.

Up to a point, I can understand why an occasional user might not be as careful when it comes to following this advice, as a more seasoned user. But what I will never understand is – why a company (of any size), or a government agency, would not recognize the critical need to follow this advice.

We’re all familiar with this statement – “Microsoft issues security advisory on IE vulnerability.” I’m not picking on Microsoft, since experience has taught us that every Browser can be compromised by cybercriminals. And current statistics indicate, Internet Explorer 8 may, in fact, be the “safest” Browser – at least for the moment. Some may dispute this, and that’s fair enough, since many of the metrics used to measure Browser safety are highly variable.

What’s beyond dispute though, is the continued use of Internet Explorer 6 delivers an invitation to the cybercriminal world to play havoc on computer systems.

Internet Explorer 6 has been referred to, in addition to many other flavorful descriptions, as “the least secure software on the planet” and “the worst tech product of all time”.

So, I find it difficult to understand why an 8 year old Browser, (it was released in August, 2001, shortly after the completion of Windows XP), with an horrendous reputation for system safety, continues to be used by any reasonably informed user. But it is being used – and you might be surprised to learn, just who it is that continues to use it.

As a serious Blogger, I use a number of tools including StatCounter, which allows me to listen to my readers, and to determine what it is they need – what they want to read, and what’s important to them. One of the information metrics produced by StatCounter is information on the Browser used by the reader, along with the Host name and location.

In the following example, (December 4, 2009), 2 visits are from a business, and one visit is from a bank – both using using IE 6. Host address is not included here for privacy reasons.

IE 6

Just to be clear – the following Browsers (in order of preference), are used to reach this site:

IE 7 and 8

Firefox 3.0 through 3.5

Chrome 3.0 through 4.0

Safari 3.1 through 4.0

*Internet Explorer 6

Opera 10

Various flavors of the Mozilla Browser

What I find surprising in these statistics is, the continued use of Internet Explorer 6. Even more surprising though is, who’s still using this outdated and incredibly insecure Browser – many U.S. Government sites (including some Defense Department sites), and some very well know commercial enterprises. There are of course, some non-commercial users in this IE 6 group – but not many.

To put this in perspective – approximately 25% of the 3,000 (+ or -), daily visits to this site, are from Universities/Colleges, Government agencies (local and national), Business, and Law Enforcement Agencies (local and national), and roughly 15% of these business and government visitors are still using Internet Explorer 6.

I have yet to see an educational institution, or a law enforcement agency, visiting this site, still using IE 6. But 15%+ of business and government visitors are still using this Browse despite the increased security risk doing so creates.

In January of this year, security advisory site Secunia reported 142 vulnerabilities in Internet Explorer 6 – 22 of which were unpatched at that time. Many of these vulnerabilities were rated moderately critical in severity.

Even today (December 5, 2009), Secunia’s advisory affecting Microsoft Internet Explorer 6.x, with all vendor patches applied, still rates this application’s security vulnerabilities as “Highly critical”.

image

So here’s my question: With the increasing sophistication of cybercriminals, particularly in cybercrimes directed at business and government, (and we know that cybercriminals are currently targeting small and medium sized businesses), why would a business or government agency continue to use Internet Explorer 6?

It would definitely impact my decision as to whether to do business with a particular organization (holding my confidential information), if I was aware that business still employed Internet Explorer 6.

This is not a scientific survey of Internet Explorer 6 usage in business, or government, and I’m aware of the lack of applied methodology. Nevertheless, anecdotal evidence is often reasonably representative of reality, and in this case, I believe it is, since I’ve been watching IE 6 usage here for over a year.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Google Chrome, Internet Explorer, Internet Safety, Microsoft, Online Safety, Personal Perspective, Safari, Software, Windows Tips and Tools

8 responses to “Who’s Still Using IE 6? – Some Outrageous Surprises

  1. Kat1110

    …and this is a FREE security upgrade!!

    • Bill Mullins

      Thanks for the comment Kat.

      Not taking advantage of this “FREE security upgrade”, as you rightly point out, is mind boggling. Given that a large percentage of cybercrime is facilitated through Browser exploits, business and government, running IE 6 are negligent in the extreme.

      Bill

  2. Kai

    Great article! This was interesting. You know, I have a blog too (quite abandoned lately due to the sheer amount of work I have) and my stats show quite the contrary: 75% of the visitors of my site are Firefox users. Of course, there are also some people that keep using IE6.

    • Bill Mullins

      Thank you Kai.

      Let me make this clearer for you. I said 15% of business and government visitors, in other words approximately 110 daily visitors out of 3,000 daily visitors, still use IE 6. I did not break down the usage stats on other Browsers.

      Just for your info though – Firefox usage on this site averages 42% – higher than the overall level of Firefox use on the Internet, which is roughly 32%. Any idea why 75% of your visitors use FF – it seems unusually high?

      Bill

  3. azziz

    Did they upgraded their windows version.

    • Bill Mullins

      Hey Aziz,

      In every case the user’s system is Win XP, or older. I did wonder, how many of these are pirated OSs.

      Bill

  4. Great point about IE6 usage, I see it often when enterprise or government agencies are using 6 because some other outdated application requires it. This is even more inexcusable, to have a application depend on an outdated and broken browser is insane.
    Great post as always.
    Mark

    • Bill Mullins

      Hey Mark,

      You’re point is well made. A common response to “you’re an idiot for continuing to rely on IE 6” is, as you suggest – it’s tied to older applications. As you say, that type of response is “insane”.

      Having spent many years in insurance, I know this: Any organization who held “liability coverage” with my company to cover online security issues, who still relied on IE 6, would have their coverage pulled immediately. Such organizations are in “clear and present danger” – (apologies to Tom Clancy).

      Thank you for your educated comment.

      Bill