Modern field guide to security and privacy

If you're reading this with Internet Explorer, stop in the name of security

Starting Jan. 12, Microsoft will stop supporting older versions of Internet Explorer as it tries to move users to its newer Edge browser. The lack of technical support and upgrades will expose anyone using older IE versions to myriad security risks.

AP/File

The end of the 'e' is near. The lowercase vowel that millions of Internet users clicked on to browse the Web for 20 years is fast becoming a relic of the Information Age as Microsoft Corp. ends support for all but the newest versions of Internet Explorer.

Effective Jan. 12, people using IE versions 7, 8, 9, and 10 will no longer receive updates, security patches, or technical support from Microsoft except in some limited situations where they might be running it with certain versions of Windows.

Microsoft announced its end of life plans for the pioneering browser more than a year ago. Even so, tens of millions of users, including thousands of companies worldwide, are expected to continue to use the obsolete browsers and expose themselves to potentially serious security issues in the process. In fact, security analysts expect to see a spike in attacks targeting users running older versions of IE and want them to update as soon as possible.

In cutting support for old IE, Microsoft wants to move users to its Edge browser. IE 11, released in 2013, will be the last version of IE that Microsoft will support – at least for now. In some cases, however, it will offer support for other browsers on certain operating systems (a full rundown can be found here). Still, it's clear the company is quickly looking to shelve the browser altogether.

But as often happens with technology upgrades, users do not always keep up with the latest upgrades. Microsoft's experience with Windows XP is a case in point.

Microsoft ended support for its venerable Windows XP operating system in April 2014. Yet nearly two years later, Windows XP, arguably the most popular version of Windows, still holds a nearly 11 percent market share, according to data from Net Applications. Several organizations are actually paying Microsoft extra money to receive support for Windows XP because they are not ready to shift yet.

But holding onto obsolete technology is risky. "The dangers of unsupported software are often further reaching than people realize," says James Maude, senior security engineer at Avecto, a software security firm.

"The obvious dangers are running software that will no longer receive security updates so if an exploit appears tomorrow there is no easy way for you to stop it," Mr. Maude says. In fact, hackers often save up exploits until a vendor ends support for a product so they can use them more effectively, he says.

Upgrading to a new browser is not particularly complicated and can be accomplished in minutes. But it's a different story with organizations that might have developed applications that work only with specific versions of a Web browser. In fact, updating an old browser can get complicated – and expensive – and often the tendency is to simply maintain the status quo rather than risk disruption.

Small businesses are more likely to stick with old technology, says John Swanciger, chief executive officer at Manta, an online business community for small business owners. Data collected from more than 300,000 small business owners who have visited Manta’s site over the last month shows that 34 percent of them use IE. More than 6 in 10 of those users were using IE versions that have now been discontinued by Microsoft.

"Situations like this happen because many small businesses are simply unaware when companies like Microsoft pull support on their software," Mr. Swanciger says. And even if they are aware, they "choose to remain on old versions because the transition requires money, time, or manpower."

IT departments that have not upgraded to new IE versions might want to do it before Feb. 9, cautions Craig Young, a security researcher at Tripwire. That’s when Microsoft is scheduled to release its next batch of security fixes for IE 11.

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.