After the reports last week that Chinese hackers exploited the vulnerabilities of Internet Explorer; we have been reminded again of the importance of developing according to web standards rather than to support a single, specific web browser.
The hackers were able to exploit security vulnerabilities in the 10-year-old browser and operating system combination of IE6 on Windows XP.
This was a zero-day exploit, which means it was a new-found vulnerability that the vendor (in this case Microsoft) and antivirus / security companies were unaware of. Meaning there was no security fix for this issue.
The main reason many companies including high-street names and government organisations are still using this dated browser is applications they need to use were not written to be standards compliant and instead were specifically written to work in IE6. This means that despite the fact we have already gone through IE7 and now onto IE8 the old dinosaur of IE6 will not die.
The lesson to be learnt for project sponsors and developers is: if you are creating or designing an application, make sure you future-proof your applications and investment by ensuring you are compliant with the most current standards – rather than tying yourself to a single browser or vendors’ technology – as that will always end up holding you back in the future.
As an internet user, as well as using a good antivirus program, always make sure that you are using the most up-to-date versions of your web browser to increase security. You might also consider using one of the alternatives to Internet Explorer: Safari, Firefox and Chrome. Microsoft applications – which include IE – have been reported as one of the top programs to hack by cyber criminals (Forbes 2009).