The Danger of Ignoring Web Standards (1)

Tuesday, 26 January 2010

web-standards1After the reports last week that Chinese hackers exploited the vulnerabilities of Internet Explorer; we have been reminded again of the importance of developing according to web standards rather than to support a single, specific web browser.

The hackers were able to exploit security vulnerabilities in the 10-year-old browser and operating system  combination of IE6 on Windows XP.

This was a zero-day exploit, which means it was a new-found vulnerability that the vendor (in this case Microsoft) and antivirus / security companies were unaware of. Meaning there was no security fix for this issue.

The main reason many companies including high-street names and government organisations are still using this dated browser is applications they need to use were not written to be standards compliant and instead were specifically written to work in IE6. This means that despite the fact we have already gone through IE7 and now onto IE8 the old dinosaur of IE6 will not die.

The lesson to be learnt for project sponsors and developers is: if you are creating or designing an application, make sure you future-proof your applications and investment by ensuring you are compliant with the most current standards – rather than tying yourself to a single browser or vendors’ technology – as that will always end up holding you back in the future.

As an internet user, as well as using a good antivirus program, always make sure that you are using the most up-to-date versions of your web browser to increase security.  You might also consider using one of the alternatives to Internet Explorer: Safari, Firefox and Chrome.  Microsoft applications –  which include IE – have been reported as one of the top programs to hack by cyber criminals (Forbes 2009).

  • Sarah

    As a long time developer I would love to be able to just drop support for IE6 and redirect the visitor to a great big page telling them they need a web 2.0 browser instead of a web 0.5 one.

    Until IE6 market share falls to an insignificant level most sponsors of a new build internet project are not going to reject IE6.

    The good news is that IE6 share is falling and has recently been overtaken by IE8.

    It is the last die hard 10% of users that will be hardest to shift and unless more companies like Google take the step of withdrawing support there is still no perceived need for the diehard IE6 user to go to the “effort” of upgrading even though that “effort” is minimal.

    Perhaps developers should take these users head on and start alerting users to upgrade on all sites that they personally run. Eventually the message may sink in.

    With this in mind I have just added the shockingly-big-ie6-warning plugin on my systems, development and infrastructure blog