My current role, and the one that I hope to stay in, is as Product Manager. Despite the fact that I have seen the company triple in size over my three years with them, it is still a small company and, as such, I do rather more than a Product Manager in a large company would do. I put together the product roadmap, write software specifications, design the workflows, user experience (UX) and user interfaces (UI) for the products, as well as coding a good deal of the actual UIs too.
It's busy but immense fun and, usually, incredibly satisfying.
However, we are a web software company and, as such, there are a few things that are massively annoying: these can generally be defined as Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 (I am reserving judgement on IE9, since it looks to be half-way decent), and their prevalence amongst our customer base.
Unfortunately, for various technical reasons—mainly to do with the tight integration with Windows that led to accusations of monopoly abuse, as well as providing massive security flaws—many large organisations still use IE6 and are having a hard time weaning themselves off it.
But the simple fact is that IE6 not only prevents people like me from writing better web software: it is a massive security risk. As one writer at ZDNet put it... [Emphasis mine.]
Any IT professional who is still allowing IE6 to be used in a corporate setting is guilty of malpractice. Think that judgment is too harsh? Ask the security experts at Google, Adobe, and dozens of other large corporations that are cleaning up the mess from a wave of targeted attacks that allowed source code and confidential data to fall into the hands of well-organized intruders. The entry point? According to Microsoft, it’s IE6...
This would be worrying enough: after all, there are plenty of corporations which are still using IE6—but at least you don't have to give them your sensitive information.
But, as I know from personal experience, one of the areas most resistant to upgrades is the NHS—and they do have plenty of your most personal details on file. Yes, they are behind the N3 network (which brings a whole new set of challenges to those of us working with them) but it only needs one entry point to compromise the entire system.
Many NHS organisations believe that they are supposed to be using IE6; many of them believe that the Spine applications that they need to access will not work on anything other than IE6. This is not only untrue, but these organisations are ignoring a very clear Directive—issued over a year ago by the Department of Health—to cease using IE6 and to upgrade to IE7 as a minimum.
The Department of Health has told trusts using Windows 2000 or XP to move to version 7 of Microsoft's browser.
In a technology bulletin published by the department's informatics directorate on 29 January 2010, it advised NHS trusts using Microsoft Internet Explorer 6 on either Windows 2000 or Windows XP to move to version 7 of the browser.
"We've advised NHS trusts to upgrade to IE7 as early as possible," said a spokesperson. The guidance said that IE7 works with the department's Spine applications, and provides additional security.
The notice also recommended that organisations that continue to use IE6 should apply a security update patch from Microsoft to all affected computers, or if this is not possible apply mitigation methods suggested by the vendor.
Microsoft reported a significant security problem with IE6 on 14 January which could compromise a computer's operating system, although the browser was already known to be less secure than newer versions. The new vulnerability could act as an entry point for hackers to a network, allowing sensitive information to be stolen, according to the DoH bulletin.
Some weeks ago, I raised this issue with a number of NHS organisations, and asked—given the sensitive nature of the data that they hold—why they are still using this browser. Most have said they will look into it, and that is the last that I have heard of the matter.
It is hardly surprising that government organisations—not known for their ability to keep our data safe—are still using this out-dated and flawed browser. It is bordering on the criminal that they continue to use IE6.
Now, Microsoft themselves have set up a new website—IE6 Countdown—which seeks to encourage the death of this shitty piece of software. Naturally, M$ do not put it in quite those terms—they seek to push the benefits of upgrading to the latest version of IE rather than pointing out that IE6 is crap—but the message is the same: don't use IE6, especially for security-critical systems.
Perhaps, with IE6's own manufacturers seeking to kill it, those who risk the integrity of our data every single day might pay some attention.
And then we can take some small steps towards a better web experience too...
* At the moment, we are desperately looking for friendly, enthusiastic people to fill two roles: that of a web designer/front-end developer and that of first-line tech support. Please drop me a line if you would like more details...