News and Trends
SHARE
Facebook X Pinterest WhatsApp

Enterprises Slow to Dump IE

The calls to dump Internet Explorer may be getting louder, but they are falling largely on deaf ears among enterprise users. IT managers and users say that while the rash of security flaws associated with IE has drawn new attention to its vulnerabilities and has led some individuals to switch browsers, enterprises are reluctant to […]

Written By
thumbnail Matthew Hicks
Matthew Hicks
Jul 6, 2004
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The calls to dump Internet Explorer may be getting louder, but they are falling largely on deaf ears among enterprise users.

IT managers and users say that while the rash of security flaws associated with IE has drawn new attention to its vulnerabilities and has led some individuals to switch browsers, enterprises are reluctant to change browsers because of their reliance on IE-specific intranet applications and Web sites.

Following a series of critical security flaws tied to IE, the U.S. Computer Emergency Readiness Team last week suggested the use of an alternative browser as one way to avoid potential problems. Its recommendation has drawn widespread attention to rival browsers from the open-source Mozilla Foundation, Opera Software ASA and Apple Computer Inc.

“Mozilla has shown itself to be a capable browser and has only gotten better with each release, but until something bad happens to more people, then the interest in moving to that is not going to be that high,” said Dennis Barr, IT manager at civil engineering consulting company Larkin Group Inc., in Kansas City, Mo.

Barr himself uses the open-source Mozilla Firefox browser. Though he prefers to stay off IE, he has had little success persuading his fellow users at the 50-employee company to make a similar move. The biggest hindrance: the lack of support for ActiveX controls in alternatives such as Mozilla, he said.

ActiveX controls, among other things, provide multimedia functionality and interactivity on Web sites. While alternative browsers can support similar functionality using other methods, many sites have opted to specifically support IE and ActiveX. Even if they switch, users will need to revert to IE for certain sites, such as to use Microsoft’s own Windows Update site, Barr said.

“Most people here are just interested in doing their job,” he said. “Unless someone is really inclined to have an additional layer of complication, they stick with IE.”

Click here to read more about an effort among non-IE browser makers to create an alternative to ActiveX plug-ins.

While enterprises might be reluctant to make a widescale switch off IE, IT managers and consultants are beginning to seriously suggest that individual users turn to alternatives.

To Internet marketing consultant Carson McComas, security woes with IE have almost reached a point of no return. Through his consulting company, FrogBody, based in Spokane, Wash., he often fields technical questions from clients, including queries about IE security problems.

“Things have to get pretty painful for them to switch, and that’s beginning to happen,” he said. “Instead of fixing IE, I help them switch browsers.”

Microsoft is promising to beef up security in IE with the forthcoming Service Pack 2 update to Windows XP. In fact, many of the current woes would not occur if SP2 were already in use.

But Microsoft says it won’t offer SP2 security to older versions of Windows. Click here to read more.

“We know that all of the recent attacks in the past 12 months would not be possible if Service Pack 2 had been in the market,” said Gary Schare, a director in Microsoft’s Windows client division.

Next Page: Individuals are better off without IE, security pros advise.

In the meantime, Microsoft has rolled out a mixed bag of fixes for IE. In response to the Download.Ject attack, Microsoft last week issued a security update for making configuration changes to Windows. But the Redmond, Wash., company still is working on a comprehensive security patch for IE, Schare said.

“We wanted to get something out rapidly to help make people safer while we work on a comprehensive fix,” he said. “It’s going to take us a few more weeks to get it done.”

Microsoft’s Schare downplayed calls to move to non-IE browsers, saying that security advisories such as the recent one from CERT have included since last year the suggestion of using other browsers as one of many options for closing security holes.

He also said users need to look at more than security when deciding whether to use a different Web browser, such as whether the applications and Web sites they use will be compatible with non-IE browsers.

Daniel Miessler, an IT security engineer with a financial services company in Georgia, said he suggests that individual users consider ditching IE both because of its security gaps and because of its lack of support for Web standards. Before IE’s most recent security issues, the Microsoft Certified Systems Engineer wrote a story for the Lockergnome Web site outlining reasons to dump IE.

“IE can be secured, [but] there are very few people who are into security and who can do that,” he said. “Ninety-nine percent of people using IE cannot secure it, and even if they could, they’re busy and they just want to use their browser.”

Downloading a new browser such as Firefox or Opera is often easier than following complicated configuration changes suggested by Microsoft and security researchers or downloading patches, he said. Security researchers and CERT have suggested that IE users turn off ActiveX and Active scripting, among other things.

Click here to read Security Center Editor Larry Seltzer’s take on disabling IE scripting.

“If you just use it as a browser, then it’s a hundred times more secure to do so with Mozilla or Opera,” Miessler said.

Check out eWEEK.com’s Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page

thumbnail Matthew Hicks

Recommended for you...

thumbnail How ArmorPoint is Unifying Security for MSSPs & Customers
Security
How ArmorPoint is Unifying Security for MSSPs & Customers
Victoria Durgin
Sep 15, 2025
thumbnail Tenable: AI and Hybrid Cloud Growth Outpacing Security Defenses
Infrastructure
Tenable: AI and Hybrid Cloud Growth Outpacing Security Defenses
Luis Millares
Sep 15, 2025
thumbnail Report: Security Teams are Drowning in Alerts, Turning to AI
Security
Report: Security Teams are Drowning in Alerts, Turning to AI
Jordan Smith
Sep 12, 2025
thumbnail Mitel Appoints Mike Robinson as CEO
Vendor Leadership & Partner Programs
Mitel Appoints Mike Robinson as CEO
Jordan Smith
Sep 11, 2025
Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

facebook
linkedin
youtube
rss
spotify
x

Company

About us Contact us Advertise with us

Categories

Channel Business Security AI Infrastructure Lists & Awards

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information