15 January 2016

If you're reading this with Internet Explorer, stop in the name of security

http://www.csmonitor.com/World/Passcode/2016/0113/If-you-re-reading-this-with-Internet-Explorer-stop-in-the-name-of-security?cmpid=ema:nws:Daily%2520Newsletter%2520%2801-13-2016%29&utm_source=Sailthru&utm_medium=email&utm_campaign=20160113_Newsletter:%20Daily&utm_term=Daily 
Starting Jan. 12, Microsoft will stop supporting older versions of Internet Explorer as it tries to move users to its newer Edge browser. The lack of technical support and upgrades will expose anyone using older IE versions to myriad security risks. 
By Jaikumar Vijayan, Correspondent January 13, 2016 
The end of the 'e' is near. The lowercase vowel that millions of Internet users clicked on to browse the Web for 20 years is fast becoming a relic of the Information Age as Microsoft Corp. ends support for all but the newest versions of Internet Explorer.

Effective Jan. 12, people using IE versions 7, 8, 9, and 10 will no longer receive updates, security patches, or technical support from Microsoft except in some limited situations where they might be running it with certain versions of Windows.
Microsoft announced its end of life plans for the pioneering browser more than a year ago. Even so, tens of millions of users, including thousands of companies worldwide, are expected to continue to use the obsolete browsers and expose themselves to potentially serious security issues in the process. In fact, security analysts expect to see a spike in attacks targeting users running older versions of IE and want them to update as soon as possible.
In cutting support for old IE, Microsoft wants to move users to its Edge browser. IE 11, released in 2013, will be the last version of IE that Microsoft will support – at least for now. In some cases, however, it will offer support for other browsers on certain operating systems (a full rundown can be found here). Still, it's clear the company is quickly looking to shelve the browser altogether.

But as often happens with technology upgrades, users do not always keep up with the latest upgrades. Microsoft's experience with Windows XP is a case in point.
Microsoft ended support for its venerable Windows XP operating system in April 2014. Yet nearly two years later, Windows XP, arguably the most popular version of Windows, still holds a nearly 11 percent market share, according to data from Net Applications. Several organizations are actually paying Microsoft extra money to receive support for Windows XP because they are not ready to shift yet.

But holding onto obsolete technology is risky. "The dangers of unsupported software are often further reaching than people realize," says James Maude, senior security engineer at Avecto, a software security firm.

"The obvious dangers are running software that will no longer receive security updates so if an exploit appears tomorrow there is no easy way for you to stop it," Mr. Maude says. In fact, hackers often save up exploits until a vendor ends support for a product so they can use them more effectively, he says.

Upgrading to a new browser is not particularly complicated and can be accomplished in minutes. But it's a different story with organizations that might have developed applications that work only with specific versions of a Web browser. In fact, updating an old browser can get complicated – and expensive – and often the tendency is to simply maintain the status quo rather than risk disruption.

Small businesses are more likely to stick with old technology, says John Swanciger, chief executive officer at Manta, an online business community for small business owners. Data collected from more than 300,000 small business owners who have visited Manta’s site over the last month shows that 34 percent of them use IE. More than 6 in 10 of those users were using IE versions that have now been discontinued by Microsoft.

"Situations like this happen because many small businesses are simply unaware when companies like Microsoft pull support on their software," Mr. Swanciger says. And even if they are aware, they "choose to remain on old versions because the transition requires money, time, or manpower."

IT departments that have not upgraded to new IE versions might want to do it before Feb. 9, cautions Craig Young, a security researcher at Tripwire. That’s when Microsoft is scheduled to release its next batch of security fixes for IE 11.

No comments: