Despite the fact that Microsoft Internet Explorer version 8 has been available for the best part of a year now, it may surprise you to learn that it has not yet caught on in that bastion of forward thinking and rapid responsiveness, the British government. In fact, in spite of the fact that Microsoft has cited IE6 as vulnerable to the zero-day vulnerability that those Chinese crackers exploited to infiltrate Google’s network, IE6 is still alive and well and living in glorious ivory tower isolation.

IE6 is extensively used by the British government, including UK armed forces: in response to parliamentary questions asked last year by Labour MP and former Cabinet Office minister Tom Watson, the Ministry of Defence, which has 300,000 desktops worldwide (including ships), said it was sticking with IE6, “and at the current time does not have a requirement to move to an updated version”.

As Jonathan Ness of the Microsoft Security Research Center Engineering group stated in a blog post:
“I want to make one thing perfectly clear. The attacks we have seen to date, including the exploit released publicly, only affect customers using Internet Explorer 6. As discussed in the security advisory, while newer versions of Internet Explorer are affected by this vulnerability, mitigations exist that make exploitation much more difficult.”

So the so-called Chinese attack only affects Internet Explorer 6, and there may be a number of IE6 instances in use in government, so there is no security threat there then!

Is it just me being simple, or does it seem odd that so many Government departments are actively prevented from upgrading to a safer, more usable browser, with functionality that users could benefit from? Let’s look at the numbers. Apart from an undisclosed number of desktops in the Ministry of Justice using the vulnerable and out of date browser, the figures available are breathtaking:

  • More than 750,000 workstations in the NHS
  • 500,000 in the Department of Work and Pensions
  • 300,000 in the Ministry of Defence

There must be some major national security threat if users ever get the ability to use tabbed browsing; what else could explain the reluctance to upgrade? Perhaps some bold MP would like to ask the question in Parliament.