Volkswagen

I wonder why this hasn't been mentioned already:
Why IE6 Still Matters And Why You Should Not Care

And I thought this ailment afflicted third world countries like mine

I wonder what form the restructuring will take (or has taken). More "secure" proprietary lock-in-to-my-browser-and-my-OS stuff?

 

If even a single one of their sites/products relies on it it's easier for them to just stick to it.

 

It would also be stupidity or ignorance on their part. from the link vasa provided:

Hopefully it is because of an outdated page, because if it isn't they are either ignorant of the security vulnerabilities IE6 presents, or they are too cheap (too greedy) to pony up for the $$ to upgrade to IE8/9 web viewing compatibility.

 

It's most likely a money thing. I'm sure it's a calculated risk.

 

If it's a calculated risk, I hope it backfires on them. I'll admit I can't stand business decisions based primarily on the bottom line.

 

If they are only using it for internal network apps/sites it doesn't really matter.

 

Even when it comes to big Corp. accounts, IE6 is still alive.
Unfortunately...

 

Oh yeah, being hacked saves a lot of money over upgrading for free, not to mention losing company secrets.

 

Upgrading is not free. You have to pay someone to roll out the upgrade and you have to pay someone to update the site/ software.

Anything that's hackable from this probably isn't super important to them and they probably aren't too worried.

 

How hard is it to let Windows Update automatically install IE 8?

 

If you want to do a company wide update deployment at a company with millions of workers? Probably fairly difficult.

You need to make sure it rolls out to everyone for one thing and then you need to deal with the bugs/ issues that come with any huge deployment.

Not to mention the fact that they would have to test a ton before rolling something as huge as 2 major browser revisions out.

 

There's always compatibility mode and disk imaging.

 

You can't deploy a disk image as an update.

And while compatibility mode might even be 100% it doesn't change the fact that they have to do a lot of testing.

You do not roll out huge updates without testing. Imagine if something broke? What then? You have to spend a whole lot more money either fixing it (if it's possible) and then deploying THAT update or you have to spend another bunch of money rolling out a downgrade and you're back where you started.

 

Difficult or not, no matter how many employees, it's the job of the IT department to ensure it's done. Either they don't care or they're shackled by budget constraints.

 

If being hacked loses them 5 dollars and it would cost them 6 dollars to roll out the update they'll take the risk of being hacked.

Even if being hacked costs 20 dollars and rolling the update would cost 6 there's only the potential cost of a hack whereas a rolling update would always cost money.

Part of being IT is risk management/assessment. That can mean understanding costs.

 

It's backup.

Of course they should, instead of consumers testing outdated stuff.

Disk image, the backup.

That's only short term, you forgot long term.

There is another factor, customer satisfaction. Imagine having an incompatible website for Windows Vista and above users.

Loss of secret documents is extremely costly, or even priceless.

 

Oh, I see. Yes. But even still it's not ideal and still would have to be rolled out.

Customer satisfaction is irrelevant. The customer never sees their internal computers, I'm sure the customer website work just fine with any browser.

None of their secret documents are on their network. Any R&D stuff is either in its own locked down network or not on a network at all.

Look at when sony was hacked. Was there sensitive R&D data leaked? Absolutely not, just customer information. All of their actual valuable information is off of the network and locked down completely.

 

Customer satisfaction is very relevant, especially with sites designed for old browsers, and loss of their personal data.

 

It's really not nearly as relevant as their huge behind the scenes projects.

Sony was hacked twice and they lost some money giving away free games. I doubt too many people went around selling their PS3's over it and all-in-all the company probably didn't lose a hell of a lot. Sony's case is different because they could have easily secured their servers for far less cost.

In this case it's probably even less relevant. Offer the customers some deals or a free credit check (those cost about 10/month~) for the customers who do complain and they'll either end up spending the same amount or less.

Even if they did spend a bit more the potential loss is not as bad as the definite loss.

Companies do this all of the time. Upgrading costs money and risk assessment is a huge part of security administration.

 

lol I mean I know Citi bank uses WinXP Professional. I talked to their IT guy (I worked there for a while) and he explained some of the vulnerabilities. He said it just doesn't matter in the scheme of things - someone would have to exploit it to begin with and the losses they do see from this aren't anywhere near how much it would cost for each ATM to be updated as well as the costs of updating the ATM software.