The End of the Line for Internet Explorer V8, 9, 10: What to Do
Today marks the end of support for Microsoft Internet Explorer versions 8, 9, and 10. What does this mean for browser security?
Microsoft, like many larger organizations with diverse customer bases, is in the business of reducing customer surprises as part of their value. It is for that reason that they have a documented and thorough (!) Support Lifecycle site to help customers make sense of their policies. Looking back through the previous versions of Internet Explorer, the pace of new version releases has accelerated. While IE 6 made a 5 year run before IE 7 came out, IE 10 was replaced by IE 11 after just a shade over 13 months (IE 11 had a longer tenure, likely due to the development efforts around Windows 10 and the Edge browser).
This more rapid shift to the subsequent platform is a clear indication of how quickly consumers demand the market evolve. Despite this product lifecycle reduction, Microsoft has lost the lead in the browser war and appears to be trending towards further market share erosion. However, pegging browser market share, as I learned, is fraught with peril. Searching for “worldwide browser market share 2015” showed IE has anywhere from a high of ~56% to a low of 18%. The end of IE 8, 9, and 10 makes room for Edge (although to me, the Edge will still be this for a long time to come) which Microsoft hopes will help reestablish their place in the browser battle.
While the big headline says IE is going away, the reality is not quite that simple. Depending on the OS you are running, you may still have support as far back as IE 7, though for the majority of people running non-embedded versions of an up-to-date OS, this is not the case. Windows Vista SP2 (April 2009 release date!) is the only desktop OS that would enable support earlier than IE 11. Here’s the full chart for those who may still have a few copies of Windows Embedded for Point of Service (WEPOS) somewhere in their corporate environment:
Internet Explorer operating system support chart via Microsoft.
So, your browser is going EOL, what’s a smart user to do? Well, simply updating will provide far more benefit that harm. Occasionally a new browser version can “break” applications or websites, but it is more common for that to happen to bespoke web applications than the sites people use every day. This is the reason that the chart has broader legacy browser support for Server and Embedded Operating Systems, there can be significant costs to migrate to a new browser.
Will updating your browser ensure safety on the web? Nothing is a guarantee, but it is a step in the right direction as it addresses some of the issues you don’t even see that can be the root cause of breaches (such as exploitable vulnerabilities in legacy browser software). Some of the best tips, though, work regardless of the browser you run, so long as it is an up-to-date version. Follow these tips to build safe browsing habits beyond keeping browsers updated:
- Always check URL text, both before and after you click. No top level domains are 100% safe. That said, some are worse than others in terms of websites that may harbor malicious intent; we each have our own personal filter to what domains we deem dodgier than others. Right click or mouse over a link to inspect its actual URL destination. When checking URLs, be especially wary for spoofed URLs that use clever misspellings or insert “.com” before the actual TLD to look like well-known, legitimate sites at a glance.
Use HTTPS instead of HTTP. With the 2015 holiday season over, the shopping rush is somewhat slower, but this is no time to get lax about submitting information to insecure websites. Look for the HTTPS in the browser address bar and the padlock. HTTPS verifies that the website you are visiting is legitimate and encrypts any information sent to that site. Originally HTTPS was used for financial transactions, though more sites have adopted HTTPS as a way of protecting user information.Here's an example of an HTTPS connection and lock icon:
- Avoid public/free/untrusted Wi-Fi and never transmit sensitive information over an open internet connection. When you connect to a Wi-Fi hotspot you can easily set yourself up for a MITM attack. Even if you’re visiting sites that use HTTPS, open internet connections make it far too easy for an attacker to intercept your web traffic.
Today is January 12, 2015 and your IE 8, 9, and 10 have passed their Microsoft determined expiration date; these browsers are only going to become less secure as the days progress. What browser you move to – Edge, Chrome, FireFox, Opera, or something else – is up to you, but keeping current and building secure browsing habits is something that always pays dividends.