Microsoft is finally moving on from its aging Web browsers as Internet Explorer 8, 9, and 10 will receive their last security updates and enter end-of-life on January 12. Users will then see a tab with a download link to the most current Internet Explorer available for the operating system.
End-of-life doesn't mean older versions of Internet Explorer suddenly stop working, and there are ways to turn off Microsoft's nagging reminder to update. But not switching to a supported browser is a colossal security mistake considering that attackers frequently target unpatched vulnerabilities in Internet Explorer. A regularly updated browser is still a critical line of defense against Web-based attacks.
Note, however, that the end-of-life applies only to a certain segment -- but a significant number -- of Windows users.
"The update will apply to Windows 7 SP1 and Windows Server 2008 R2 for users who have not upgraded to Internet Explorer 11 (i.e. IE8, IE9, and IE10 users)," Steve Thomas, a senior consultant at Microsoft, wrote in a blog post.
Exceptions for older OS
The lifecycle support policy Microsoft adopted a year ago ties the software to the underlying operating system version. Internet Explorer is considered an operating system component, so the browser is supported so long as the operating system is supported. A handful of operating systems currently in extended support do not support Internet Explorer, so they will continue to receive technical support and security updates for IE9 and IE10. The exceptions to the end-of-life announcement are as follows:
- Windows Vista SP2 (IE9)
- Windows Server 2008 SP2 (IE9)
- Windows Server 2008 IA64 Itanium (IE9)
- Windows Server 2012 (IE10)
IE8 goes away entirely for all operating system versions.
Considering the install base for these operating systems is relatively small, most organizations will see the majority of their systems affected. Windows 7 users make up more than 55 percent of desktop computers, according to the latest figures from NetMarketShare and remains the dominant operating system in enterprises. "Essentially, no enterprise runs Windows Vista," said James Maude, a senior security engineer at Avecto.
Impact on IT and developers
For organizations that are still on older versions in order to support legacy line-of-business applications, having three generations of Microsoft's default browser simultaneously fall out of support complicates IT's job tremendously. Businesses often struggle to update and test new software on the corporate build.
"Moving on is not always a simple process," Maude said.
Some enterprises may decide to run the browsers in virtualized containers to maintain compatibility with out-of-date business applications. And those organizations on older operating systems incapable of running IE11 should consider moving to other browsers, such as Chrome or Firefox.
The end-of-life move is great news for developers who still have to jump hoops to make sure their applications work on older browsers. Developers don't want to worry about whether or not modern CSS works on older versions, or whether their users are getting a suboptimum experience because of the browser they're using. Before completely phasing out developer support for IE9 and IE10, check the user operating system statistics to figure out how many users will be impacted. Even if it's not a complete end-of-life, it does bring developers closer to the day they can stop testing their applications against older browsers.