Last week, InfoWorld columnist Oliver Rist recommended that you stop using Microsoft Internet Explorer as your browser. He had good reason: The latest vulnerability reports point out some significant security holes in IE that aren’t going to be easily overcome.
According to Rist (who is sitting behind me while I write this, just to make sure I don’t misquote him), the biggest problem is with Microsoft’s continued use of ActiveX, but that's by no means the only problem. In fact, it looks as if IE can’t be successfully patched, and what’s needed is a whole new version.
But what are you going to do if you don’t use IE? For most, IE is the default browser; they don’t have another choice that’s easy to implement. Does that mean that you should just grit your teeth and hope for the best? Not necessarily.
There are other browsers out there without IE’s security holes, most notably Mozilla. Getting Mozilla isn’t a problem -- just download it from the Web site. The real problem is that you have to be sure that moving to Mozilla doesn’t introduce a new set of problems.
My own experience with Mozilla indicates that it works at least as well as IE and appears to be somewhat faster. I’ve already moved to Mozilla as my default browser because of the security issues with IE. As it happens, I'm also finding that I like it better than IE.
Unfortunately, the only way to know for sure whether Mozilla will work with the apps that require a browser is to test it. Download it to a few machines and see if anything breaks.
Testing Mozilla might be the first step on the path to IE separation, but the journey isn't over yet. Many companies who run Web sites tend to be kind of lazy and code their sites only for IE, because it’s the dominant browser. Sometimes they take shortcuts that keep other browsers from working properly.
The only way to know for sure if these shortcuts will shortcircuit a non-IE browser is to try potential replacement browsers to see if they work with the Web sites you absolutely depend on. If they do, you won’t need to worry as much about adopting them, although you’ll still have to install the new browser on every machine, and that’s not the world’s easiest task in a large enterprise.
But there’s another task you have to worry about. What are you using for your own Web server? Internet Information Server has its own set of vulnerabilities, after all. And what about the code running on your Web site? Have you avoided those programming practices that will lock your visitors into IE? After all, a lot of companies are now using machines that don’t run Windows (and therefore not IE), and a growing number are trying to avoid IE even if they do run Windows because of the security issues. You don’t want to discourage them from visiting your site, do you? I didn’t think so.
Unfortunately, you can’t drop IE from your Windows machines completely. You still need it for Windows Update alerts. But it is possible to use it sparingly, and until Microsoft issues a new release, that would be a good idea.