UK Government: “We’ll use IE 6, even if we get hacked, upgrades too expensive!”

The United Kingdom government has oddly disapproved upgrading their internal web browsers from the exploit-prone Internet Explorer 6 to a more recent Internet Explorer version, saying the trouble of performing and cost of the browser upgrade would outweigh the benefits.

A petition began back when French and German governments issued a message to citizens to “get a better browser“, promoting the use of Opera, Firefox and Chrome instead of IE, in the wake of the Chinese Google Hack Attack. While the petition received 6,223 signatures and ended on 6th of June 2010, the government replied to the petition with the following statement on the 30th of July, quote:

Complex software will always have vulnerabilities and motivated adversaries will always work to discover and take advantage of them. There is no evidence that upgrading away from the latest fully patched versions of Internet Explorer to other browsers will make users more secure. Regular software patching and updating will help defend against the latest threats. The Government continues to work with Microsoft and other internet browser suppliers to understand the security of the products used by HMG, including Internet Explorer and we welcome the work that Microsoft are continuing do on delivering security solutions which are deployed as quickly as possible to all Internet Explorer users.

While Microsoft is still committed to providing patches and bug fixes to the dying Internet Explorer 6 and 7 versions until April 2014, when the Extended support for Windows XP (including Internet Explorer 6) dies out. It is also interesting to note that Microsoft internally browser-bashes Internet Explorer 6, and instead is often promoting the security of Internet Explorer 8. Despite this, exploits written for Internet Explorer 6 and 7 are somewhat limited in the latest version of Internet Explorer 8, thanks to internal “sandbox” features, and the advanced security improvements in Vista and Windows 7.

Another statement by the UK government also suggests that they have better plans to do with their money:

It is not straightforward for HMG departments to upgrade IE versions on their systems. Upgrading these systems to IE8 can be a very large operation, taking weeks to test and roll out to all users. To test all the web applications currently used by HMG departments can take months at significant potential cost to the taxpayer. It is therefore more cost effective in many cases to continue to use IE6 and rely on other measures, such as firewalls and malware scanning software, to further protect public sector internet users.

Most web applications that work in Internet Explorer 6 will work in Internet Explorer 7/8 flawlessly (if not in Compatibility Mode), but on the other hand, relying a firewall and malware protection while using a obsolete web browser may seem like a dodgy solution if an exploit slips through before the firewall can catch it.

Via Ars Technica.