I see all this zero day stuff about IE, they can't fix it, it's actively exploited, they are frantically working on a patch, etc... And the first thing I think is: You deserve it. If you aren't someone who is too old to understand better (the only place I'll cut you slack) and you still use IE, then your organization needs to feel pain until you are forced to actually upgrade to a different browser.
It's not acceptable to think some crappy 90s to early 2000s webpage you built internally will work forever, anymore than you can drive your car for 900000 miles and not expect problems. You've had plenty of opportunities, and you failed to actually upgrade because your company is so paralyzed with bureaucracy or cheapness to develop anything new. At a certain point, your business or agency needs to fail, because while fires are bad and no one likes them, they are also a natural process whereby mountains of decaying trash gets removed.
@greylaw89 I once worked for a large aerospace company that managed 100k+ end user devices. At the time (2012) the company was transitioning from Windows XP to Windows 7, and the vast majority of devices were still XP. I recall there being constant CVEs for IE, and the company rolled out the weekly patches. It was not permitted for employees to install alternative browsers unless there was a business need exception (e.g. certain engineering teams), so most users were stuck with IE.
That being said, there were few, if any, incidents related to IE. This was due to the defense-in-depth the company policies had established. This included aggressive web filtering and blocking policies, MITM all SSL/TLS, security policies, IDS, and network isolation.
They took so long to migrate because of the large inertia involved. Internal company tools, end-of-life specialty CAD tools, updated training for 100k employees, all of which requires testing and verification. I’m empathetic to these sorts of situations because of the enormous cost, and anyway, the business quantifies and agrees to the risk.
@greylaw89 I recently needed a new personal development machine. I have used either Linux or macOS for the last few years. The machine came preinstalled with Windows 10. Since I was told that many things have improved as far as software development ergonomics (e.g. WSL), I decided to spend a few hours on a first date with Windows 10 to see if sparks would fly.
During this time I was bombarded with critical software security updates. I got nervous and wiped Windows entirely from the machine.
I got a laugh from the release schedule for IE as provided by Wikipedia.
Yeah... thats pretty bad hahaha
@wes
Well, while all that is true, as we can see there are prices for *not* migrating as well.
If you need training for your users on modern web browsers, you need new users.