Enterprises Slow to Dump IE

While corporate users may be worried about security holes, they often rely on internal applications and Web sites that only work within Microsoft's dominant Web browser.

The calls to dump Internet Explorer may be getting louder, but they are falling largely on deaf ears among enterprise users.

IT managers and users say that while the rash of security flaws associated with IE has drawn new attention to its vulnerabilities and has led some individuals to switch browsers, enterprises are reluctant to change browsers because of their reliance on IE-specific intranet applications and Web sites.

Following a series of critical security flaws tied to IE, the U.S. Computer Emergency Readiness Team last week suggested the use of an alternative browser as one way to avoid potential problems. Its recommendation has drawn widespread attention to rival browsers from the open-source Mozilla Foundation, Opera Software ASA and Apple Computer Inc.

"Mozilla has shown itself to be a capable browser and has only gotten better with each release, but until something bad happens to more people, then the interest in moving to that is not going to be that high," said Dennis Barr, IT manager at civil engineering consulting company Larkin Group Inc., in Kansas City, Mo.

Barr himself uses the open-source Mozilla Firefox browser. Though he prefers to stay off IE, he has had little success persuading his fellow users at the 50-employee company to make a similar move. The biggest hindrance: the lack of support for ActiveX controls in alternatives such as Mozilla, he said.

ActiveX controls, among other things, provide multimedia functionality and interactivity on Web sites. While alternative browsers can support similar functionality using other methods, many sites have opted to specifically support IE and ActiveX. Even if they switch, users will need to revert to IE for certain sites, such as to use Microsofts own Windows Update site, Barr said.

"Most people here are just interested in doing their job," he said. "Unless someone is really inclined to have an additional layer of complication, they stick with IE."

/zimages/3/28571.gifClick here to read more about an effort among non-IE browser makers to create an alternative to ActiveX plug-ins.

While enterprises might be reluctant to make a widescale switch off IE, IT managers and consultants are beginning to seriously suggest that individual users turn to alternatives.

To Internet marketing consultant Carson McComas, security woes with IE have almost reached a point of no return. Through his consulting company, FrogBody, based in Spokane, Wash., he often fields technical questions from clients, including queries about IE security problems.

"Things have to get pretty painful for them to switch, and thats beginning to happen," he said. "Instead of fixing IE, I help them switch browsers."

Microsoft is promising to beef up security in IE with the forthcoming Service Pack 2 update to Windows XP. In fact, many of the current woes would not occur if SP2 were already in use.

/zimages/3/28571.gifBut Microsoft says it wont offer SP2 security to older versions of Windows. Click here to read more.

"We know that all of the recent attacks in the past 12 months would not be possible if Service Pack 2 had been in the market," said Gary Schare, a director in Microsofts Windows client division.

Next Page: Individuals are better off without IE, security pros advise.