Am I the only one who finds all the happy faces Microsoft have injected into the page a bit weird? It feels like they are trying to sell me some bad news but make me feel happy at the same time.
Don't get me wrong - I think it's a good move to discontinue support for older IE versions... There is just something with all the smiling and laughing faces all over the page that make all my alarms go off
The fake-grin people in the pictures are nurses and technicians from hospitals still stuck on IE6 because their late 1990s medical imaging ActiveX controls are bug-for-bug compatible with that wonderful piece of software.
Behind their grins are the questions, "what now?" or maybe even "where do I want to go today."
Their IT krewes are wondering, "how am I going to get the CFO to approve an upgrade to the GE medical imaging suite? we've been out of maintenance for 15 years."
And their info security guy is considering seeking asylum in a foreign country.
Everyone using a browser that doesn't get security patches is basically a walking malware farm. Not supporting them with your site and pushing them to upgrade is the moral high ground.
It's a good first step though. This means that websites can start telling users "we don't support this browser because Microsoft doesn't", etc., and they will die off quicker.
Manipulation (aka advertising/PR/marketing) techniques 101. Showing pictures of happy faces makes the audience (not you in particular, but the average reader) have more positive feelings about the announcement. There's no other plausible reason for using a row of random smiley faces as a page separator in an announcement like this.
But in this case they overdid it, and now it feels a bit like a scam/domain hijacked website with tons of stock photos. I might not have noticed a single row, but it has 4 rows!
I don't think it's weird at all, and it's probably a deliberate design choice by the developer that made this page. They've probably probably suffered for years because of IE's poor support for standards and other quirks. I think it's a mini celebration by way of design!
Not so fast, it just means enterprise support prices have gone up for those organisations resisting change and still requiring security. For example, the entire country of South Korea.
When I read your comment, I thought they had inserted happy smileys in their text. It made me curious enough to open the page and see the regular marketing faces for Microsoft. That was a bit of a bummer. It would have made my day to see real smileys on that page! ;-)
Thank goodness. IE 11 has enough warts and weirdness; having to deal with all the brokenness in IE 8 was driving my front-end colleagues to alcoholism...
I have a beautiful dream sometimes, where I go to work, and I only have to care about supporting Chrome...
> I have a beautiful dream sometimes, where I go to work, and I only have to care about supporting Chrome...
I understand the sentiment, but to be clear: Ideally we do not want any one vendor with a majority browser share. Otherwise someone will get complacent and we'll have a repeat of the dark times (IE6). Having multiple browser vendors is good for the web.
especially since their render engine is opinionated about how full-screen should work and other weirdness in managing pseudo elements and transform parents in layouts (i.e. anchor for relative is parent of the element they're attached not the element they're attached to)
We're already in complacency. It is not uncommon for me to find a standards-compliant site but which has unfixed bugs in Firefox which make it unusable, so you have to use Chrome.
Ideally we want to support an unambiguous spec, and if a browser has opinions about it let the user suffer until they switch with something more conformant
I picked Chrome because it is, as far as I know, the most standards-compliant browser in wide use at the moment. Firefox is quite good, Safari quite less good, and IE 11 and Edge are okay. Nobody really uses Opera... Depending on which set of stats you like, Chrome might already have a majority share.
I just wish that there was one unambiguous spec that they all supported. How many man-hours on aggregate have been wasted tweaking CSS and futzing with javascript to try to achieve identical results across browsers that have all these slight and not-so-slight differences of opinion about the HTML, CSS and ECMAScript specs?
A whole other world of pain is when you get into browsers that are embedded in GUI frameworks, or as extension points in other products. You really have no idea what they support, until you try something and see it is broken. Does this browserPanel object use the system version of IE, or some other version, or an old, forked version of WebKit, or some other Lovecraftian monstrosity?
While diversity is certainly good, the major difference here is that Google has an intrisic reason to constantly improve and innovate in Chrome, while Microsoft back then clearly didn't: the whole IE development was driven by trying to get rid of the competition (in particular Netscape), and when that was done, development stopped for a long time.
Do you trust a company whose major revenues are coming from online advertising to improve Chrome for the web or for the companies revenues ? Think to ChromeOS for instance.
I don't want to be too suspicious, but to improve the web I'd rather bet on the Mozilla fundation.
... But that's exactly what they're saying we DON'T want. A lot of browsers re-used IE 6's rendering engine because it had a monopoly. That only made the situation worse.
A browser's rendering engine is the ONLY part that matters, and if anyone has a monopoly that is "bad" because competition helps innovation.
Each rendering engine winds up, for good and bad, with a small group of people deciding what features do and do not get put in. If they simply decide that feature Y doesn't get put in, and that rendering engine has a monopoly then feature Y is a non-entity as far as the web is concerned.
For example, if Google controlled the web's primary rendering engine do you think Do Not Track would be in it? NO! It took all of their major competition to add it before they did, starting with IE.
> A browser's rendering engine is the ONLY part that matters
Active X would like to disagree with you. We're currently dealing with a massive (revenue/company) product that only runs under IE < 10 because it still uses Active X.
I don't think a common rendering engine is at all a bad thing. Maybe two to keep them honest. But blink + webkit + trident (?) + Gecko (?) seem like wasted engineering talent.
South Korea has(or had, they may have changed it in the last few months) a law that enforces the usage of ActiveX for everything which needs security (e. g. online banking, online shopping)
It made some sense at the time the law was conceived. SSL was crippled to uselessness by US export restrictions. IE 6 had a monopoly. So they built their own much more secure encryption (using ActiveX to plug into IE) and mandated its use for everything that matters.
The incompetence was in mandating a certain implementation instead of writing a technology-neutral law requiring a certain security level.
What popular browser vendors used the IE6 rendering engine besides IE6?
I have many memories of dealing with various Firefox/Chrome differences, but I never once dealt with a popular browser vendor outside of IE that used the IE6 rendering engine.
I don't necessarily agree with your assertion that a browser's rendering engine is the only part that matters. Internet explorer ships with windows by default. Mozilla (firefox) has policies that focus on privacy. Chrome focuses on speed, and, well, serving Google.
These are all things that differentiate the products in the market and aren't necessarily rendering engine related. Yes - if one entity maintained absolute control of the rendering engine, then the needs of each vendor would not be served - but then it wouldn't be open source, either.
A lot of ISPs shipped stuff that were IE shells, like AOL (and we had Walmart Connect for a time when I was growing up), in addition to browsers like Maxathon. Even Netscape (8?) at one point had an option to be an IE shell.
I'd say the JS engine matters quite a bit as well. If Google didn't push the limits with V8 I don't think we would necessarily be in this JavaScript-all-the-things world we currently live in. Whether that is a good or bad thing is still up for debate. :)
> I have a beautiful dream sometimes, where I go to work, and I only have to care about supporting Chrome...
Yes I also long for the return of the IE6 days when only one browser mattered and what it did was law. Not.
Seriously folks we've already done software monopolies (not just in browsers either), it always ends up in tears. If a browser is terrible refuse to support it or ask for extra time/money for its support, but do not condone, suggest or recommend browser monopoly.
For the last few years now, we've been charging at least 20% more for the front-end dev portion of a job when IE8 support was required beyond graceful degradation.
2015 is really the year where we saw the majority of our clients drop support for IE8 altogether. Most of them showed sub-2% browser share and dropping fast in their analytics..
IE11 has an IE7 compatibility mode so line-of-business apps are going to be targeting IE7 for a long time to come. One of my employer's clients is only now willing to pay to upgrade from IE5.5 rendering on IE8 to IE7 on 11.
I was involved in a similar discussion and the logic was hilarious. "Browser standards change too often." (!?) "So we're only to support an old buggy implementation of the specs that is sorta emulated in one modern browser." They sounded like they were afraid of having their security blanket ripped away.
If you still have some IE5 stuff, my guess is that you have to bring it up to the HTML5 table layout zone. And then you need to back polyfill a bunch of stuff to deal with the "IE7 mode" requirement.
An unfortunate datapoint: for one of our products I'm still seeing >25% users on IE8.
This is a (primarily UK) product most of whose users are on internal bank networks. It's come down from about 40% 2 years ago, so it's heading in the right direction - but I'm not sure I see it going away any time soon.
There's huge organizational inertia inside these banks around IT systems - if we want to serve them, we need to support IE8 for the foreseeable future.
They are probably XP users. You can create a small notification on top of your website, notifying them that they should move to Firefox or Chrome because their browser is not safe anymore...
The wording on those messages needs to be tailored for that: “Please contact your system administrator to request a secure browser”
The only way enterprise IT departments will upgrade is when they start having to take responsibility for security problems. As long as they can lie to their users and claim there's no need to upgrade, they will.
http://qatrackplus.com It's a self hosted Django app for tracking quality assurance data for radiation therapy centres (although it could easily be adapted for other purposes).
My thoughts too. If versions of Windows less than Windows 7 are supported which cannot run IE11, and IE11 is the only version being supported, are those older versions of Windows still really supported?
Windows Vista has support through 2017 and Windows Server 2008 has support through 2020.
IE9 remains supported on Vista (as it's the last release of IE that runs on it). IE9/IE11 is all that remains supported on client releases on Windows (Server and Embedded versions of Windows continue to use pretty much everything from IE7 upwards).
Yes, Vista still exists -- but it's not much of the market, because it only existed for a short while before Win7 replaced it, and it never got much corporate adoption (where people hold onto legacy IE forever).
Unsupported XP is, in practice, probably more of an issue than Vista.
I love the way they can't even give a straight answer to their own questions:
"Does this mean Microsoft is changing the support lifecycle policy for Internet Explorer?"
"The latest version of Internet Explorer will continue to follow the component policy, which means that it follows the support lifecycle and is supported for as long as the Windows operating system on which it is installed. Focusing support on the latest version of Internet Explorer for a supported Windows operating system is in line with industry standards."
Haven't they done better than that? Except they've dealt with the possible issue that the reader has an incorrect understanding of the support lifecycle policy for Internet Explorer.
> What is end of support?
Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical supports and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10.
"End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance. [...] you will no longer receive security updates"
That refers to the end of extended support, which just recently happened for Windows XP. Vista is under extended support until April 2017, as mentioned on the page you quoted from.
I think Microsoft is deliberately confusing there, but that's referring to the end of extended support. Extended support means only security fixes (and fixes you pay tons of money for).
Given Vista's reputation, I'm willing to bet Microsoft doesn't feel a need to address the few Enterprises who are stuck on Vista SP2 until its support ends.
I'm curious if anyone knows a company that plans to ride out Vista SP2 until its support ends. Seems like most companies did the XP to 7 hop (and are currently hoping to ride 7 until it sunsets).
Browser trend will probably be more influenced by region and public. If your public is stay home dads in China you should definitvely be looking into iE8, if your public is tech workers in the Bay Area you shouldn't even care about iE11.
There's a difference in methodology that explains some of the divergence:
Netmarketshare counts each user only once per day (per site?). If you assume users if Chrome/Firefox etc are more active on the web than IE8 users then it fits.
Which number is more important when deciding what to support on your site is a complicated question. Probably your own user demographic has a greater impact though.
It's definitely a question of context. You have a large number of companies who either take a very long time to update to newer versions of Windows, or who developed a number of internal applications which will not work with newer IEs.
Apologies for the rant, but this is the second article today that I've seen about a company discontinuing support for outdated software. (The other being a gnu rant about Windows not supporting XP.) And there was a third a couple days ago about an open source community announcing pending EOL of an old version.
What bugs me is so many negative comments along the lines of "What about all those poor helpless trillion dollar megacorporations that are stuck on an old version because they use proprietary custom software? Microsoft is evil because they don't guarantee to support and repair everything that they've ever made for free until the heat death of the universe!"
Those companies and organizations are stuck not because of Microsoft, but because they mismanaged their own proprietary software or web applications. For more than a decade, they never even bothered to plan for maintenance, although they routinely plan, budget, and schedule depreciation and maintenance for everything else in the business - things that move much slower than software and far far slower than web development. I'm no fan of Microsoft, but that's their fault, not Microsoft's.
My Windows machine is still on Windows 7 now, and not ready to upgrade to 10 yet due to compatibility issues. But I have 4 more years to get things working in a virtual environment, or find replacements. Software that I run dates back to the 70s, so some didn't work by default in 7, but in the end there was only 1 program that I couldn't replace or get working with an upgrade or VM. I reverse engineered the data to migrate it (it used an obsolete floating point format from before floating point ops were standard in PCs). If I can do that, a company or large organization can do it.
For web software, the pace of the state of the art is even faster. Most anything over a few years old probably needs a rewrite and data migration if it hasn't been maintained properly (and possibly even if it has). Especially anything that used old plugins.
But the focus on browser versions is weird. I strongly dislike the practice of web developers/designers speaking of 'supporting' IE6/IE8 or whatever. That's a Microsoft product, Microsoft supports it or not, you and I don't. We support the websites that we build, which we build to current industry standards (such as they are). If you try to access it using a nonstandard client like IE6, Arachne running on DOS, Hyperlink on a C64, or a line mode browser on a teletype, then your experience will be different. The server side will work fine, but your client may not do what it's not capable of.
You can't expect to stick a blu-ray disc on a record player or shove a flash drive full of MP3s into an 8-track tape deck and have the end-user experience be the same. It just doesn't work that way. Sure we can try to build custom client-side workarounds, but is that worth the cost (especially given that new browsers are free)?
Overheard at a meeting once:
Client: "Our stats say that'll be fine for our customers, but our executive team mostly has older versions of IE, so this won't work for them. We don't want it to look bad to the CEO."
3rd Party Agency Manager: "We'll order new laptops for them and have them delivered, just tell us how many and where to send them. It will be much cheaper for you and save us all a lot of time."
> "You can't expect to stick a blu-ray disc on a record player or shove a flash drive full of MP3s into an 8-track tape deck and have the end-user experience be the same. It just doesn't work that way."
Can anyone disagree with this analogy? If not, I'm going to start using it all the time!
> 3rd Party Agency Manager: "We'll order new laptops for them and have them delivered, just tell us how many and where to send them. It will be much cheaper for you and save us all a lot of time."
This person was a genius, or was bitten by this far too many times.
There are a lot of businesses that use older versions of Windows and use Internet Explorer as their default web browser and use group policy from a Windows Server to prevent the install of a third part web browser. Forcing everyone to use IE.
They will be vulnerable to attacks because of this and they will refuse to pay money to upgrade from XP or Vista to go to Windows 10. It will be because their business software only works with older Windows versions. They can't afford someone to migrate to Windows 10 or they lost the source code after programmers retired or got fired and took it with them on their personal laptops because they lacked a source control system.
It is a big mess out there. Colleges are even worse as is the federal government who use outdated Windows Updates by three years and expired antivirus products.
In many cases we are talking about organizations using software that requires not just an obsolete internet explorer version, but an ancient one. There have been many years to assess and fix this problem, and just because companies stuck their heads in the sand and expected it would always be someone else's problem. I have little pity for the companies, but I feel deeply for the IT employees that will have to deal with the fallout from poor decision making from management.
Buying or developing technologies that rely on weird proprietary quirks of free versions of software isn't very sane. There's not even a business model in place you can rely on to continue to want to support you since it's free.
That brings up an interesting point though, a special NPAPI plugin that aimed to provide perfect compatibility with older IE versions for a small per-seat license fee could do really well...
Management required that I use VBScript and ActiveX controls, but I had to use JavaScript in cases when VBScript was too slow. Each new version of Internet Explorer would break compatibility and require a rewrite. For example using and programming for IE 4 would break when IE 5 came out and even the AcitveX controls would not load properly. We had to switch from some ActiveX controls Kodak made to use Lead Tools instead to load TIF images of the employee pictures. Then IE 6 came out and broke that and required a new version of Lead Tools and other stuff.
There were people with Macs, OS/2, and Linux that could not use the ASP made websites because they couldn't run ActiveX and VBScript. So I suggested to management that we replace the ActiveX objects with Java objects and use JavaScript instead of VBScript and we could then make it so that the Non-Windows systems could access the Intranet web apps. Management hated that idea and ordered me to never use Java because it wasn't made by Microsoft and they didn't understand it.
But yeah each new IE version broke compatibility in the way management wanted me to develop web apps. I can see why companies want to stay with an older IE version and older Windows, because of the time and money it takes to upgrade the websites to the newer IE versions.
> Buying or developing technologies that rely on weird proprietary quirks of free versions of software isn't very sane. There's not even a business model in place you can rely on to continue to want to support you since it's free.
It's all very well saying this now, but I wouldn't be surprised if at the time these technologies were seen as JavaScript is now. I remember Adobe Air was when it came out...
Javascript has a standard (or more accurately, current javascript is the implementation of a version of the standard). It's a much safer bet that either there will be backwards compatible implementations later or that you will have other options. To my knowlesde, IE's feature set was always "what's supported by the current release".
It's sort of like having a codebase which you can't change which makes use of a bunch of weird proprietary C extensions from some old compiler, and the compiler itself not only has the capability to introduce bugs and security flaws, but has a track-record of doing so. You know it's a ticking time bomb now, and you should have seen it in the beginning (although so many didn't :/ )
Even back in 1997 JavaScript worked differently based on what OS and web browser you had.
I had open sourced this script to detect the OS and web browser so that it would run JavaScript code using if statements for each platform to solve compatibility problems. It should still work today but the ActiveX detection is broken because of the way JavaScript changed.
I understand there were plenty of non-standard features, but keeping to standard features should have been possible, and JS didn't change that much between browser versions (and where it did fixed could be implemented, as your detection script would have helped with).
It took quite a while for some standard JS features to be added[1], but a mostly stable subset was possible (as evidenced by the sites that worked in all the major browsers of the time). The real problem was companies not wanting to devote the time to doing this and taking the shortcut of using the non-standard IE features MS had included at the expense of browser interoperability (which would have provided some protection against using features that would be dropped).
The problem with Internet Explorer at the time I worked with it is that it had a version of JavaScript called JScript that ran in the background that had differences with the JavaScript used in Netscape and other web browsers. https://en.wikipedia.org/wiki/JScript
In my experience I had to write JavaScript code that detected the OS the web browser type and even the processor so that I could use if statements to run the correct JavaScript code for each platform that worked.
I've been out of it for a decade due to a disability, but I see that Microsoft has updated JScript and has used some form of JavaScript in Windows 8 Apps as well. I never really liked Metro/Modern UI and Windows 10 kind of changed it to Universal Apps.
I like that they have made improvements to JavaScript like Node etc and even run JavaScript in the OS and the backend as well as the frontend.
Yeah, I'm familiar with jscript, and have used it in the past. You should check out the "Comparison to Javascript"[1] section of that article. JScript was just MS's way to get around Sun and the trademark issue. In a lot of ways, it's the same as Google and Dalvik compared to Java. Same language, different name to get around legal issues.
Now, I know MS's version of javascript (JScript) had it's own quirks and issues (such as no trailing comma allowed in objects and array syntax), but it shouldn't have been too hard with a minimum of testing to make sure it worked on both IE and Netscape and/or Firebird (before it was renamed to Firefox). The problem is that many didn't both at all, and didn't even attempt to figure out which bits that they used were standard parts of Javascript or the ECMAScript standard and what were MS extensions.
That said, there was a major benefit to people forging ahead with MS specific extensions. The wide acceptance and update of XMLHttpRequest was spurred by MS's introduction of that type of call through custom ActiveX objects[2].
I agree but I still know businesses that use Windows 95 machines and Wordperfect 6.0 for their business stuff.
I know a lot of businesses still use DOS or OS/2 and very old PCs because they don't trust Windows.
I would get offers to volunteer for non-profits that still use old PCs with older operating systems on them and they need help fixing them or maintaining them.
There are a lot of third world nations using old surplus PCs because they cannot afford anything else. So they get our leftovers.
For example in Thailand they still use Windows XP, a pirated version but they put it on every PC. They have a skin for it that looks like Vista but it is still XP SP3. A copy of legit Windows is too expensive so they used the pirated XP because they can buy it on the streets for $1 due to a lax copyright law.
They will be vulnerable to attacks because of this
Actually, chances are such an environment will also have the other security settings tightly locked down too, and even outside the browser executables may be whitelisted, so it's not as bad as it may seem at first.
Just disabling JS probably gets rid of 90%+ of the attack surface of any browser including IE.
Some of the lower tier (but very common) LAN network hardware requires old versions of IE to function during firmware upgrades and configuration changes with no CLI equivalent options.
In most cases the hardware vendors never address the browser compatibility issue (due to focus on new products) and only provide a warning sign upon login. Likewise the hardware isn't easy to replace in some environments.
This use case is completely absent from the web browsing traffic usage patterns on the internet which predominate in browser usage statistics.
Use the old, unsupported, insecure browser only during those upgrades and a modern browser for everyday use. The end-of-life-ed browsers will continue functioning, they just won't get updated. Might require use of a VM, but the cost of that added complexity is vastly inferior to what web developers worldwide spend supporting those old browsers.
That reminds me of the webinterface of my old router. If you looked at the badly written javascript source, you would see why it refused to work on anything other than internet explorer. They were even explicitly checking for it in the useragent!
Wow, I'm all for EOL'ing old versions of IE, but I'm surprised at the complete lack of notice (on a corporate scale). Was this known to be in the works for a while?
My thinking is just that most larger companies will have zero chance of hitting a January deadline, and once the deadline passes, there's really no urgency to upgrade by any particular time. I would think a ~12 month deadline might be more effective in getting people to upgrade (as well as resulting in fewer compromised browsers).
Corporate scale business does not want to depend on "seeing things coming". When you have millions upon millions invested you want to get explicit deadlines for when support for products you depend upon will be dropped. It is very expensive to either do unnecessary rewrites or getting started too late on necessary rewrites.
It's pretty interesting to see Microsoft edging out onto this limb of abandoning their long held policy of supporting their software for long periods of time. There is pretty much no alternative, so on the one hand it is not like their enterprise customers have anywhere else to go. On the other hand, it's one less argument for companies to stick with Microsoft if they are already on the edge. I'll be interested to see how it turns out if they keep pushing in this direction.
This IE "change" isn't so much an abandoning of their long held policies as clarifying them and fixing some wrong assumptions companies had made in the past. Microsoft's support policies for the OS components has long held that what they will provide (extended) support for is the most recent Service Pack version that has kept up with Windows Updates. For various reasons, companies have tried to take advantage of the fact that IE is an OS component to qualify it for extended support and also taking advantage of the concept that IE updated/versioned at a slightly different pace from Windows Service Packs to assume that they could claim the extended support timeframe for an individual IE release as if it were entire OS versions.
The amazing thing is that Microsoft took this long to correct what should have been an obvious mistake: that IE versions apply like other Windows components and they should only need to support the most up to date one for that OS version.
The kind thing here is that Microsoft has taken ownership of that mistake, publicly admitted that they made it and that the fix was coming, and given companies more than a year and a half (and advertising to that effect, such as the site linked here) to adjust to the fix.
ok, microsoft wont support it.. but my customers will support it forever. As a webdeveloper i have still customers that are using internet explorer 8 because it is their company policy (big company)
Making a corporate decision to stay on a 6 year old browser that doesn't receive security updates because "that's the one we certified" (or whatever the reason may be) is madness.
The whole point of microsofts' action here is to say that it doesn't work like that. If you have an infrastructure of webapps/intranets/whetever then you must carry the continuous cost of making sure they sure they work on new browsers all the time, because old browsers will be quickly become insecure.
I'd say they are not very risk averse if they are still using IE6. In fact, I'd say they are living on the edge. I hope the CTO has a really nice golden parachute because they will need it when (and not if) the proverbial poop hits the proverbial fan.
I believe those are closed systems not connected to the internet. It still would be better to upgrade them (for easier access to spare parts, knowledge, etc).
Otherwise they end up like this French airport which was shut down just few weeks ago because their Windows 3.1 failed.
Maybe there should be a much more stripped down thing like the web with a much smaller attack surface or need for new features, so updates will only be occasional security updates.
So does this mean I no longer have to test my website with Windows IE (6!) 7-10 at all ever, under any circumstances? And be able to tell clients that IE11 onwards is all that has to work in IE-land?
You can tell your clients you only support whatever you want, and they can tell you they won't be a client of yours anymore unless you support what they want.
Depends on your client. Currently my company only supports IE9+. I personally only support IE10+, though I'll still throw on a shiv or use modernizer, but I'm not going out of my way. This hasn't cost any business. IE8's stickiness is largely from older business machines or China. For client facing sites in the U.S./E.U., imo the support isn't warranted unless you can point out through analytics that it would alienate a big portion of your audience.
Random thought that popped into my head when reading this (apart from the obvious...stockhappyness): I'm curious and know very little about this topic in general. How does an announcement like this affect 0-day prices? My guess is that IE11- 0-days should skyrocket for a bit but then fall because for a while they'll be really valuable and no patches will come but then eventually too many people migrate to the higher version?
Could 0-day prices actually be a decent way to forecast future adaption?
You should start nudging people to use alternative browsers. I'd suggest Mozilla Firefox. You do not need administrative privileges to use Mozilla Firefox and with the extended support releases, there is no reason why anything other than legacy internal services (running on internal network) should use Internet Explorer at all.
Assuming your application does not need IE specific features, what are some reasons that prevent you from nudging users this direction?
Firefox still supports Windows XP Service Pack 2. Mozilla has no immediate plans to retire XP SP2 support. In fact, Mozilla is adapting the mozilla.org website's SSL/TLS support so IE users on XP can still access the Firefox download page. :)
>what are some reasons that prevent you from nudging users this direction
our customers want to sell to these IE8 users. The response to telling them to upgrade is "we'll use a different vendor then - one which does support IE8"
Just updated http://noaiee.com to reflect the new countdown deadline and discovered that conditional comments aren't working in IE10. Anyone know how to detect IE10 without using JavaScript?
This is good news for those who aren't using older versions of Windows (older than Windows 7). For everyone else (which is still a lot of people), this is very bad news.
Windows XP already lost support for their latest release of IE years ago, so this doesn't impact them.
This may impact Windows Vista and Windows Server 2003 but both are out of mainstream support, and Vista's numbers are extremely low overall. Supposedly 1.74-1.77%.
Our front-end team welcomes this news, but I still think a non-trivial amount enterprises who do their own security work will still be using IE 8 into 2017.
The impression I get from this site and similar blog posts:
IE 11 ends with Windows 10. Edge the Browser isn't classified as a Windows component, to my knowledge, and so also shouldn't classify for "extended support" like IE has in the past. It certainly sounds like the intention is to drop IE entirely once Edge has feature parity and user adoption on its side.
(Things are a bit trickier when talking about EdgeHTML the Renderer which I would think is a Windows component still, given that it runs some of the Windows Universal Platform, but here also the benefit of forking it from IE is that they can keep the support policies clear from day one as opposed to having to fix up things after the fact like they did here.)
Edge cannot have feature parity. For example, it will not support plugins. I don't think they can drop IE from Windows due to enterprise use and LOB applications.
By parity here I do not meant "exact same feature set" or even really "equivalent feature set", but "enough features to get the job done and feel like a real browser". For instance, Chrome-style JS extensions (~plugins) are coming soon enough.
Beyond that, if an enterprise has not gotten the message not to build LOB applications as browser plugins and not to build for one and only one browser model any time since IE6 has been deprecated, then IMNSHO they deserve what they get when IE11 dies as the last "IE". Given the support timeline expected for Windows 10, enterprises have presumably roughly a decade of extended support to adapt before IE dies. Really hope enterprises are paying attention to that (but of course we know a bunch will not and will complain in ten years about lack of support and those of us that got the memo today can proudly mock them then).
we'll still have to support it, now I can just consider more recent versions of IE as 'legacy support' which it is.
My definition of a modern browser is one that self-updates, this is essential for security. There are plenty to choose from, but if you're using a browser that doesn't keep itself up to date you're asking for security problems.
Don't get me wrong - I think it's a good move to discontinue support for older IE versions... There is just something with all the smiling and laughing faces all over the page that make all my alarms go off