MSIE: an ancient, archaic,creaking pile of code that is absolutely infested

Why credit unions must kill off Microsoft Internet Explorer (MSIE)

As credit union website developers, one of the banes of our existence is the browser Microsoft Internet Explorer (MSIE). This ancient, archaic, creaking pile of code is absolutely infested with quirks, bugs, and inexplicable behavior.

But this isn’t simply web developers whining about weird-looking websites. The biggest problem is that MSIE is absolutely infested with serious security holes:

  • The list of security issues is serious and seriously long.
  • MSIE security patches are still being released sporadically, but many issues have not been fixed, and probably never will be. And many users and admins refuse or delay updating.
  • Microsoft’s own experts are urging people to stop using MSIE. In fact, Microsoft is removing support for MSIE soon.
  • Development for MSIE stopped in 2015, and the default browser for Windows became Microsoft Edge. That’s forever ago in internet years.

So why is MSIE still hanging around?

It’s… complicated. Internet Explorer still comes pre-installed on Windows 10 (although Windows 10 does its best to nudge you to Edge.). Why is that?

Part of the problem is ancient websites and online tools that were developed around specific features or quirks of MSIE, and haven’t been updated.

For example, a deprecated Microsoft technology called ActiveX only works in MSIE. ActiveX is still in wide use in legacy systems in the business and financial world, even though ActiveX can be dangerous (this article on the dangers of ActiveX is from 2013… it’s not a new problem.)

In the end, plain old inertia is most of the problem. Some corporate and government IT departments (including some CUs!) have standardized on a setup featuring MSIE and still haven’t updated.

And for many people with personal computers, “the internet” means Internet Explorer and that old pale blue “e” icon; they don’t trust that newfangled swirly “Edge” thing.

What can we do about it?

In a previous article/rant, I outlined how credit unions are in a natural position to take a more active role in member security, and some of the steps you can take. And of course, this is even more critical now that people are relying on the web more than ever.

For example, you could add code to your website to detect MSIE and encourage members to use a different browser.

It’s also worth addressing this with your online banking provider; do you really want members using a dangerously insecure browser to access their financial information? Maybe it’s time to keep them out.

Won’t that annoy a lot of people?

Not really. The numbers of Internet Explorer users are falling, and in a quick review of the Analytics for a random sample of our credit union website clients, MSIE accounts for 5% or less of site users. Usually much less:

  • A: 5.01%
  • B: 2.82%
  • C: 4.91%
  • D: 3.53%
  • E: 3.20%
  • F: 2.81%
  • G: 2.57%
  • H: 4.28%
  • I: 3.13%
  • J: 4.38%

Overall, only around 3% of worldwide website traffic is MSIE, and many popular websites and utilities have dropped support.

Stubborn MSIE users are used to seeing these messages, and probably already have Edge, Chrome or Firefox ready to go. Still, you’ll need to be prepared for some questions.

But with security and safety at stake, it’s well worth a little effort and annoyance.

That fact that we website developers will start doing Snoopy-style happy dances is just a bonus.

Brian Wringer

Email this article to a friend or coworker.