geekhack
geekhack Community => Other Geeky Stuff => Topic started by: microsoft windows on Tue, 29 June 2010, 11:43:59
-
That's right, folks.
Chase embraces dated IE6, shuns Chrome
Financial company deems Internet Explorer 6 sufficiently secure for accessing its Website -- but Google Chrome doesn't make the cut (http://infoworld.com/t/browsers/chase-embraces-dated-ie6-shuns-chrome-672?source=footer)
-
roflol
-
Sounds like someone doesn't want to go to the expense of redesigning their web services and infrastructure for new browsers. Go figure...
-
Clearly some type of furry animal runs Chase, and makes decisions by randomly facing in a particular direction. They're the only one of my CC's to randomly raise my rates to an unreasonable number as well. I cancelled my Chase card after like 15 years of paying my bill on time every month.
-
But wait, why do they support Safari and not Chrome? The backend is the same...
-
Nobody should use any browser besides Internet Explorer 6. All other browsers are pieces of ****.
-
Nobody should use any browser besides Internet Explorer 6. All other browsers are pieces of ****.
Says the Opera user. Nice try.
-
But wait, why do they support Safari and not Chrome? The backend is the same...
Time Warner Cable did this to me the other day. I was puzzled.
-
I'm not using Opera. I'm using Internet Explorer 6. I stopped using Opera because it's unsafe.
-
Obvious attempt at trolling is obvious...
-
They use IE6 at of companies still. It's common in big companies where you have a lot of existing internal apps that were coded to work with IE6 only. From what I read on Slashdot, this is the case at JPMorgan Chase. So that's why IE6 is supported.
As far as "security", Chase never claimed that, any article that claims that is trolling. They do say they support secure browsers only, which is kind of funny for IE6, but NOT that unsupported browsers are always unsupported for that reason. They specifically cite popularity as a reason (https://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/shared/assets/page/Crypto_standard):
There are two primary reasons—security and popularity. There are dozens of browsers in use today, but not all offer the minimum levels of security that we require while others may not perform well with our site. The security of your accounts and private information is one of our highest priorities and some browsers, especially older versions, are simply higher security risks to use with our site.
As for popularity, we continually monitor the types of browsers that customers use to access our site. Based on that information, we know that supported browsers are used by more than 95% of our customers. If a new browser begins to grow in popularity, we will assess and test its security and performance with our site to determine whether or not we should support its use.
-
In the murky world of corporate IT, nothing is ever what it really seems. And for the love of God, do not expect companies to make rational decisions about things.
-
But wait, why do they support Safari and not Chrome? The backend is the same...
If user agent doesn't match IE (default on PC), Firefox (default on Linux or popular on Windows, or Safari (Mac default), throw up a warning. In other words, really lazy coding.
Chrome's usage now surpasses that of Safari, so I'd expect to see sites like that get updated...eventually.
-
There's a lot of browsers out there that 'pretend' to be Firefox so that sites will work with it properly. Only a matter of time before someone does that for Chrome.
I remember reading that a lot of sites can't properly handle major version numbers greater than 9, so Opera 10 declares itself to be Opera 9.80...
-
There's a lot of browsers out there that 'pretend' to be Firefox so that sites will work with it properly. Only a matter of time before someone does that for Chrome.
I remember reading that a lot of sites can't properly handle major version numbers greater than 9, so Opera 10 declares itself to be Opera 9.80...
Yep, it identifies itself as Opera/9.80 (Windows NT 6.1; U; en) Presto/2.5.24 Version/10.53 (or similar) because many sites detect Opera 1 instead of Opera 10. It's an example of why user agent detection is really a poor idea and you should just code to standards instead.
Before version 8.02, Opera browsers identified themselves with an Internet Explorer user agent string for that reason. This was actually pretty damaging for Opera support because developers would think everyone was using IE6 (which, any web developer can tell you, essentially has its own set of standards) and design pages with code that only worked in the Trident (MSIE) engine.
Pretty much every browser's user agent has Mozilla on it, and quite a few have "Gecko" (the rendering engine of Firefox & other Mozilla software).
User Agents are generally bloated because of compatibility.
Here's what a Chrome User agent looks like on Windows:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.70 Safari/533.4
Mozilla/5.0
Mozilla could display frames, Mosaic could not. User agent sniffing started and browsers without Mozilla in the string got an error page or a page without frames.
Thus, MS (and later, everyone) started putting Mozilla at the beginning of the user agent string. MS followed it with (compatible...)
(Windows; U; Windows NT 5.1; en-US)
The most subject to change part of the string. OS Family, Security (U is strong), OS version (NT 5.0 is Win2k, NT 5.1 is WinXP, NT 6.0 is Vista, NT 6.1 is Win7), and language)
AppleWebKit/533.4 (KHTML, like Gecko)
The first part specifies the engine is based on WebKit and is a more "proper" way to sniff if you must sniff the User Agent (you should just code to standards, but if you're sniffing to warn a complex app may not work that's acceptable).
KHTML was the source for the WebKit project, an earllier open source rendering engine. Sites would sniff for KHTML and would give WebKit errors or reduced content, so that stayed in.
Before THAT, sites sniffed for Gecko (Mozilla's rendering engine, basis for Firefox, Thunderbird, etc.), so the KTHML devs put "Like gecko")
Chrome/5.0.375.70
Browser and version number. Not hard to get.
Safari/533.4
Google stuck this on the end to try to get sites that sniffed for Safari to not say "HURR DURR INCOMPATIBLE BROWSER". Like Safari itself, it's Safari and the WebKit version.
-
IE6 is perfectly safe.
If it's a clean install of the OS and browser, and the computer has never been online, and the computer isn't online, and the computer never will be online.
-
IE6 is perfectly safe.
If it's a clean install of the OS and browser, and the computer has never been online, and the computer isn't online, and the computer never will be online.
Or connected to a network.
Still, browser vulnerabilities are less exploited nowadays than plugin vulnerabilities. You can make a malicious ad in Flash that only starts infecting after, say, a couple weeks (so the people reviewing the ads at the ad CDN companies don't notice an issue) that automatically probe with exploit code for Flash, Shockwave and Adobe Acrobat/Reader. The install base is huge, very few people are on the latest version...you visit a legitimate site and you get infected.
It's a huge problem. (http://news.cnet.com/8301-27080_3-20000898-245.html)
If you are on Windows you can use the Secunia PSI (http://secunia.com/vulnerability_scanning/personal/), a freeware version checking tool from a Danish Security company. You'd be surprised at how much you can miss.
Especially since Flash doesn't properly upgrade (remove all vulnerable files) unless you uninstall (with the standalone uninstaller) and reboot before installing the new version.
Flash is especially bad because it's on 99% of computers and the number of vulnerable versions are huge. 31 exploits exist in Flash Players prior to the release 3 weeks ago (http://secunia.com/advisories/40026)
-
Running 64-bit also increases security since not everything runs with it -- including SAFE applications, but that's another story.
-
the hospital I worked at for a little while used IE6 because their web applications only worked with it
-
IE6 was the better option in some cases until a few months ago when we reached a turning point of IE7/8 stability and compatibility becoming good enough... and IE6 support fading enough, that nearly all scenarios are better with IE7/8. But not all. Many companies block internet and access specific web apps internally that they have spent years building into a stable environment. It's not as simple as running windows update and moving on for them.
-
If companies want to run IE6 for whatever reason, that's fine. It's the company's choice. You have a computer at home and are free to use a modern browser whenever.
But saying it's perfectly safe to browse the internet on IE6 is just silly. Pretty much all browsers are susceptible to viruses, there's no magic browser that blocks it all. Unless you're on something obscure like amiga OS which I'm sure can't get any viruses.
-
I think technically browser vulnerabilities are for Trojan horses. just sayin...
-
I think technically browser vulnerabilities are for Trojan horses. just sayin...
All browsers will let viruses in. There's other ways to get viruses (like old eGames CDs)