Re: IE6 vs IE& vs IE8 on SBS

I've gone back and forth on this myself, but ultimately every time I land on the side of not upgrading. I've never found any evidence that the preloaded dll's expose an interface at the network layer. Thus I can't see how an exploit could remotely upset things.

A locally executed exploit, such as an exe that did some bad active-X mojo, would obviously be a different story. But you'd have to be executing that code, either by downloading it or by installing it (removable media) and in such cases I doubt IE7 will help you much. You were essentially executing untrusted code and that can get you in trouble regardless of browser version.

I just haven't been able to come up with a way that IE6 exposes an extended risk that IE7 would close, as long as best practices are followed.

Hrm...

-Cliff


"Larry Struckmeyer [SBS MVP]" <lstruckmeyer@xxxxxxxxxxxxxxx> wrote in message news:upi6TaF5JHA.140@xxxxxxxxxxxxxxxxxxxxxxx
Hmmm:

I once asked (in a MS private group IIRC), why IE was so much quicker to load than Firefox. The answer I was given was that IE had many of its bits preloaded by the OS at startup. If true, this makes me wonder if there isn't some of the aforementioned security problems present in any OS that has IE6 or earlier installed, active or not. As I understand most of the security problems with IE6 and earlier, they involved "especially crafted" urls or packets that were to be explicitly downloaded by the human on the other side of the mouse, but I suspect that a targeted attack, such as Code Red, might be able to find those vulnerable IE6 or earlier dlls and upset the apple cart.

I am not saying there is, I am only wondering out loud, and debating with myself. If the primary reason to replace IE6 with IE7 is security, would a system, server or not, be "more secure" if the preloaded bits were IE7 bits instead of IE6 bits?

--
Larry Struckmeyer
Get your SBS Health Check
at www.sbsbpa.com


"Cliff Galiher" <cgaliher@xxxxxxxxx> wrote in message news:et8uQX94JHA.5048@xxxxxxxxxxxxxxxxxxxxxxx
I agree with Cris and Russ, but I'll go as far as to say that you should have a compelling reason to put IE7 on the server. Supported? Sure. Any solid reason *not* to go with IE7? Nope. But I tend to always ask the inverse of any question like this: Is there a solid reason *to* upgrade? What do I gain?

With *any* upgrade, no matter how trivial, dll's get replaced and odd things *can* crop up. I've seen where an app that relies on IE's activeX engine stops working after a browser update. Anybody that has seen an MMC snap-in display no data or in ridiculously tiny print because someone messed with the IE defaults knows what I'm talking about. Two seemingly unrelated technologies had a dependency that caused unpredictable behavior. So although IE7 has certainly been out long enough to avoid most, if not all, of those issues, it *can* happen. I don't think that classifies as a "solid" reason, but it is a reason. If, however, a newer app needs IE7's engine to run, then I'd happily install it. I wouldn't *avoid* installing it at the expense of losing an app.

On the flipside, if no app needs it, then why upgrade? What do you gain? Security?!? You really shouldn't be browsing from the server and you should only be installing trusted 3rd party apps, so IE6, even with all of its security woes, isn't a security hole on a server. It isn't being used to browse and it isn't a listening service, hence it isn't a security problem. You gain nothing by upgrading most of the time. So why do it?

Just food for thought,

-Cliff


"Joe#2" <Joe2@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:1248F096-80F1-497E-885D-FB0593FD6C38@xxxxxxxxxxxxxxxx

I have noticed in the past a lot of resistance to moving to IE 7 and IE 8 on
the server itself.

From a security standpoint it would seen that IE6 might be getting a little
old. I also notice that WSUS want to push IE8 on the server.

Any solid reason not to go with IE7 or IE8 on SBS2003?



.

Relevant Pages

  • Re: IE6 vs IE& vs IE8 on SBS
    ... Please don't read that last line as dismissing the possible issues of using a browser from a server, I am not and do not advocate it. ... But you'd have to be executing that code, either by downloading it or by installing it and in such cases I doubt IE7 will help you much. ... If true, this makes me wonder if there isn't some of the aforementioned security problems present in any OS that has IE6 or earlier installed, active or not. ...
    (microsoft.public.windows.server.sbs)
  • Re: Adding delay to Suckerfish CSS menus
    ... And being forced to upgrade from IE6 to IE7 is a bad thing? ... An unexpected bug fix might be worse in effect than the bug, ...
    (comp.lang.javascript)
  • Re: Tweaks to allow the IE6 to download file by Orbit downloader
    ... No unfortunately the days of IE6 are numbered. ... IE8 with its security improvements. ... However you should remove these before you upgrade to IE8.... ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: IE6 vs IE& vs IE8 on SBS
    ... Think I'll stay a while longer with IE6 too ... that even the server OS cannot get along without it. ... security warnings in your way if you try to use it. ... and in such cases I doubt IE7 will help you much. ...
    (microsoft.public.windows.server.sbs)
  • Re: Internet Explorer 7 - wow!
    ... Heck we already dropped support for IE6 basically and are recommending our ... IE7 through windows update in november now... ... annoying URL attachment which is always blocked is worth the upgrade. ...
    (microsoft.public.dotnet.framework.aspnet)
Loading