Skip to content
Naked Security Naked Security

Stop using Internet Explorer after next Tuesday! (Sort of)

OK, so you don't have to stop using IE next week, but you may need to switch, because IE 11 becomes the only supported desktop version.

Only kidding! You can keep using Internet Explorer if you like.

Indeed, we’re very open-minded about browser choice, provided that you don’t knowingly choose an insecure one.

And, anyway, if you have Windows, you can’t easily use {Firefox, Opera, Chrome, Midori, Lynx} instead of Internet Explorer (IE), but only as well as, because Internet Explorer is officially a component of Windows, just like NOTEPAD.

However, even if you intend to continue using IE for ever, you may need to stop using the version you currently have after next Tuesday.

For desktop versions of Windows, your IE version should be one of these:

If you have: Currently official IE versions are:
Windows 10 Internet Explorer 11
Windows 8.1 Internet Explorer 11
Windows 7 Internet Explorer 8, 9, 10 or 11

For embedded versions of Windows, you can extend that list back to Internet Explorer 7, which is still officially supported – for now, at any rate – on Windows Embedded for Point of Service.

(No, we can’t figure why you’d want browsers on your cash registers, either, even if they were running the very latest Windows with all the very latest security improvements inside the kernel. But Microsoft officially allows you to do it.)

So, please figure out what IE version you have – and we suggest that you actually check to make certain, rather than going with what you think the answer might be – and then ask yourself a question.

Do you know when your Internet Explorer version will receive its last-ever security update?

If you’re already on IE 11, you’re safe for the forseeable future.

But if you’re on Windows 7 and you haven’t yet updated to Internet Explorer 11, then next Tuesday, 12 January 2016, will be the last time you get any browser security fixes from Microsoft.

If you do nothing, then any new security vulnerability announcement that applies to your browser will be a zero day hole (because it won’t yet be patched), and it will be a zero day hole forever (because it never will be patched).

Just as we warned you about Windows XP all those years, and years, and years ago.

That’s a bad situation, so after 12 January 2016, once you’ve applied the latest security patches, your not-yet-updated-to-IE-11 Windows 7 computer is going to start issuing “End of Life notifications“, or nag screens, as some are calling them.

You can turn off the nag screens if you like, by the simple expedient (we’re kidding again) of creating a special registry key called:

FEATURE_DISABLE_IE11_SECURITY_EOL_NOTIFICATION

…and then creating an entry under that key to say:

iexplore.exe = 1

Another hardly-more-difficult way to suppress the notification is, of course, to install Internet Explorer 11.

Remember that when new browser releases come out, such as IE 11 to supersede IE 10, the new version generally starts off more secure all round, thanks to internal changes based on lessons learned during the lifetime of the earlier version.

In other words, IE 10 (or 9, 8, 7 and so on) plus all available patches still won’t be as secure as a patched IE 11, in the same sort of way that a new car is generally safer than an old car of a similar type, even if both of them have been looked after properly and identically.

Interestingly, about 57% of you who read Naked Security from Windows computers are still using Windows 7.

The majority of you who are on Windows 7 seem to do your browsing in Firefox, Chrome or another non-Microsoft browser, but you still have Internet Explorer installed and ready to run if called upon, as mentioned above.

So this warning applies to you.

By the way, you may be wondering what happened to Windows 8 in the table above.

The answer is that it, too, is going out of support on 12 January 2016.

You read that correctly: if you are one of the surprisingly small number of Naked Security readers who has stuck the “8” flavour of Windows, instead of shifting to 8.1 (or, of course, to Windows 10), you’re going to have to upgrade your whole operating system, not just your browser.

We’re sure that the widely-disliked Windows 8 does have some fans who actively prefer it to 8.1 or 10, but we suspect there aren’t many.

If you’re one of them, please don’t be a holdout, for all the reasons we gave for not sticking with XP, even if you think you’ll be OK.

32 Comments

Stop using Internet Explorer after next Tuesday?! What year is it?!

Problem is, all new installs of Windows 7, from an SP1 DVD, will be running IE 7 by default. Of course, you can push out a pre-configured image, if you have a volume license. Or you could move your fleet of workstations to Windows 10. But if you don’t want Windows 10 yet (we aren’t rushing to upgrade), and you are still using a DVD for new Windows 7 installs (and pre-configuring a new image for a different hardware platform, for example, will still start with a DVD in most cases) than I think what Paul is saying, is you’ll want to upgrade IE 7 as one of the first things you do.

I have tried upgrading internet explorer twice but each time I lost my outlook mail because of a known change required by IE.

What’s the “Know Change” that supposedly loses email? I never lost any email on any IE upgrades I ever made, which were quite a few.

I just want to make sure I understand. You said, “For desktop versions of Windows, your IE version should be one of these: Windows 7 – Internet Explorer 9, 10 or 11” But then you said, “But if you’re on Windows 7 and you haven’t yet updated to Internet Explorer 11, then next Tuesday, 12 January 2016, will be the last time you get any browser security fixes from Microsoft.”
My take-away from this is that I definitely need to move all my Win 7 machines to IE 11 after next Tuesday.
Is this correct?
Thanks.

To clarify (at least as I understnd it): as the table above shows, IE 9, 10 and 11 are currently supported on Windows 7. So for all of these versions, you will receive an update (should one be necessary – let’s assume that’s the case :-) on Tuesday 12 January 2016.

However, that’ll be the last ever update for IE 9 and IE 10. In other words, the above table, after next Tuesday, will have IE 11 *only* in all three rows.

In short, if you have IE pre-11, enjoy it while it lasts, but bear in mind that it only lasts until next Tuesday. Thereafter, expect a nag screen to remind you to upgrade, because you will need to do so.

(Replying to myself.) This seems to be the place to go to grab IE 11:

https://www.microsoft.com/en-gb/download/internet-explorer-11-for-windows-7-details.aspx

Thank you for this info. I have Windows 7 and my desktop is acting up BAD and had no clue why. What caught my eye about your article is the discontinue of updates, which is my problems, I think….not quite sure though. But thank you! I will try to upgrade to IE 11 and see if that fixes my problems.

Paul, IE 8, 9, 10 and 11 are currently supported in Windows 7. Internet Explorer 8 is the default browser that supports Windows 7.

Oops, you’re right, because IE 8 is listed on the “versions that will produce nag screens” page, along with 9 and 10.

I’ll fix that. Thanks a lot for pointing that out.

Thank you, Paul.
Succinctly put, IE 9 and 10 goes EOL (end-of-life) after next Tuesday for Win 7.

Errr, and IE 8 goes EOL too. As the previous commenter noticed, IE 8 is on the official list of “versions that will start nagging you about being outdated” starting next week.

I have a Windows Vista 32 bit computer with IE 9. Are there any options?

Ah, yes, apparently there are! IE 9 is still supported on Vista SP2:

https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer

I sort of overlooked Vista. (Don’t take this the wrong way, but – if truth be told – I sort of forgot about its existence altogether :-)

I suspect there are folks at Microsoft who wish they could forget its existence altogether. ;-)

What about 8.1RT? I have the older Microsoft Surface. There is no availability to upgrade to windows 11. They also make you use Explorer.

Wow. Dunno! When you said Windows 11, did you mean IE 11? I thought Windows 8.1RT had the same version of IE as Windows 8.1, which shipped (if I recall correctly) with IE 11 from the start.

(Replying to myself.) Yes, according to this web page, Windows 8.1RT came with Internet Explorer 11 right from the start:

http://windows.microsoft.com/en-gb/windows/windows-rt-faq

So you can relax: you have the most recent version of IE for your device, and I assume you will continue to get security updates for it next Tuesday and well beyond.

Just a note for you. I have 8.1 my girlfriend has 10, they both have IE11, they both took a total krap over a couple of days last month making them totally useless. My cure was Google Chrome. IE11 comes up, get a flash of the homepage and doink gone, g/f’s comes up but won’t allow any passworded sites to operate, keeps saying passwords wrong…….. cure again, Google Chrome and the sites popped right up and allowed entry to the passworded sites. G figure.

“…we can’t figure why you’d want browsers on your cash registers…” Perhaps if your product/inventory database is web-based…?

You mean, the cash register software itself runs in a browser?

To be fair, I still can’t figure out why you’d *want* a general purpose web browser on your cash registers, even if circumstances meant that you *need* it :-)

For example, I use one website from time to time that requires Flash, and that’s that. I never really *want* to use Flash again, but in this case, I am sort-of forced to. (Every time this comes up, I install Flash, use it, then uninstall it. To remind myself that this is a need I don’t want ;-)

In relation to browsers on store cash registers some National Iconic brands here in Australia have quite an elaborate IT system built into their registers……….these registers don’t present as a typical old school type register to the customer.

The IT systems can be quite broad and include the ability for staff across the country to log in and out of their shifts, to process a sales transaction, to search for a product for a customer, an elaborate email system across all stores including concession sites within department stores, instructions for various things including Visual Merchandising, the ability to check daily sales progress, etc, AND, access to the general Internet for a multitude of other reasons.

These companies have their own excellent IT support systems both within Australia, and overseas…………………..Hope this helps.

Thing is that if you are asking me, your customer, to entrust my card to the security of your cash register (more or less), why would I want you to allow your staff to use the cash register as a general purpose computer for browsing, webmail and watching cat videos as well?

You could use the same cloth to clean the dunny, dry the dishes, polish the family silverware and degrease your bicycle chain. But I bet you don’t :-)

Could I say……..Its not my staff!

I’m a long retired Senior Citizen……….was just trying to help as this system was just becoming mainstream across many companies just as I was retiring. I felt I may be able to explain the question somewhat from the previous commenter.

I’ve always thought that you catch more flies with honey than vinegar…………..I guess I was wrong.

I think the human-facing part of the security problem with cash registers became obvious in the Target breach. Pretty much everyone who shopped online at Target (where their own security behaviour is a big part of whether they get ripped off or not) was fine. But pretty much everyone who who did everything right – go into the store, front up to the staff, use your card at the machine, don’t let it out of your sight, and so forth – got skimmed :-)

I get that it’s efficient to let all your computers serve all possible purposes in your retail environment…

…I just wish that for some special cases, like cash registers, the so-called attack surface were routinely kept as small as possible by having as little as possible installed, so as little as possible could go wrong. Problem with general-purpose cash registers is that they end up also being used for Facebook, synching phone photos, doing webmail, reading Word documents, and much more.

(It’s like those all-in-one power tools. They’e OK for little jobs. But if you want a tool for drilling, a standalone drill will give you the least disappointment.)

I use IE so little that I forgot that it was set to upgrade automatically. Just checked after reading your article above, and yes it’s 11 now. (I am on Win 7.)

From my experience maintaining about 60 workstations (Windows 7 Pro) on my network IE has not kept up with Firefox and Chrome. Some sites do not load, and there are printing problems, I do all the monthly updates for the browsers and plugins, Chrome seems to be the least problematic. Personally I favor Firefox.

You mentions desktops, what about servers, we have IE 9 on few Server 2008 32 bit machines, and they cannot be upgraded to IE 11?

The server situation is detailed in the list linked to above (where I mention embedded devices, which go back the furthest). I focused the article on desktops for people who wanted to check at home (where they’re their own IT department :-), but the full list is here:

https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer

Apparently, 2008 SP2 (you did mean SP2, right?) will still get udates for IE 9, but nothing before that.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?