Older versions of the browser already contain fewer bugs than newer editions like IE11, analysis shows Microsoft’s decision to stop patching older versions of Internet Explorer (IE) in 17 months may not be as much of a show-stopper as many assume, according to an analysis by Computerworld. A week ago, Microsoft abruptly announced that it would give customers until Jan. 12, 2016, to stop using older versions of IE. After that date, Microsoft will support IE9 only on Windows Vista, IE10 only on Windows Server 2012, and IE11 on Windows 7 and Windows 8.1. IE7 and IE8 will drop off support completely, and IE9 and IE10 will also fall off the list for Windows 7 users. The browsers will continue working, but Microsoft will halt both technical support and security updates for the banned versions. Because of the large number of critical vulnerabilities Microsoft patches in its browser — 111 in the last three months — it will be extremely risky running an unsupported version. Or will it? While there will be risk, running an outdated version of IE is actually a safer bet than running a current edition that isn’t regularly patched. Over the last three months, Microsoft has shipped three large security updates — MS14-035 in June, MS14-037 in July and MS14-051 in August — that included 60, 25 and 26 individual patches, respectively. But while the latest version, IE11, contained 88 of the 111 vulnerabilities, or 79% of the total, older editions had far fewer bugs that needed to be quashed. The positively ancient IE7, which launched in 2006 before Windows Vista shipped, had just 31 of the 111 flaws, or 28% of the total. IE8, which last month was the most widely used version of Internet Explorer, contained 44 vulnerabilities, or 40% of the three-month tally. In fact, there’s a clear trend in the vulnerability counts: The newer the version of IE, the more bugs are patched. That difference in percentage of bugs patched declined on a relatively straight line from new to old, and held true to form whether the gap was two or more years between editions — as in the case of IE7 and IE8, or IE8 and IE9 — or just a year, as with IE9-IE10 and IE10-IE11. There are several likely reasons for the phenomenon, but the most plausible is that, because the older versions are, well, older — in the case of IE7 and IE8, much older, nearly eight years old and more than five years old, respectively — they have been scrutinized by both outside researchers and Microsoft for much longer. That longer length of examination and probing has resulted in more patches prior to the three-month stint Computerworld examined. Other explanations could include bug hunters’ penchant for digging into the newest software, not the oldest; and in the case of IE7 at least, a target so small as to be no longer worth the research time by criminals and white-hats alike. IE7’s user share, a rough measurement of the percentage of the world’s computer users running a specific browser, was just 0.6% in July, which translated into just 1% of those running one flavor or another of Internet Explorer. Of course, all it takes is one vulnerability to compromise a browser, or better put, perhaps no more than two or three, as modern browsers, including IE, rely on defensive, anti-malware technologies that force attackers to deploy multiple exploits of multiple bugs to worm their way onto a PC. A regularly-patched IE11, then, should be immune to all but the most serious attacks, dubbed “zero-days” because there is no patch when the exploit appears in the wild. In the meantime, IE8 after Jan. 12, 2016, will in theory be susceptible to attack because none of its bugs will be crushed. At that time, however, IE8 should be more secure than it is now. By looking at the difference in vulnerability rates, with an older version of IE having 12 to 14 percentage points fewer bugs to be patched, and extrapolating that to IE8, it should sport a bug rate of between 26% and 28% by January 2016, assuming Microsoft puts out a new version (IE12?) next spring when it launches “Threshold,” the code name for what most think will be called “Windows 9.” And IE8 will also probably be a less-prominent target in 17 months. Data from Web metrics company Net Applications — the basis of the user share cited for IE7 — is worthless in predicting IE8’s decline because, frankly, IE8’s user share has been growing over the last six months. But the impending end-of-support will almost certainly reverse that trend as some Windows 7 users decide to kick out the browser. How much is unclear, but a look at Windows XP’s decline over its last 17 months might be a clue: During that period, XP’s operating system user share dropped 13 percentage points, or 32% of its October 2012 figure. If IE8 fell by that same 32%, it would shed nearly 7 percentage points, ending with a user share of 14.7% of all browsers, or about 25% of all IE editions. Microsoft has published a FAQ on its website that elaborated on the browser support changes. Related content news analysis Apple earnings: About that iPhone 'slump' in China Based on information from Thursday's earnings report, it seems that data pointing to an iPhone slump in China were over-baked. By Jonny Evans May 03, 2024 9 mins iMac iPhone Apple news Microsoft begins to phase out ‘classic’ Teams Microsoft is encouraging Teams customers to move to the new, faster version of the collaboration app; the older version will be switched off next year. By Matthew Finnegan May 03, 2024 3 mins Microsoft Teams Collaboration Software Productivity Software news analysis Apple confirms it will open up the iPad in Europe this fall The latest efforts to comply with Europe’s Digital Markets Act mean developers can offer to side load apps to both iPhones and iPads in the EU. Apple has also taken steps to improve what it offers to smaller and non-commercial developers in the By Jonny Evans May 02, 2024 6 mins iPad Apple Mobile Apps news Udacity offers laid-off US workers free access to its courses for 30 days Sign-ups will be available over the next 30 days By Lucas Mearian May 02, 2024 4 mins Technology Industry IT Jobs IT Skills Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe