Support for Legacy Browsers

Published: 2010-02-03. Last Updated: 2010-02-03 18:12:40 UTC
by Rob VandenBrink (Version: 1)
4 comment(s)

As part of the discussion we had last week on Neo Legacy Applications ( http://isc.sans.org/diary.html?storyid=8116 ), the topic of applications that require old browsers came up.  A wonderful example of how old browser support can be handled, phasing older code out gracefully, is Google's recent announcement that they'll be withdrawing support for IE6 and other older browsers, found here ==> http://googleenterprise.blogspot.com/2010/01/modern-browsers-for-modern-applications.html

However, Google's approach is not typical.  Often when an internal business application is released, it's list of supported browsers remains frozen, even as time marches on, and newer browser versions are released.

I've seen this myself - I've got a few clients who have spent 6 figures on new business systems, only to find that by the time they get from the pilot to a working system, that Microsoft has gone forward with a new version of IE.  What tends to happen then?  Why the business system vendor of course says they don't support the new browser, and for a nominal (5 figure) sum, they can upgrade to the new version that supports the newer IE version.

So this brings up two issues:
1/ I can see the position of the vendor, that it takes money to re-certify and maybe fix an application for the new browser version.  But is this a responsible approach?  Should this be a big-ticket app upgrade for the customer? Should a customer's maintenance agreement cover things like this?

2/ What happens in real life is that the management at the client company says "we just spent 200K on this system, and they want another 40k just for the new browser support - we'll show them! We'll stay at the old browser version".  Did you hear the silent "Forever!" at the end of that sentence?   So what you find is old browser versions hanging around much longer than they should - on every machine in the company !  Yes, I still have clients running IE6 for this very reason. 

I've had people say "You could just virtualize a machine with the old browser", but there are a couple of problems with that.  If it's a real VM (like in VMware Workstation for instance), remember that this app is running the *business system* - it needs to do things like access other apps, print, save files on the local disk, all that other stuff that you do when people do their job.  Running a VM makes that a little weird for anyone who's not tech-savvy.  Plus you have to buy that second windows CAL (unless you run IE in Linux that is)

Because the browser is so integrated into the OS, streaming the app using an on-demand installer (thinapp for instance), doesn't work so well either.  While running IE6 and IE8 on the same box is certainly possible (there's some good tech docs on this, and it really does work ok), It's a very complex process, and remember, our target audience is people in accounting or on the factory floor.

What I've seen done successfully is to run a terminal server or Citrix server (XENApp now), and keep the old browser and other required components there.  When we built this, we isolated the hosting server so that it has not HTTP access to the internet, in an attempt to try to mitigate against the IE6 problems.

Either way, it's an expensive way to go - has anyone out there seen a different, cheaper or more effective way to deal with being forced to keep an older browser?

 

=============== Rob VandenBrink Metafore ==============

4 comment(s)

Comments

I cannot help but mention the built-in applications that depend on IE6. One of them is the Liebert Network Monitoring Card on the Nfinity series. It uses browser detection to run javascript, and IE7 and IE8 do not work with it. Opera can be tricked to work with it, but only if you disable javascript, limiting some functionality. Not a pretty picture created by Microsoft's proprietary IE6 for the near future and perhaps beyond. Thanks MS! -Al
If you have a choice in vendors (big caveat, I know). Choose one that makes their product work cross-browser. (This does not necessarily preclude embedded browser based systems, but embedded cross-browser based systems are harder to come by.)

I have been coding cross-browser web applications for over 12 years and can say with experience that cross-browser web applications tend not to break with major browser version upgrades. (I think Microsoft learned their lesson with the IE 5.x box model problem fixed in IE 6.0).

Cross-browser web applications tend to stick to W3C standards and not go for the proprietary extensions that tend to break with major browser releases.
Since the last article, only one of the webapps I previously mentioned have been upgraded to support IE7, but still adamantly refuse to use firefox. The other webapps still haven't been touched.
I really wish Firefox and Chrome would pull things together, in terms of designing for the enterprise. There are fairly robust tools built right into AD for managing Internet Explorer. With Firefox, there are some kludgy add-ons that make it possible--but it is downright ugly. Chrome? They don't even have NTLM, proxy authentication, etc. sorted out yet. I think companies would be quicker to embrace Firefox or Chrome if they had some developers thinking about the enterprise.

Diary Archives