...its online baking services...
Would that be for any customers wanting to cook their books?
Microsoft's creaking Internet Explorer 6 is more secure and popular than either Google's Chrome or Opera US banking giant Chase has determined. The bank's therefore decided its online baking services will continue to support aging the IE 6 but drop support for Chrome and Opera. IE 6 is nine years old and even Microsoft is now …
But keep going back to IE8. It's slightly slower but everything appears just better, it's the fonts that don't work well with other browsers. Whether it's the websites optimised for IE or IE has some better font handling capability not sure, but looks smoother in IE8. I also like the magnifier button. Opera is probably the fastest but doesn't look smooth. I don't lke that google probably stores every website you visit with the common web address & search field.
Very recently I also noticed that IE8 will shut down a website it thinks is unsafe. Whether this is correct or not I can't say but seems to have improved security recently, some websites are cr*p anyway. Does anyone know they maintained a list or can detect compromised sites?
...but that's to be expected, given half of it is part of Windows. From then on, it feels like an exercise in pain, and that's compared to Firefox which isn't exactly the nippiest browser around.
I can't say much for IE's font handling, I don't tend to visit sites laden with embedded fonts (not sure even if they'd be blocked by default?). What I can say is even WITH HTML 4.01 compliance, the sizing of tables and such is almost-but-not-quite the same as Mozilla/Webkit. Most of the time it doesn't matter, but sometimes it does.
There's a magnifier button? With Firefox I just "pinch in" in the touchpad to zoom in, and pull my fingers apart to zoom out (by default it was the other way around, I changed that because I felt it was more logical like this). It's a touchpad driver thing. Which, I might point out for the hell of it, I never figured out how to do in Ubuntu... Anyway, don't need a magnifier button. For those with boring mice, you do know ^+ and ^- zoom in and out on Firefox? Don't even need a button!
You do know Firefox (and I believe Opera too) maintain a list of dodgy websites? I have only once this year had Firefox throw up the big red "piss your pants now" message - and that was for a website claiming to provide and Amish cross-stitch pattern. I was looking for my mother, and I guess the sort of person looking for stuff like that is not likely to be tech savvy (in other words, easy to pwn), but Firefox had other ideas!
In short, you and Chase can take the IE way if you like. More power too you. But you know, when you're on the bridge and the way out of town is congested and the roads in are relatively empty... maybe there's a reason for that.
Font anti-aliasing (Cleartype) is on by default across all browsers on Windows 7 it seems (unlike XP) - well, I say all browsers I've only got IE8, Firefox, Opera and Chrome installed.
Without font AA most serif fonts are virtually unusable, or at least butt-ugly, at anything less than about 14 "point" (yes, yes, I know) - especially if they're italicised.
Very recently I also noticed that IE8 will shut down a website it thinks is unsafe.
I noticed this recently in Opera as well, I say recently, it is, if 3 and a half years and 2 major versions, (including 8 or 9 minor versions), ago is recent.
Every time I hear about someone's positive experience with MS products, I wonder what their criteria are.
I hate IE. It's a piece of shite. It crashes all the time, some websites don't render properly, it's just awful - I only run it because we have a company policy.
One thing good I can say about it is that the experience using it is consistent with the experience I have using other MS products. FFS I actually encountered a blue screen of death on Vista the other day.
Makes me ill a company got to be so big and wealthy selling mediocrity.
..."The security of your accounts and private information is one of our highest priorities."
Maybe it is refreshingly honest, but it would be good to see their list, and where security of customer accounts ranks compared to their salaries, bonuses, pensions, healthcare, etc.
"Chase could be looking for ways to curb its IT costs by focusing on just a handful of browsers on the app-development front."
Err, surely if you simply code your site to be standards compliant then you don't need to worry about supporting multiple browsers.
Isn't that the whole (original) point of TBL's World Wide Web?
Trouble is, as we all know too well, Microsoft haven't exactly followed those standards, for whatever reasons they may have; and we all really know what they are! It's only with IE8 that Microsoft really got on the standards wagons and now with IE9 they see it as a marketing drum to bang, just like everybody else...
"Also making the cut are Mozilla's Firefox 2.0 and higher and version 3.0 and higher of Apple's Safari on the Mac - but not the PC."
I really hope they meant "and lower."
I suppose it's easier for them to maintain the hideous IE6 web code than try to write something remotely standards-compliant.
I can understand why a bank might assign different browsers different tiers of support, e.g a site must work perfectly in IE7 and Firefox and acceptably in Chrome, Safari. So QA tests in the main browsers and does cursory validation in others. But dropping support altogether is sheer bloody laziness and nothing else.
It's incredibly shortsighted in this day and age to even support browsers by name rather than a particular set of capabilities that many browsers may implement. For example, if the site can take advantage of canvas, test for the canvas, don't test if user agent == Firefox. Coding to the capabilities rather than the browser version is a much better strategy for development and for maintenance when inevitably the site needs to be updated for new browsers.
Direct from the Chase Faq:
"Why are some browsers not supported?
There are two primary reasons—security and popularity. There are dozens of browsers in use today, but not all offer the minimum levels of security that we require while others may not perform well with our site. The security of your accounts and private information is one of our highest priorities and some browsers, especially older versions, are simply higher security risks to use with our site."
Obviously the inclusion of IE6 means that Chase's choice was based predominantly on popularity over all other factors. The security argument is a bit thin. In the end their decision really came down to what browsers their customers are using, which is what everybody else does too.
I was a customer of theirs, the biggest problem I had was that each time I logged in to the online banking using a "new" computer, it would require an out of band telephone activation. The problem was it would forget about the previous computer that had been activated. So half the time I needed an automated telephone call to login. This was so asinine that I deliberately called tech support each time I needed to login so that they got the message.
And what are the bets that Opera or Chrome would work on the site perfectly well just they are blocked due to the user agent. So if you change the user agent, (can you do that in Chrome without an add-in?), to mask as IE or Firefox then it lets you in and works correctly.
I agree that checking for capabilities rather than name is a better idea, it is not right to force site admins to have to check and code for the idiosyncrasies of every single browser out there, and be prepared to give in depth support for how to use all of those browsers. But they shouldn't need to do that if they code to W3C standards, declare which of those standards are required to use the site effectively, and notify you if that standard is not available in the current browser when you go to the site.
If they want then name the browsers they have tested with, know work and are prepared to give specific help with, then fair enough, but don't block others just because you haven't tested them. If you have coded properly then the only reasons they shouldn't work is that the browser doesn't support the standard or is broken anyway.
For example the site uses ECMAScript and this has been switched off in the browser for security, serve a basic HTML page saying ECMAScript is required, with details on how to enable it in the tested browsers, and advice to ask the browser developer for that info in non tested browsers.
Browser sniffing would be a bad approach, as per usual. I think the article is wrong to suggest there is an active block however, the faq merely says it may not work since its not supported.
"The decision blocks users accessing their accounts at their convenience on PCs using the Opera Desktop browser and mobile devices including the iPhone..."
They've just thrown down the gauntlet... let the attacks on their online banking customers commence, using age old IE6 security holes :P
How many script kiddies are now going to put up proof of concept pages which open the Chase online banking log on page in a new window, inject ECMAScript into it and alter the DOM to add "HaX0r3d by Timmy! Libilar!" next to the password field... with the help of good old Internet Explorer 6 ?
These are the 2nd biggest group of banking morons I've ever dealt with. Their mobile site is basically useless.
I miss WaMu, as their system was real-time. I could buy gas and by the time I got back to the office, it was posted and cleared on my account. I've still got outstanding transactions from 22 days ago still "pending" on my Chase account.
I wonder if the MS Australia info could be used against them in a lawsuit if someone's account got haxx0rzed... I certainly hope so.
I'm pretty much thinking of the effort it would take to drop them. It would be a lot of work, but this is about the limit of stupidity I'm willing to put up with.
Last time I looked when functionality didn't work useing the latest public build of Firefox after logging in to a big Australian bank it offered me this advice:
To access Balance Sheet you will need to be using a Microsoft Internet Explorer version 6 browser or above, and a Windows based operating system.
Select proceed if you would like to upgrade your browser.
After a year or so of dealing with Chase after the buy-out, I've moved all my personal and business accounts to another financial institution. Chase is absolutely clueless when it comes to individuals. I advise all and sundry to avoid em at all costs. Worse than BofA, even.
No, I'm not naming my current banker ... this isn't an advert.
aka - We're under a lot of pressure from MS to use only MS browsers and no one in our IT Department has the knowledge or will to stand up to them.
The IT world, after all, is filled with treachery and danger - Opera is made by foreigners and Mozilla is probably staffed by hippies or some other such godless scum.
MS, on the other hand, are a straight down the middle, sell your kids and smile at you while they're doing it, good old fashioned, money loving US Corporation and therefore "our kind of people".
I almost feel sorry for anyone that has such a warped view of reality that they can actually utter such a paranoid scenario.
20% of Chase's customers are using IE6 and most of those don't have any other browser installed. Maybe 5% of their customers are using Chrome or Opera, and all of them have access to some version of IE. They can't afford to refuse to support the IE6 users. They can afford to tell the Chrome and Opera users that they need to use IE.
20% of Chase's customers are using IE6 and most of those don't have any other browser installed. Maybe 5% of their customers are using Chrome or Opera, and all of them have access to some version of IE
What magical copy of IE do Chrome and Opera users on a Mac or Linux have access to ?
And as has already been discussed, you don't need to support a browser, you just need to support standards. If you do then the browser is irrelevant to the functionality of the webpage, except for IE which of course then needs the page to be broken to get the functionality.
As a developer i hate IE6, but looking at some stats for a site i host yesterday it was 70% IE6 (mostly from the US).
SO, maybe Chase are referring to the 'popular' part of their statement when talking about IE.
However, its quite irrelevant what a bank tells me anymore as they were the ones who thought it would be a good idea to invest in bad debt - much to all our costs.
If i thought they had half a clue this could be a conspiracy against their customers to fleece them even more, but i cant see a bank having the coordination to do that!
Well, if I were a Chase customer, I would drop support for that bank right now... The bank I use (Nordea) has supported nearly every browser on every OS, since the beginning of Web, without breaking sweat... They also have fairly fool-proof security, with two codes (one of which is single-use only, one reused but randomly selected from a large table) needed to make transactions. Having said that, some fools, amazingly, have been known to fall for a phishing attack against this scheme, and entered a large number of these codes by hand when requested by a phony mail message... The point being, the user is probably the weakest link in security, not the browser.
Even if you are stupid enough to forget the fact that IE6 is old, creaky, an industry wide security risk and downright crap. You must surely be able to grasp the fact that these days your customers want choice and if you try and force them to use software they don't want to they will make another choice and just go somewhere else for their banking. Bunch of losers...
Surely Chase have just publicly defamed Opera and Google. Why didn't they just say that they don't support browsers with marginal market share?
My Penguin First Hardback Book of Defamation Tort Law says that in the US defamation is:
1. A false and defamatory statement concerning another;
2. The unprivileged publication of the statement to a third party (that is, somebody other than the person defamed by the statement);
3. If the defamatory matter is of public concern, fault amounting at least to negligence on the part of the publisher; and
4. Damage to the plaintiff.
So, yip, points 1-4 covered. Time for Carter-Fuck to take over..
That one being, don't pick a fight with someone who can buy ink by the barrel.
In this case, Chase may have to watch out for the law of `unintended consequences`.
Is it a good idea to p!ss off Google??
Can you see your search engine rankings go directly to hell??
I am not saying Google would do that, but...........
Though a few years back... I flimsily remember an incident at a security conference when one unnamed hack was asked why he used IE since it seemed to be infamous for its security flaws. The answer, in essence: "I do know the source code of IE and of alternative browsers."
I for my part regarded IE6 as the worst user experience but still have to use it at work. No question for home use, it doesn't run on Linux anyway. Then again, until very recently I couldn't browse El Reg with my preferred browser and even now Opera lists loads of errors on each and every El Reg page.
They have taken this decsion based purely on the popularity of particular browsers. They've come up with that security nonsense because web browser and online banking security have been big news stories. They probably think that customers who are not tech savvy will be fooled. They have, however, made a cracker of an error.
There's a very good chance people using their OS's default browser probably aren't tech savvy. There is also a good chance that people who have chosen to use a different browser, or indeed a different OS, have made some informed decisions and are probably well aware that IE6 has more holes than a very very holey thing and that Chrome and Opera are more secure and also less likely to be attacked.
As such I suspect that most Chase customers who use Chrome or Opera are probably pissed off that their browser is not supported, but more imporatantly very scared indeed about their bank's grasp of IT security issues and are right now looking for another bank. I would suspect that a significant number of customers using the likes of IE8 and FF3 are probably a bit scared by their bank's lack of security nouse and are probably thinking of jumping ship too.
It's a more impressive own goal than anything we're likely to see at the world cup.
You don't support browsers, you support STANDARDS. The browsers in turn have to support the standards that you support, and if they don't their users can take a hike. It's really not that hard to understand, even for the rabid IE 6 fanbois at Chase.
This lazy, idiotic, self-obsessed approach to IT really gets on my wick.
Anyone who designs a site to meet the quirks of one particular browser, rather than to be compliant with the clearly defined STANDARDS that all browsers should use, does not deserve to have a job in IT in the first place. Bloody idiots.
Chrome has gotten so much good -- and free -- publicity, just because it's new and different. Not only is it unreliable, it's downgraded in favor of IE for financial institutions that rely on security above all else.
All of Chrome's bells and whistles simply don't measure up to the security of a mature OS or browser.
Good luck to all those who prematurely jumped on a broken band wagon, and props to Microsoft.
How can a browser with older technology be so secure it just does not make any sense, in fact I just think it is just pure laziness that they will not bring their online banking up today standards.
I like IE 8 but I prefer Firefox for functionality it just seems to work better for everyday things, but what about the customers who run Vista or Windows 7 what are they suppose to do go back to XP?
Just stupid if you ask me
IE 6 being more secure than Opera and Chrome. Makes me wonder how much they got paid to make that decision and then publicize that decision.
Large bank and the largest software company in the world. Can anyone think of two less honest corporate entities? ... anyone?
There are a few believable reasons why an organization might choose to use IE6 over Opera, but SECURITY is NOT one of them. Opera has the best track-record in the industry in that regard.
Furthermore with Chrome, a large part of its security functionality is not even under its own control - it relies on Microsoft's encryption and SSL engine while running under Windoze, for example. Which is why every time Microsoft has a security flaw there, so does Chrome. (it's already happened at least once)
Banks remain one of the most clueless web service providers, and I have worked with some in a commercial context whose blatant ignorance of basic security practices (invalid SSL certs, anyone?) would boggle your mind...
I can't see how this makes any difference, my choice of web browser only affects the security of my computer (and the network it is located on), so depending on which browser I use I may or may not end up with the latest malware/virus installing itself on my computer. If the malware gets in it doesn't really matter which web browser I use to access my online banking.
Chances are if i'm using opera/chrome for my day to day browsing, i'm going to continue to do so and only switch browsers (or use a user agent switcher) for the services which lock out my preferred browser. Therefore the chances that I might have a password stealing virus on my system are exactly the same no matter which browser I am forced to use for the online banking.
Biting the hand that feeds IT © 1998–2021