back to article Rancid IE6 'more secure' than Chrome and Opera US bank says

Microsoft's creaking Internet Explorer 6 is more secure and popular than either Google's Chrome or Opera US banking giant Chase has determined. The bank's therefore decided its online baking services will continue to support aging the IE 6 but drop support for Chrome and Opera. IE 6 is nine years old and even Microsoft is now …


This topic is closed for new posts.
  1. Mike Flex

    ...its online baking services...

    Would that be for any customers wanting to cook their books?

  2. pan2008

    used almost everything

    But keep going back to IE8. It's slightly slower but everything appears just better, it's the fonts that don't work well with other browsers. Whether it's the websites optimised for IE or IE has some better font handling capability not sure, but looks smoother in IE8. I also like the magnifier button. Opera is probably the fastest but doesn't look smooth. I don't lke that google probably stores every website you visit with the common web address & search field.

    Very recently I also noticed that IE8 will shut down a website it thinks is unsafe. Whether this is correct or not I can't say but seems to have improved security recently, some websites are cr*p anyway. Does anyone know they maintained a list or can detect compromised sites?

    1. heyrick Silver badge

      IE8 loads damn quick...

      ...but that's to be expected, given half of it is part of Windows. From then on, it feels like an exercise in pain, and that's compared to Firefox which isn't exactly the nippiest browser around.

      I can't say much for IE's font handling, I don't tend to visit sites laden with embedded fonts (not sure even if they'd be blocked by default?). What I can say is even WITH HTML 4.01 compliance, the sizing of tables and such is almost-but-not-quite the same as Mozilla/Webkit. Most of the time it doesn't matter, but sometimes it does.

      There's a magnifier button? With Firefox I just "pinch in" in the touchpad to zoom in, and pull my fingers apart to zoom out (by default it was the other way around, I changed that because I felt it was more logical like this). It's a touchpad driver thing. Which, I might point out for the hell of it, I never figured out how to do in Ubuntu... Anyway, don't need a magnifier button. For those with boring mice, you do know ^+ and ^- zoom in and out on Firefox? Don't even need a button!

      You do know Firefox (and I believe Opera too) maintain a list of dodgy websites? I have only once this year had Firefox throw up the big red "piss your pants now" message - and that was for a website claiming to provide and Amish cross-stitch pattern. I was looking for my mother, and I guess the sort of person looking for stuff like that is not likely to be tech savvy (in other words, easy to pwn), but Firefox had other ideas!

      In short, you and Chase can take the IE way if you like. More power too you. But you know, when you're on the bridge and the way out of town is congested and the roads in are relatively empty... maybe there's a reason for that.

    2. seven of five

      No problem...

      ...some people are just born for the IE. Thats a genetic thing, and as hard as one might try, beatings alone won´t help.

    3. Charlie Clark Silver badge


      IE 8 uses Cleartype for font rendering in Windows XP and Cleartype is very nice. Without it some typefaces such as Georgia look pretty terrible. You can enable it for everything through the display settings.

      1. CD001

        XP v Win7

        Font anti-aliasing (Cleartype) is on by default across all browsers on Windows 7 it seems (unlike XP) - well, I say all browsers I've only got IE8, Firefox, Opera and Chrome installed.

        Without font AA most serif fonts are virtually unusable, or at least butt-ugly, at anything less than about 14 "point" (yes, yes, I know) - especially if they're italicised.

    4. Rasczak

      Very Recently


      Very recently I also noticed that IE8 will shut down a website it thinks is unsafe.


      I noticed this recently in Opera as well, I say recently, it is, if 3 and a half years and 2 major versions, (including 8 or 9 minor versions), ago is recent.

    5. Anonymous Coward


      Every time I hear about someone's positive experience with MS products, I wonder what their criteria are.

      I hate IE. It's a piece of shite. It crashes all the time, some websites don't render properly, it's just awful - I only run it because we have a company policy.

      One thing good I can say about it is that the experience using it is consistent with the experience I have using other MS products. FFS I actually encountered a blue screen of death on Vista the other day.

      Makes me ill a company got to be so big and wealthy selling mediocrity.

  3. lumpenfolk

    Good to know that...

    ..."The security of your accounts and private information is one of our highest priorities."

    Maybe it is refreshingly honest, but it would be good to see their list, and where security of customer accounts ranks compared to their salaries, bonuses, pensions, healthcare, etc.

  4. Alastair 7

    Very annoying

    I'm a Chase customer, and I'm very annoyed. However, I think the article is slightly incorrect- it won't block mobile browsers. They have a totally separate mobile site which, presumably, will continue to work with all major browsers. It barely even uses JavaScript, after all.

  5. Goat Jam

    Say what?

    "Chase could be looking for ways to curb its IT costs by focusing on just a handful of browsers on the app-development front."

    Err, surely if you simply code your site to be standards compliant then you don't need to worry about supporting multiple browsers.

    Isn't that the whole (original) point of TBL's World Wide Web?

    1. Anonymous Coward
      Anonymous Coward

      You'd think!

      Trouble is, as we all know too well, Microsoft haven't exactly followed those standards, for whatever reasons they may have; and we all really know what they are! It's only with IE8 that Microsoft really got on the standards wagons and now with IE9 they see it as a marketing drum to bang, just like everybody else...

  6. Anonymous Coward


    "Also making the cut are Mozilla's Firefox 2.0 and higher and version 3.0 and higher of Apple's Safari on the Mac - but not the PC."

    I really hope they meant "and lower."

    I suppose it's easier for them to maintain the hideous IE6 web code than try to write something remotely standards-compliant.

  7. DrXym

    Utterly insane

    I can understand why a bank might assign different browsers different tiers of support, e.g a site must work perfectly in IE7 and Firefox and acceptably in Chrome, Safari. So QA tests in the main browsers and does cursory validation in others. But dropping support altogether is sheer bloody laziness and nothing else.

    It's incredibly shortsighted in this day and age to even support browsers by name rather than a particular set of capabilities that many browsers may implement. For example, if the site can take advantage of canvas, test for the canvas, don't test if user agent == Firefox. Coding to the capabilities rather than the browser version is a much better strategy for development and for maintenance when inevitably the site needs to be updated for new browsers.

    1. Lou Gosselin

      It's about popularity

      Direct from the Chase Faq:

      "Why are some browsers not supported?

      There are two primary reasons—security and popularity. There are dozens of browsers in use today, but not all offer the minimum levels of security that we require while others may not perform well with our site. The security of your accounts and private information is one of our highest priorities and some browsers, especially older versions, are simply higher security risks to use with our site."

      Obviously the inclusion of IE6 means that Chase's choice was based predominantly on popularity over all other factors. The security argument is a bit thin. In the end their decision really came down to what browsers their customers are using, which is what everybody else does too.

      I was a customer of theirs, the biggest problem I had was that each time I logged in to the online banking using a "new" computer, it would require an out of band telephone activation. The problem was it would forget about the previous computer that had been activated. So half the time I needed an automated telephone call to login. This was so asinine that I deliberately called tech support each time I needed to login so that they got the message.

    2. Rasczak

      Browser Sniffing

      And what are the bets that Opera or Chrome would work on the site perfectly well just they are blocked due to the user agent. So if you change the user agent, (can you do that in Chrome without an add-in?), to mask as IE or Firefox then it lets you in and works correctly.

      I agree that checking for capabilities rather than name is a better idea, it is not right to force site admins to have to check and code for the idiosyncrasies of every single browser out there, and be prepared to give in depth support for how to use all of those browsers. But they shouldn't need to do that if they code to W3C standards, declare which of those standards are required to use the site effectively, and notify you if that standard is not available in the current browser when you go to the site.

      If they want then name the browsers they have tested with, know work and are prepared to give specific help with, then fair enough, but don't block others just because you haven't tested them. If you have coded properly then the only reasons they shouldn't work is that the browser doesn't support the standard or is broken anyway.

      For example the site uses ECMAScript and this has been switched off in the browser for security, serve a basic HTML page saying ECMAScript is required, with details on how to enable it in the tested browsers, and advice to ask the browser developer for that info in non tested browsers.

      1. Lou Gosselin

        Re: Browser Sniffing

        Browser sniffing would be a bad approach, as per usual. I think the article is wrong to suggest there is an active block however, the faq merely says it may not work since its not supported.


        "The decision blocks users accessing their accounts at their convenience on PCs using the Opera Desktop browser and mobile devices including the iPhone..."

  8. Thomas 18

    Chrome more popular than safari

    Wasn't that one of the articles on el reg?

    1. Anonymous Coward
      Anonymous Coward

      @Tommy 18

      On Windows perhaps - the bank said it didn't support Safari on Windows, only Mac.

  9. Robert Ramsay
    Thumb Down

    And really?

    they can't be arsed to test their site properly.

    Chase Bank rated highly for "truthiness"

  10. mark?


    What the fuck is he talking about?

    MSIE > The safest (Chrome) + The fastest (Opera) browser in the world?

    1. mego

      The safest (Chrome)

      You might want to reconsider that statement... Google are on record as being anti-privacy.

  11. Jean-Luc

    "while others may not perform well with our site"

    Translation: our cutting-edge web designers hard-baked so much IE6-specific crud into our site that we have no clue how to pull it out.

    Nor can we be bothered to fix this as we badly need cash to pay bonuses to our execs.

    1. Alastair 7

      Thing is...

      That's not even close to the truth. It works fine in Chrome, I use(d?) it every day. They're making damn near non-existent savings- if it works in Firefox, it'll work in Chrome.

  12. Kristian B

    IE6 + XXS + Banking = Secure?

    They've just thrown down the gauntlet... let the attacks on their online banking customers commence, using age old IE6 security holes :P

    How many script kiddies are now going to put up proof of concept pages which open the Chase online banking log on page in a new window, inject ECMAScript into it and alter the DOM to add "HaX0r3d by Timmy! Libilar!" next to the password field... with the help of good old Internet Explorer 6 ?

  13. Richard Pennington 1

    Online baking service

    So they serve cookies ...

  14. Gene Cash Silver badge


    These are the 2nd biggest group of banking morons I've ever dealt with. Their mobile site is basically useless.

    I miss WaMu, as their system was real-time. I could buy gas and by the time I got back to the office, it was posted and cleared on my account. I've still got outstanding transactions from 22 days ago still "pending" on my Chase account.

    I wonder if the MS Australia info could be used against them in a lawsuit if someone's account got haxx0rzed... I certainly hope so.

    I'm pretty much thinking of the effort it would take to drop them. It would be a lot of work, but this is about the limit of stupidity I'm willing to put up with.

  15. Anonymous Coward


    And I just opened a checking account with them... *sigh*

  16. VoodooForce

    thats not so Bad

    Last time I looked when functionality didn't work useing the latest public build of Firefox after logging in to a big Australian bank it offered me this advice:

    To access Balance Sheet you will need to be using a Microsoft Internet Explorer version 6 browser or above, and a Windows based operating system.

    Select proceed if you would like to upgrade your browser.


  17. Robert Heffernan

    In Other News...

    ...Google reportedly behind buyout of Chase Bank.

  18. jake Silver badge

    I was a happy Washington Mutual customer.

    After a year or so of dealing with Chase after the buy-out, I've moved all my personal and business accounts to another financial institution. Chase is absolutely clueless when it comes to individuals. I advise all and sundry to avoid em at all costs. Worse than BofA, even.

    No, I'm not naming my current banker ... this isn't an advert.

  19. geronimo hashbucket

    "while others may not perform well with our site"

    aka - We're under a lot of pressure from MS to use only MS browsers and no one in our IT Department has the knowledge or will to stand up to them.

    The IT world, after all, is filled with treachery and danger - Opera is made by foreigners and Mozilla is probably staffed by hippies or some other such godless scum.

    MS, on the other hand, are a straight down the middle, sell your kids and smile at you while they're doing it, good old fashioned, money loving US Corporation and therefore "our kind of people".

    1. Anonymous Coward
      Anonymous Coward

      Panranoide delusions

      I almost feel sorry for anyone that has such a warped view of reality that they can actually utter such a paranoid scenario.

      20% of Chase's customers are using IE6 and most of those don't have any other browser installed. Maybe 5% of their customers are using Chrome or Opera, and all of them have access to some version of IE. They can't afford to refuse to support the IE6 users. They can afford to tell the Chrome and Opera users that they need to use IE.

      1. Rasczak

        Talking of delusions


        20% of Chase's customers are using IE6 and most of those don't have any other browser installed. Maybe 5% of their customers are using Chrome or Opera, and all of them have access to some version of IE


        What magical copy of IE do Chrome and Opera users on a Mac or Linux have access to ?

        And as has already been discussed, you don't need to support a browser, you just need to support standards. If you do then the browser is irrelevant to the functionality of the webpage, except for IE which of course then needs the page to be broken to get the functionality.

  20. Dan P


    "...while others may not perform well with our site".

    In other words, they can't be bothered to rewrite their site from the old IE6-specific code to a cross-browser codebase.

  21. Anonymous Coward
    Anonymous Coward

    security or popularity?

    As a developer i hate IE6, but looking at some stats for a site i host yesterday it was 70% IE6 (mostly from the US).

    SO, maybe Chase are referring to the 'popular' part of their statement when talking about IE.

    However, its quite irrelevant what a bank tells me anymore as they were the ones who thought it would be a good idea to invest in bad debt - much to all our costs.

    If i thought they had half a clue this could be a conspiracy against their customers to fleece them even more, but i cant see a bank having the coordination to do that!

  22. MacroRodent
    Thumb Down

    Dropping support

    Well, if I were a Chase customer, I would drop support for that bank right now... The bank I use (Nordea) has supported nearly every browser on every OS, since the beginning of Web, without breaking sweat... They also have fairly fool-proof security, with two codes (one of which is single-use only, one reused but randomly selected from a large table) needed to make transactions. Having said that, some fools, amazingly, have been known to fall for a phishing attack against this scheme, and entered a large number of these codes by hand when requested by a phony mail message... The point being, the user is probably the weakest link in security, not the browser.

  23. Anonymous Coward

    Is this the same American banks....

    that lend to people who cannot afford to pay it back? ...and there is me ignoring *anything* they have to say.

  24. Anonymous Coward
    Anonymous Coward

    Chase Bank about to become as Obselete as IE6

    Even if you are stupid enough to forget the fact that IE6 is old, creaky, an industry wide security risk and downright crap. You must surely be able to grasp the fact that these days your customers want choice and if you try and force them to use software they don't want to they will make another choice and just go somewhere else for their banking. Bunch of losers...

  25. Alain Moran


    So, IE is more secure than Chrome or Opera eh?

    Note to self: ensure you don't have any money in a bank owned/operated by Chase - they are quite clearly smoking crack!

  26. Robert Ramsay

    oh no children, not THOSE kind of cookies...

  27. Whitter
    Thumb Down

    Pot/kettle etc.

    As a dominantly Opera user: I find most banking (and shopping) websites to be too insecure to use with Opera anyway. XSS galore etc.

  28. Sooty

    not surprised

    I've had a number of banking "Security features" refuse to work properly if i block XSS,

  29. Anonymous Coward
    Anonymous Coward


    Only Chrome and Opera were unhacked actually.

  30. Tom 38

    Er, libel much?

    Surely Chase have just publicly defamed Opera and Google. Why didn't they just say that they don't support browsers with marginal market share?

    My Penguin First Hardback Book of Defamation Tort Law says that in the US defamation is:

    1. A false and defamatory statement concerning another;

    2. The unprivileged publication of the statement to a third party (that is, somebody other than the person defamed by the statement);

    3. If the defamatory matter is of public concern, fault amounting at least to negligence on the part of the publisher; and

    4. Damage to the plaintiff.

    So, yip, points 1-4 covered. Time for Carter-Fuck to take over..

    1. Tom 13

      Unfortunately, you forgot US libel Law

      (Okay, so actually it is US Law The guy who can afford the most expensive lawyer for the longest period of time wins. In this case I rather suspect that will be Chase.

      1. Fatman

        There is another `truism`

        That one being, don't pick a fight with someone who can buy ink by the barrel.

        In this case, Chase may have to watch out for the law of `unintended consequences`.

        Is it a good idea to p!ss off Google??

        Can you see your search engine rankings go directly to hell??

        I am not saying Google would do that, but...........

  31. The BigYin


    How can you possibly fail to support standards compliant browser UNLESS you fill yer pages with browser specific crud? Code to the standards and then do the work to fix IE (and it is almost certainly just IE that will freak).

  32. Matthew Greet

    Embarass Chase

    We need some hackers to p0wn Chase's website with IE6 only hacks. The sooner IE6 is wiped out, and the more Microsoft are blasted for writing that ****, the better.

  33. Anonymous Coward
    Thumb Down

    For a while...

    ...Using Firefox I had to click 'stop' at the right time after I initially logged on, or I'd be presented with a blank page and no links. Using IE was OK, but I despised it.

  34. Evil Auditor Silver badge

    Choice of browser

    Though a few years back... I flimsily remember an incident at a security conference when one unnamed hack was asked why he used IE since it seemed to be infamous for its security flaws. The answer, in essence: "I do know the source code of IE and of alternative browsers."

    I for my part regarded IE6 as the worst user experience but still have to use it at work. No question for home use, it doesn't run on Linux anyway. Then again, until very recently I couldn't browse El Reg with my preferred browser and even now Opera lists loads of errors on each and every El Reg page.

  35. Anonymous Coward
    Anonymous Coward

    Firefox 2.0?

    But shirley even Mozilla don't support FF 2?

  36. Anonymous Coward

    Security, pah!

    They have taken this decsion based purely on the popularity of particular browsers. They've come up with that security nonsense because web browser and online banking security have been big news stories. They probably think that customers who are not tech savvy will be fooled. They have, however, made a cracker of an error.

    There's a very good chance people using their OS's default browser probably aren't tech savvy. There is also a good chance that people who have chosen to use a different browser, or indeed a different OS, have made some informed decisions and are probably well aware that IE6 has more holes than a very very holey thing and that Chrome and Opera are more secure and also less likely to be attacked.

    As such I suspect that most Chase customers who use Chrome or Opera are probably pissed off that their browser is not supported, but more imporatantly very scared indeed about their bank's grasp of IT security issues and are right now looking for another bank. I would suspect that a significant number of customers using the likes of IE8 and FF3 are probably a bit scared by their bank's lack of security nouse and are probably thinking of jumping ship too.

    It's a more impressive own goal than anything we're likely to see at the world cup.

  37. Anonymous Coward


    You don't support browsers, you support STANDARDS. The browsers in turn have to support the standards that you support, and if they don't their users can take a hike. It's really not that hard to understand, even for the rabid IE 6 fanbois at Chase.

    This lazy, idiotic, self-obsessed approach to IT really gets on my wick.

    Anyone who designs a site to meet the quirks of one particular browser, rather than to be compliant with the clearly defined STANDARDS that all browsers should use, does not deserve to have a job in IT in the first place. Bloody idiots.

    1. Evil Auditor Silver badge

      @AC 12:54 re supporting standards

      I fully agree. Unfortunately, if they didn't have a job in IT, which they do "not deserve to have", many IT departments around the world would be very deserted places.

  38. SkateNY

    It's about time

    Chrome has gotten so much good -- and free -- publicity, just because it's new and different. Not only is it unreliable, it's downgraded in favor of IE for financial institutions that rely on security above all else.

    All of Chrome's bells and whistles simply don't measure up to the security of a mature OS or browser.

    Good luck to all those who prematurely jumped on a broken band wagon, and props to Microsoft.

  39. MarkOne

    150m Opera users is clearly not marginal.


    Epic Fail.

  40. Revelationman

    Load of Garbage

    How can a browser with older technology be so secure it just does not make any sense, in fact I just think it is just pure laziness that they will not bring their online banking up today standards.

    I like IE 8 but I prefer Firefox for functionality it just seems to work better for everyday things, but what about the customers who run Vista or Windows 7 what are they suppose to do go back to XP?

    Just stupid if you ask me

  41. gollux

    Well, this reasoning and other things...

    were why I terminated all relationships with anything Chase based a decade ago. Sometimes you just gotta leave in enough quantity that the deafening silence gets their attention.

  42. Anonymous Coward

    Obviously, they are lying about...

    IE 6 being more secure than Opera and Chrome. Makes me wonder how much they got paid to make that decision and then publicize that decision.

    Large bank and the largest software company in the world. Can anyone think of two less honest corporate entities? ... anyone?

  43. Anonymous Coward

    Protect what?

    I had a Chase account for diversity a couple of years ago. A hacker would have to be quick to steal the money before banking fees took it.

  44. Phil Koenig

    Bald-faced lying... welcome to Wall Street!

    There are a few believable reasons why an organization might choose to use IE6 over Opera, but SECURITY is NOT one of them. Opera has the best track-record in the industry in that regard.

    Furthermore with Chrome, a large part of its security functionality is not even under its own control - it relies on Microsoft's encryption and SSL engine while running under Windoze, for example. Which is why every time Microsoft has a security flaw there, so does Chrome. (it's already happened at least once)

    Banks remain one of the most clueless web service providers, and I have worked with some in a commercial context whose blatant ignorance of basic security practices (invalid SSL certs, anyone?) would boggle your mind...

  45. Anonymous Coward
    Anonymous Coward

    Opera and XSS

    vulnerability fixed in 10.54.

  46. Flossie

    Flawed logic

    I can't see how this makes any difference, my choice of web browser only affects the security of my computer (and the network it is located on), so depending on which browser I use I may or may not end up with the latest malware/virus installing itself on my computer. If the malware gets in it doesn't really matter which web browser I use to access my online banking.

    Chances are if i'm using opera/chrome for my day to day browsing, i'm going to continue to do so and only switch browsers (or use a user agent switcher) for the services which lock out my preferred browser. Therefore the chances that I might have a password stealing virus on my system are exactly the same no matter which browser I am forced to use for the online banking.

This topic is closed for new posts.

Other stories you might like