Cyber LegalityCyber SecuritySecurity Culture

Developers Should Stop Encouraging Risky User Behavior

With the life span of some of our favorite software being measured in decades, we feel affectionate towards the users of older versions, who desire to allow as many people to use its applications or websites as possible.

Quite often, this has meant ensuring backward compatibility – but is this a good idea in the long run?

Continuing to support legacy software that is not patched or updated against the latest known threats is cruelty rather than kindness because it encourages and reinforces risky behavior on the part of the users.

If a user has an obsolete, unpatched browser, there are high chance that he will also have other software that is not up to date, and that makes it a target for malware.  Worse, it makes a potential vector for the introduction of malware into other parts of your application or organization.

Lubos Kmetko has a great blog post from 2016  on the topic ‘Why You Should Stop Supporting IE10, IE9 and IE8’ that includes some good comments citing reasons why developers should continue to support obsolete browsers, including:

  • Corporate users might not be able to upgrade their work computers
  • Assistive technology users might have to use older versions to allow their technology to work

Actual counted behaviors tell a different story, though.  Year-on-year, July 2017 to July 2018, shows lists browser share at

Chrome for Android                    30.26%

Chrome 67.0                                    23.66%

Safari iPhone                                    9.33%

Firefox 61.0                                      3.02%

UC Browser                                      2.78%

IE 11.0                                                  2.59%

So, although legacy browsers may be perceived as a large population, the stark reality is that this is no longer the case.

Two communities can help drive the last of the legacy browsers out of the mainstream working day:

Application developers can stop supporting legacy browsers and encourage their user base to migrate.

Application consumers can insist that their vendors support current, secure versions – and should consider moving away from any application that forces reliance on obsolete, insecure technologies.

Related Articles

Back to top button

We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.