How Software Vendors Encourage The Use Of Insecure Legacy Applications

QuickBooks "Internet Explorer is turned off" Error Message

Generally speaking, it is a common practice among IT professionals to associate bad user experience and clunky User Interfaces with legacy applications, and we bemoan the reluctance of users to use new and modern applications “that are right there.”

As a matter of fact, while we very often lament the refusal of technology users to wean themselves away from using legacy or outdated applications, the reality could be that sometimes, users have no choice in the matter: use legacy apps, or productivity comes to a screeching halt.

What Is A Legacy Application?

A legacy application (legacy app) is a software program that is outdated or obsolete. Although a legacy app still works, it may be unstable because of compatibility issues with current operating systems (OSes), browsers and information technology (IT) infrastructures. – – Definition from TechTarget

For example, at the start of 2016, Microsoft ended support for all versions of Internet Explorer (IE) prior to version 11. Users still browsing with older versions like IE 6 could continue to do so, but website pages were no longer going to be coded to be compatible, and any bugs or errors within the Internet Explorer program will not receive attention from Microsoft.

Although all versions older than Internet Explorer version 11 is regarded as legacy software, we treat ALL versions of IE as legacy software.

Why Are Legacy Applications Still Used?

Many organizations still use legacy or obsolete software because they have newer versions that are not compatible with the hardware they are installed on – like some commercial printing software for example; some were built by developers who no longer maintain them.

In addition, the support folks who inherited these old programs do not have sufficient knowledge to keep them up to date; and then, there are those that have been patched or otherwise altered to the point of incompatibility with current standard versions.

In some particular cases, old and obsolete software are still being used because the software vendor hard coded a default third-party application into the software that renders the program unusable if that default secondary application is not used.

Case in point: Desktop versions of the QuickBooks accounting software, including Enterprise editions, need to have Internet Explorer installed to be able to run. The program will not open unless users have Microsoft Internet Explorer installed, and until recently, that included the very insecure IE version 6.

One of the practices we have encouraged our clients to implement is the gradual retirement of legacy applications, especially those that are no longer receiving security updates and patches, or have been outright abandoned by the software developer. Coupled with that, we ask that they pay special attention to applications that pose, or could potentially pose security risks, and one of such applications is Microsoft’s Internet Explorer.

We recently received complaints by clients that they could not get their desktop version of Intuit’s QuickBooks Enterprise to open because the application had an error window about the absence of Internet Explorer!

These were on computers with the latest version of Windows 10, and the latest versions of Mozilla Firefox, Google Chrome, Microsoft Edge, and Brave web browsers installed. Internet Explorer, as far as we are concerned, is a legacy and insecure application had been removed on these computers.

Why on earth would QuickBooks hard code an insecure web browser into its software, thus holding users hostage to a browser they may not like to use? And trust me, many do not even know that there is a browser called Internet Explorer since most use either Chrome or Firefox, and occasionally, Microsoft Edge as their favorite web browser.

It turns out that the desktop version of QuickBooks often opens an instance of a browser called a “captive browser window” inside within the application to handle things like bank feeds, payments, company menu, payroll etc., and it apparently will only use Internet Explorer, hard coded as the default.

If Internet Explorer is deactivated. or removed as was the case with these users, QuickBooks throws up an error window telling the user that Internet Explorer is turned of and that “QuickBooks needs it to work properly”. Even if the user has a browser like Microsoft Edge set as the default browser, it made no difference. It was Internet Explorer, or the application shut down.

This looks like an apt demonstration of either developer laziness, corporate insensitivity, or greed, where a multi-million dollar company is still stuck in the practice of adhering to the “close integration standards” that Microsoft preached over twenty years ago (in the days of DOS and Windows NT), instead of doing the right thing and updating their code to detach IE from the core of the software.

Security Implications

Given the fact that QuickBooks deals with financial data, and sensitive transactions like payroll and bank information, the security implications of this lazy approach cannot be overstated.

Equally important is the fact that many users are still using older versions of QuickBooks, and since IE is required, we have to assume that they also run Internet Explorer including version that have been verified to be very insecure, like IE version 6. Old and outdated software pose serious security risk to the computer network they are a part of.

While it may be easy for tech folks to proclaim that “no business or organization should be running Windows XP or Windows Vista”, the reality is that many organizations are still using very old versions of QuickBooks like version 2003 on Windows XP and Vista using the old “if it ain’t broke, don’t fix it” argument.

The problem is that the latest version of Internet Explorer (version 11) will not run on those legacy operating systems so they are stuck with legacy browsers like IE 6, 8 or 9. Internet Explorer 11 will only run on Windows 7 or higher.

A more alarming security issue is that out of frustration, users are going to jump online and start experimenting with dangerous workaround that may cause more harm to their computer systems and network, like messing with registry settings, or downloading malware wrapped as a registry fix.

As one user put it:
“It makes no sense to pay lots of money for an update that is not needed. I used to run QB 2000 and it worked good until my old XP computer quit. This version does not work with windows 7 pro. So, I purchased QB 2008. This version starts but stops since IE 6 is not present. For some reason I have trouble getting Internet Explorer 11 installed. I would love to just fake QB 8 into thinking it has IE 11.”

In summary, while not all legacy applications are bad, some, like Internet Explorer are so prone to vulnerability exploits that their use should be discouraged wherever possible.

That Intuit, the makers of QuickBooks would tie their accounting software that is used by many small businesses and organization to Internet Explorer, which even Microsoft has advised people not to use, is inexcusable.

The responsible thing for Intuit to do is decouple it’s desktop version of QuickBooks from Internet Explorer and allow the user to use a more secure browser of their choice.


We’re there to help you every step of the way. Contact us today to get started in safeguarding your business with modern application migration services and technologies. Using modern and up to date software like Office 365 is affordable and provides enterprise-grade protection, built-in and integrated.

If you need assistance migrating your legacy applications to newer versions or to the cloud, Tech Prognosis can help.

Contact us at (512) 814-8044, or use this form.