More and more I'd wish MS provided a extra limited version of IE6+WinXP packaged in a sandboxed VM. Any group seriously needing IE6 would switch to a combination of a modern windows + the sandoxed VM. This could already be done now, but a more compact, efficient and blessed solution from MS could make a difference.
It's horrible to have IE6 or winXP only software, but instead of just throwing it away, putting it in a confined executing environment would help desl with issues pressing right now.
My understanding is that people who _need_ ie6 still need it exactly the way it is. Trying to strip stuff out or secure it would break why people need it just as much as upgrading it would.
Putting it in it's own VM would allow to keep IE in a perfect replica of it's current environment (same OS, libraries, plugins, helpers etc), while securing it from the outside (for instance firewalling, snapshot of valid states to prevent corruption, check on the data exchange on the network interface, sanitizing of the input/output if really needed)
Then have the VM be configured to only allow traffic to/from specific addresses/dns names/whatever. There has to be a way to solve this that doesn't involve running an ancient browser/OS combination as your host operating system.
It's horrible to have IE6 or winXP only software, but instead of just throwing it away, putting it in a confined executing environment would help desl with issues pressing right now.