Internet Explorer, abbreviated IE or MSIE, is a web browser made by Microsoft and currently available as part of Microsoft Windows. As of 2005 Internet Explorer is by far the most widely used web browser, although since 2004 it began losing usage share to other browsers such as Mozilla Firefox, Safari, and Opera. The current estimation is about 85–90% of the total usage. (see below)

It is available as a built-in component in newer versions of Microsoft Windows, and as a separate free of charge product for many older versions of Microsoft Windows. It has been shipped as the default browser in all versions of Microsoft Windows since Windows 95 OSR2. However, the last major upgrade to Internet Explorer was offered for Windows XP only. Despite initial plans of delaying the release of Internet Explorer 7 until the next major version of Windows codenamed Longhorn, Microsoft has recently announced a testing version of Internet Explorer 7 will be available for Windows XP SP2 users by the summer of 2005 (see below).

For a time, Microsoft also produced Internet Explorer for Mac and versions for use via the X Window System on Solaris and HP-UX, but these are no longer in active development.

Contents

1 History 1.1 Release history 1.2 Antitrust 1.3 Future development 2 Features 2.1 Distinguishing features 2.2 Common features 2.3 Innovative features 3 Web standards 3.1 Graphics standards 3.2 HTML, HTTP, and MIME standards 3.3 Unicode 3.4 Consequences 4 Security 4.1 Component Object Model 4.2 Patches 4.3 Spyware, adware and Windows XP SP2 5 Market adoption 6 Removing Internet Explorer 7 See also 8 References 9 External links 9.1 Official 9.2 Bugs 9.3 Opinion

History

Release history

Internet Explorer is derived from Spyglass, Inc.'s version of Mosaic. Microsoft licensed Spyglass's software in 1995, in an arrangement under which Spyglass would receive a quarterly fee plus a percentage of Microsoft's revenues for the software. Microsoft originally released Internet Explorer 1.0 in August 1995 with the Internet Jumpstart Kit in Microsoft Plus! for Windows 95. Version 1.5 was later released that supported basic table rendering [1]. Version 2.0 was released for both Windows 95 and Windows NT in November 1995, featuring support for SSL, cookies, VRML, and Internet newsgroups [2]. Version 2.0 was also released for the Macintosh and Windows 3.1 in April 1996. Version 2.1 supported frames, but not JavaScript, Java or ActiveX [3].

Internet Explorer 3.0 was released free of charge in August 1996 by bundling it with Windows 95 OSR2. Microsoft thus made no direct revenues on IE and was liable to pay Spyglass only the minimum quarterly fee. In 1997, Spyglass threatened Microsoft with a contractual audit , in response to which Microsoft settled for US $8 million [4]. Version 3 included Internet Mail and News 1.0 and the Windows Address Book. Later, Microsoft NetMeeting and Windows Media Player were integrated into the product and thus "helper" programs became no longer as necessary as they once were. Cascading Style Sheets were also introduced with version 3 of Internet Explorer.

Version 4 was released in October 1997 and was shipped with Windows 98 and was modified to integrate more closely with Microsoft Windows. It included an option to enable "Active Desktop" which displayed Web content on the desktop itself and was updated automatically as the content changed. The user could select other pages for use as Active Desktops as well. "Active Channel" technology was also introduced to automatically obtain information updates from websites. The technology was based on an XML standard known as Channel Definition Format (CDF), which predated other web syndication formats like RSS. This version was designed to work on Windows 95, Windows 98, and Windows NT, and could be downloaded from the Internet, free of charge. It supported Dynamic HTML (DHTML). Outlook Express 4.0 also came integrated into the browser and replaced the aging Microsoft Internet Mail & News product that was released with previous versions.

In September 1998, Microsoft released version 5 of Internet Explorer. Bi-directional text, ruby text and direct XML/XSL support were included in this release, along with enhanced support for CSS Level 1 and 2. The actual release of Internet Explorer 5 happened in three stages. Firstly, a Developer Preview was released in June 1998 (5.0B1), and then a Public Preview was released in November 1998 (5.0B2). Then in March 1999 the final release was released (5.0). In September it was released with Windows 98. Version 5.5 was later released for Windows Me in July 2000, and included many bug fixes and security patches. [5]

Version 6 was released with Windows XP in October 2001. It mainly focused on privacy and security features, as they had become customer priorities. Microsoft implemented tools that support P3P, a technology under development by the W3C. [6]

In a May 7, 2003 Microsoft online chat, Brian Countryman, Internet Explorer Program Manager, declared that on Microsoft Windows, Internet Explorer will cease to be distributed separately from the operating system (IE 6 being the last standalone version) [7]; it will, however, be continued as a part of the evolution of the operating system, with IE updates coming bundled in OS upgrades. Thus, IE and Windows will be kept more in sync: it will be less likely that people will use a relatively old version of IE on a newer version of Windows, and newer versions of IE will not be usable without an OS upgrade.

This also partially accounts for the slow development of Internet Explorer and Windows Longhorn: the development team that was working on Windows Longhorn and the next version of Internet Explorer needed to pause its work during the development of Service Pack 2, to add what were seen as missing features like popup blocking and security patches to Windows XP. Some argue that Microsoft should make the browser technologies specific to each revision of the operating system and forego backward compatibility. [8]

Antitrust

Main article: Microsoft antitrust case

In a legal case brought by the US Department of Justice and twenty U.S. states, Microsoft was accused of breaking an earlier consent decree, by bundling Internet Explorer with its operating system software. The department took issue with Microsoft's contract with OEM computer manufacturers that bound the manufacturers to include Internet Explorer with the copies of Microsoft Windows they installed on systems they shipped. Allegedly, it would not allow the manufacturer to put an icon for any other web browser on the default desktop in place of Internet Explorer. Microsoft maintained that integration of its web browser into its operating system was in the interests of consumers.

Microsoft asserted in court that IE was integrated with Windows 98, and that Windows 98 could not be made to operate without it. Australian computer scientist Shane Brooks later demonstrated that Windows 98 could in fact run with IE files removed. [9] Brooks went on to develop software designed to customize Windows by removing "undesired components". [10] Microsoft has claimed that the software did not remove all components of Internet Explorer, leaving many dynamic link library files behind.

On April 3 2000, Judge Jackson issued his findings of fact that Microsoft had abused its monopoly position by attempting to "dissuade Netscape from developing Navigator as a platform", that it "withheld crucial technical information", and attempted to reduce Navigator's usage share by "giving Internet Explorer away and rewarding firms that helped build its usage share" and "excluding Navigator from important distribution channels". [11]

Jackson also released a remedy that suggested Microsoft should be broken up into two companies. This remedy was overturned on appeal, amidst charges that Jackson had revealed a bias against Microsoft in communication with reporters. The findings of fact that Microsoft had broken the law, however, were upheld. Seven months later, the Department of Justice agreed on a settlement agreement with Microsoft. However as of 2004, although nineteen states have agreed to the settlement, Massachusetts is still holding out.

Future development

On February 15, 2005, Microsoft Chairman Bill Gates announced the new browser version at the RSA Conference 2005 in San Francisco. The new beta version is expected to be released in the summer of 2005, a change in direction from when it said it would release the next version of Internet Explorer only with the next version of Windows, nicknamed Longhorn. It will be available to Windows XP and later only, including Windows XP Professional x64 Edition and Windows Server 2003 SP1 [12]. The new version of Internet Explorer is intended to support tabbed browsing and defend users from phishing as well as deceptive or malicious software. However, there is no mention of further improvements in CSS and other Web standards, a heavy concern of web developers. Some see this announcement as a result of the rising usage share of other web browsers, noticeably Mozilla Firefox [13] [14] [15].

Features

While in many ways similar to competing browsers, Internet Explorer also has features that differentiate it from competitors.

Distinguishing features

These are features found in Internet Explorer alone, which are not found in other common browsers.

• Sold as a component of Windows, and as such available built-in on most PCs.
• Native Windows interface and controls
• Complex tailoring of security settings, but also a simplified choice of security zones
• Content Advisor for screening out objectionable content by using industry-standard ratings
• Support for vertical text, but in a syntax different from W3C CSS3 candidate recommendation.
• Support for a variety of image effects [16] and page transitions, which are not found in W3C CSS.
• Support for encoded (or obfuscated) script code, in particular JScript.Encode [17].
• Extensible using COM
• .NET integration — As part of the WebService behavior, makes integration of server and client side code easier, and enables applications to call functions on a server asynchronously
• Remote administration across a corporate network
• Partial support for Ruby characters
• Componentized implementation on Windows allows a high level of integration with other applications; allows integration with user interfaces in the operating system such as Explorer, which handles file-system navigation and the desktop; and allows applications to build on IE by creating alternative browsing shells that supply popular features such as popup blocking, tabbed browsing and mouse gestures

Common features

These are features found in Internet Explorer and some other browsers.

• Auto-update facility for addons
• Support a wide array of popular plugins and features such as JScript, Shockwave and Flash
• Search facility with step-by-step refinement (Search Companion), since version 6
• Customizable pop-up blocker (only for SP2, but third-party software are available for providing similar functionalities)
• Print preview
• Built-in FTP client
• Range of options for accepting and restricting cookies
• New set of events related to the use of the mouse wheel
• Fault collection offers users the option to extract information about an Internet Explorer fault and upload the data to Microsoft for analysis

Innovative features

Internet Explorer was designed with functionality in mind. It introduced a number of extensions to JavaScript which are now followed up by the other browsers. These include the innerHTML property, which returns the HTML string within an element; the XMLHttpRequest object, which allows the sending of HTTP request and receiving of HTTP response; and the designMode attribute of the contentDocument object, which enables rich text editing of HTML documents. Some of these functionalities were not possible until the introduction of the W3C DOM methods.

In the days when Internet Explorer was being actively developed, Microsoft had sent several proposals of Web standards to W3C. However, all were rejected. These include the behavior CSS property, which connects the HTML elements with JScript behaviors (known as HTML Components, HTC); HTML+TIME profile, which adds timing and media synchronization support to HTML documents (similar to the W3C XHTML+SMIL); and the VML vector image file, which was joined with PGML (proposed by Adobe and Sun), resulting in the SVG format, currently the only vector image format that is being used (to a limited extent) on the web.

The favicon (short for "favorites icon") introduced by Internet Explorer is now also supported and extended in other browsers.

Web standards

During the browser wars of the late 1990s, modifications of Internet Explorer and Netscape were focused on the addition of non-standard features. This is in contrast to more recent browsers which have been designed with web standards in mind. Since version 5, there have been no significant changes in IE's Trident rendering engine. As a result, as of 2005, IE lags behind in support for standards.

Although each version of IE has improved standards support, including the introduction of a "standards-compliant mode" in version 6, the core standards that are used to build web pages (HTML and CSS) are still implemented in an incomplete and incorrect fashion. For example, there is no support for the <abbr> tag that is part of the HTML 4.01 standard, and there are bugs in the implementation of float-margins for the CSS1 standard. [18] [19] The Internet Explorer box model bug is also one of the best-known bugs in Internet Explorer's implementation of CSS.

Graphics standards

The lack of support for PNG alpha channel results in a reduced usage of the PNG image format on web pages. Alpha channel is a feature that, although being an optional part of the specification, distinguishes PNG from other formats like GIF or JPEG. In Internet Explorer, the transparent part of the image will be displayed as gray, white or other colors, depending on the image editor in which the PNG image was created. Microsoft documented a workaround on its support website, and the IE developers are aware of the missing functionality, as evidenced by a posting on IE developer Dave Massey's weblog. [20] [21] Another less known bug is that when the PNG file is either 4097 or 4098 bytes in size, the image will be ignored and only the picture placeholder image will appear [22].

Other than PNG, Internet Explorer also does not support progressive display of progressive JPEG [23] [24]. Progressive JPEG divides the file into a series of scans. The user agent should display progressive JPEG from lower quality scans to higher quality scans during transmission of the file. The user should see a gradual improvement of the quality of the image. This was quite useful in the past since many users (especially home users) were on dial-up access where the bandwidth is very limiting. However, in Internet Explorer the image was not rendered until the completion of download. Fortunately this problem is less significant now due to the introduction of Broadband Internet access.

HTML, HTTP, and MIME standards

Internet Explorer's support of XHTML (the successor to, and current version of, the standard document markup language HTML), is incomplete, although no claim of any support was ever made. Rather, XHTML 1.0 was intentionally designed to be usable by HTML 4.0 user agents, like Internet Explorer, if certain document authoring guidelines for backward compatibility were followed. Furthermore, when accessing XHTML documents over a network, such support by non-XHTML-aware browsers is predicated on the documents being served with a MIME type of text/html. To the extent that these requirements are met, IE supports XHTML. XHTML has since matured, and it is now possible to author modular documents that cannot be rendered in a non-XHTML-aware browser like Internet Explorer. Furthermore, the use of the text/html MIME type is now deprecated in favor of application/xhtml+xml [25]. Internet Explorer does not recognize this MIME type, so instead of rendering the page, a file download prompt is presented to the user. It is possible to force IE to show application/xhtml+xml pages as either HTML or generic XML, but this workaround involves the manual editing of Windows registry [26]. By forcing XHTML to be interpreted as HTML, it also removes the advantages of using an XML parser like well-formedness checking. Despite the advent of application/xhtml+xml, many XHTML documents on the web are still served with the text/html type in order to make XHTML documents renderable in Internet Explorer. Some consider this practice harmful as this would result in proliferation of malformatted XHTML documents. [27]

Unlike other browsers, Internet Explorer does not obey MIME types specified in the MIME Content-Type header. For example, a document sent as text/plain containing HTML-like tags will be interpreted as a HTML document, while it was intended to be displayed as a plain text document [28].

Internet Explorer does not fully support HTTP/1.1 content negotiation, because the browser does not specify, in its requests, what MIME type and character encodings it can accept. Content negotiation is a technique whereby an HTTP server uses the browser's—ultimately, the user's—preferences for media (MIME) type, languages, character encoding, and transfer encoding (for example, compression) in order to determine the best representation of a resource to send to a user agent, when multiple representations are available. An example would be the negotiation of image format (such as SVG, PNG, or GIF), and document format (WML, XHTML, or HTML, for instance).

Unicode

Main article: Unicode and HTML

Internet Explorer supports the Unicode standard for multilingual text, and is therefore theoretically capable of displaying any character which is present in an installed font. In practice, Internet Explorer does not automatically choose fonts for blocks of mixed Unicode text. Characters can end up displayed as blank squares or question marks.

Web designers must guess which appropriate fonts may be present on users' computers, and manually specify them for every change of Unicode block. In contrast, most other browsers do this automatically.

Consequences

Pages that are designed to be compliant with W3C standards may not render correctly in Internet Explorer, and can crash the browser in the worst case [29] [30] (note that some bugs may have been fixed in IE for Windows XP). However, Internet Explorer's dominance of the web-browser market in recent years has led many web developers to treat it as a de facto standard and design their websites for IE's characteristic rendering, rather than coding them to conform to the W3C standards. This leads to problems for users who use other web browsers.

Conversely, many other web designers build websites compliant to W3C standards, and then implement workarounds or hacks to account for Internet Explorer's rendering inadequacies, or to hide advanced website features from IE. The CSS hacks are often very complicated, as they need to deal with different versions IE under different platforms (mostly Windows and Mac). The hacks utilize not just Internet Explorer-specific features, but also some rendering-engine bugs that are well known. Some of the more common hacks:

• Exploiting the "Star HTML selector" bug [31]
• Exploiting the CSS parsing bugs [32] [33] [34]
• Using CSS2 selectors that IE doesn't recognize
• Using JScript and the IE CSS behavior [35]
• Using the IE CSS filters [36]
• Using the IE conditional comments [37]

One of the most popular IE hack collections is known as IE7, written by Dean Edwards. [38] It is an attempt to make Internet Explorer more compliant when it comes to web standards. In addition to the support of some CSS2 selectors, it also fixes some of the IE bugs. However, as many client-side scripts need to be loaded and run before displaying the page properly, there is a considerable amount of loading time needed for every single page.

In order to render as many web pages as possible, Microsoft has designed Internet Explorer's rendering engine with strong fault-tolerance in mind. It will compensate for errors made by web designers while building web pages, by filling in missing HTML tags and ignoring structural problems. The impact of this decision is mixed. This tolerance of invalid pages does help typical end-users who have asked to view that specific page, since even terribly nonstandard pages still provide information. However, since some developers test only by seeing if IE renders a page, nonstandard pages have proliferated, making it more difficult to create tools (such as specialized search tools) that automatically process and analyze web pages.

Security

Internet Explorer comes under heavy scrutiny from the computer security research community, in part due to its sheer ubiquity. Exploitation of Internet Explorer's security holes has earned IE the reputation as the least secure of the major browsers.

As of April 9 2005, security advisory site Secunia counts 19 security flaws unpatched (not yet fixed) for Internet Explorer 6, although some of these flaws only affect Internet Explorer when running on certain versions of Windows or when running in conjunction with certain other applications. [39] See computer security for more details about the importance of unpatched known flaws.

On June 23, 2004, an attacker using compromised Microsoft IIS Web servers on major corporate sites used two previously-undiscovered security holes in IE to insert spam-sending software on an unknown number of end-user computers [40] [41] [42]. This malware became known as Download.ject and it caused users to infect their computers with a backdoor and key logger merely by viewing a web page. Infected sites included several financial sites.

The United States Computer Emergency Readiness Team (US-CERT) has asserted that IE's design makes it difficult to secure. They state that "There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. … IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system." [43]

In addition, some security exploits associated with Internet Explorer are made possible through normal usage patterns of users of Microsoft Windows. For example, in Windows XP, it is the default system behavior to allow normal users to log into accounts with administrator privileges for everyday computer use. In this situation, an exploit which allows a cracker to run arbitrary code effectively gives away control of the entire computer. This would be the case for any browser which ran with unrestricted privileges. Because the everyday use of root accounts for normal users is rare on other operating systems, attacks which rely upon inappropriately restricted browser processes are most often targeted at Windows-based browsers. However, many programs on Windows do not work or work poorly without administrator privileges, so what are considered normal security practices on other operating systems are sometimes impractical to perform on Windows.

Many security analysts attribute IE's frequency of exploitation in part to its ubiquity, since its market dominance makes it the most obvious target. However, many others argue that this is not the full story; the Apache web server has a much larger market share than Microsoft IIS, yet Apache has had fewer (and generally less serious) security vulnerabilities than IIS. [44] Microsoft's Craig Mundie has admitted that Microsoft's products were "less secure than they could have been" because it was "designing with features in mind rather than security"—even though most people didn't use those new features. [45]

As a result of its many problems, some security experts, including Bruce Schneier and David A. Wheeler, recommend that users stop using Internet Explorer for normal browsing, and switch to a different browser instead. [46] [47] Several technology columnists have suggested the same [48] [49] [50]. On July 6, 2004, US-CERT released an exploit report in which the last of seven workarounds was to use a different browser, especially when visiting untrusted sites. [51], and in December 2004 Pennsylvania State University issued an alert to students and staff telling them to drop IE and use an alternative. [52] There have also been discussions about removing IE, but as the next section shows, what this means (and doing it) is more complicated.

Component Object Model

Many of the IE's security issues are related to components based on the Component Object Model (COM). COM is a Microsoft technology for software components used to enable cross-software communication. These components take one of two forms; ActiveX components (introduced with IE 3.0) that extend the features of web pages and BHOs (introduced with IE 4.0) that extend the features of the browser itself. The embedding of COM into the Internet Explorer web browser created a combination of functions that has led to an explosion of computer virus, trojan and spyware infections.

These malware attacks mostly depend on ActiveX for their activation and propagation to other computers. Microsoft has recognized the problem with ActiveX since 1996 when Charles Fitzgerald, program manager of Microsoft's Java team said, "If you want security on the 'Net', unplug your computer. ... We never made the claim up front that ActiveX is intrinsically secure." [53]

ActiveX controls, once run, have all the users' privileges instead of the limited privileges granted by competing approaches (like Java and JavaScript); ActiveX controls are also non-standard and are not portable to non-Windows platforms. As pointed out by Professor Edward Felten of Princeton University:

"ActiveX security relies entirely on human judgment. ActiveX programs come with digital signatures from the author of the program and anybody else who chooses to endorse the program. ... The main danger in ActiveX is that you will make the wrong decision about whether to accept a program. ... The most dangerous situation, though, is when the program is signed by someone you don't know anything about. You'd really like to see what this program does, but if you reject it you won't be able to see anything. ... The only way to avoid this scenario is to refuse all programs, no matter how fun or interesting they sound, except programs that come from a few people you know well." [54]

ActiveX security relies on security zones and digital signing, which are not as reliable as other measures like sandbox security model and same origin policy [55]. It is explained in an O'Reilly book, "Malicious Mobile Code":

"ActiveX's biggest problem is the way it incorrectly marks controls Safe for Scripting. Already used in several email worm attacks, these types of holes continue to appear. If Microsoft cannot correctly determine the safety and appropriateness of its own system controls, how can vendors be expected to? Following that problem is the growing use of unsigned code. The digital signing process is technical and expensive. Most ActiveX controls on the Web are unsigned. Many of those that are signed, are expired. I rarely come across a control that is signed and current. If ActiveX's security lives or dies on whether end-users correctly choose to trust or not trust unsigned controls to run, it appears doomed unless digital signing of code becomes widespread. If ActiveX controls become standardized across the world's web sites, as expected, we will surely see a rise in malicious code for ActiveX." [56]

The security problems of ActiveX were first demonstrated in February 1997 by the Chaos Computer Club (CCC), who demonstrated an ActiveX control that could communicate with an installation of Intuit's Quicken financial software on a user's hard drive to automatically transfer money from a user's account to CCC's bank account. [57]

The U.S. Department of Defense (DoD) defines ActiveX as a category 1 (maximum risk) mobile code technology, and strictly limits how ActiveX can be used in DoD systems. [58]

Browser Helper Objects (BHOs) are DLL components, that add functionality to Internet Explorer. They are installed by some 3rd-party software, including Morpheus and Alexa. Since BHO's have access to browser state and behavior, they may be used for malicious purposes. Furthermore, since they may be silently installed by 3rd party software and operate as a component of Internet Explorer, a user may not know that they are running within the browser. With Windows XP Service Pack 2 however, the Add-on Manager that Microsoft added to Internet Explorer lists all installed BHOs and give the user the option to enable or disable each BHO.

The forth-coming Microsoft AntiSpyware, which is currently in beta, monitors BHOs in Internet Explorer on Windows 2000, XP and Server 2003, and will warn the user before a new BHO is installed.

Patches

Microsoft periodically issues security patches which can be automatically or manually downloaded and installed to update the browser. Microsoft's recent Windows XP Service Pack 2 adds several important security features to Internet Explorer, including a popup blocker and additional security for ActiveX controls. ActiveX support remains in Internet Explorer although access to the "Local Machine Zone" is denied by default since Service Pack 2. However, once an ActiveX control runs and is authorized by the user, it can gain all the privileges of the user, instead of being granted limited privileges as Java or JavaScript do.

Critics have claimed that security fixes take too long to be released after discovery of the problems, and that the problems are not always completely fixed. After Microsoft released patches to close 20 holes in its general operating system in February 2003, Marc Maifrett , Chief Hacking Officer of eEye Digital Security, stated that "If it really took them that long technically to make (and test) the fix, then they have other problems. That's not a way to run a software company." [59] Maifrett was criticized by The Register for publicizing a security hole leading to the creation of the Code Red worm and stated that "had they not made such a grand public fuss over their .ida hole discovery and their SecureIIS product's ability to defeat it, it's a safe bet that Code Red would not have infected thousands of systems" [60]. Microsoft attributes the perceived delays to rigorous testing. The testing matrix for Internet Explorer demonstrates the complexity and thoroughness of corporate testing procedures. The browser is released in 26 different languages on many different Windows platforms. Therefore, it is estimated that each patch is tested on at least 237 installations. [61]

Although security patches continue to be released for a range of platforms, most recent feature additions and security improvements were released for Windows XP only.

Spyware, adware and Windows XP SP2

Spyware and adware, like other malware, generally target Windows / Internet Explorer based systems. Older spyware attacks have largely been mitigated by security improvements in Windows XP SP2, but newer attacks against Internet Explorer allow the installation of spyware on SP2. Microsoft advises against installing SP2 on a system which is already infested with spyware, as it can cause the system to become unbootable.

"Failure to clean up spyware and adware on your computer before installing SP2 can cause issues and in some cases make your computer difficult to restart. You may not even know that spyware or adware programs are installed on your system. And some spyware or adware programs may not cause serious issues with SP2, but it's a good idea to run spyware and adware removal programs before installing SP2." [62]

Depending on the type of spyware installed, removing it in preparation for an SP2 upgrade can be as simple as running an anti-spyware tool, or in serious cases require manual editing of the Windows Registry. Nevertheless, security experts generally recommend installing Service Pack 2.

Market adoption

The adoption rate of Internet Explorer seems to be closely related to that of Microsoft Windows, as it is the default web browser that comes with Windows. After having fought and won the Browser wars of the late 1990s, against Netscape Navigator, in 2002, IE began to see its market usage share shrink. Having attained a peak of about 97% in 2002, IE maintained a near constant 95% usage share until 2004. However, since then, it has been in a steady decline. This has been attributed to the emergence of viable free alternatives, mainly the Mozilla Foundation's Firefox [63].

Nevertheless, Internet Explorer remains the dominant web browser. Different organizations report different usage share figures, depending on their approaches and samples; web analysis company WebSideStory reports that IE has a 89.85% USA usage share (as of February 18, 2005) [64], OneStat reports that IE has an 87.28% global usage share (as of February 28, 2005) [65], and Janco Associates, Inc. reports IE has an 84.85% usage share as of January 31, 2005 [66].

Global usage share from OneStat.com

Date	IE	Mozilla	Safari	Netscape	Opera	Source
04/29/02	97%			2.8%	0.5%
07/21/02	95%	0.4%		3.4%	0.7%
09/30/02	95%	0.8%		3.0%	0.9%
12/16/02	95%	1.1%		3.0%
02/03/03	95%	1.2%	0.11%	2.9%
07/28/03	95%	1.6%	0.25%	2.5%
01/19/04	95%	1.8	0.48		0.8%1
05/28/04	94%	2.1%	0.71%		1.02%1
11/22/04	89%	7.35%	0.91%		1.33%
02/28/05	87%	8.45%	1.21%	1.11%	1.09%
1 Usage for Opera 7.0 only.

USA usage share from: WebSideStory.com

Date	IE	Firefox	Mozilla1
06/04/04	95.48%		3.53%
11/05/04	92.89%	3.03%	5.98%
12/03/04	91.80%	4.06%	6.89%
01/14/05	90.28%	4.95%	7.59%
02/18/05	89.85%	5.69%	8.16%
Source: WebSideStory Data Spotlight 1All Netscape and Mozilla-based browsers, including Firefox.

Removing Internet Explorer

The idea of removing Internet Explorer from a Windows system was first proposed during the Microsoft antitrust case. Later, some security advocates took up the idea as a way to protect Windows systems from attack via IE vulnerabilities. Whether the net benefit of removing IE exceeds the cost, and indeed what it means to "remove IE", are disputed.

Simply installing and using another browser does not prevent third party programs and core operating system components from using IE libraries. Thus, a user who does not use IE to browse the Web can still be targeted by attacks against vulnerabilities in these libraries—for instance, via Outlook Express or the Windows Help subsystem. However, removing the IE libraries will cause these programs, and other software which depends upon them, to cease functioning or even to crash the system.

It is unclear what it means to "remove IE" because such a removal depends on being able to determine which files or functions on an installed Windows system are part of IE — that is, to draw a line between IE and the rest of Windows. Microsoft has held that this is not meaningful; that "IE" is no longer (as it was prior to Windows 98) a separate piece of software, but simply a brand name for the Web-browsing and HTML-displaying capacities of the Windows operating system. In this view, the result of removing IE is simply a damaged Windows system; to have a working system without IE one must replace Windows entirely.

In contrast, some programmers and security writers have held that it is possible to have a useful and working Windows system with IE excised. Consultant Fred Vorck, who advocates that consumers should have the choice to remove "integrated" features of Microsoft Windows [67]; Dino Nuhagic, who is the creator of nLite — a product that allows users to remove Windows components like Internet Explorer and Windows Media Player, amongst others [68]; and Shane Brooks, who created LitePC to remove and manage Windows components [69], have all suggested removing Internet Explorer from computers in order to decrease exposure to security risks on the Internet [70].

It is possible to remove Internet Explorer from Windows 95, 98 and ME (see instructions on the Netscape website [71] and on Microsoft's website [72]), as well as from Windows 2000 and Windows XP at installation time. Microsoft claims that attempting to remove Internet Explorer from Windows may result in system instability.

Microsoft's position is in contrast with other operating systems and browsers. Other operating systems typically include at least one browser—for instance, Safari and Internet Explorer for Mac in Mac OS X. However, in these systems the web browser can be removed or replaced like any other application.

See also

• History of the Internet
• Internet Explorer shell
• List of web browsers
• Comparison of web browsers

References

• Wilson, Brian (undated). Internet Explorer (Windows). Index DOT Html/Css.
• Microsoft. Internet Explorer History (June 30, 2003). Corporate history page.
• Microsoft. "Explorer caused an invalid page fault in module MSHTML.DLL at 0137:703e34c" error message when you start Windows 95 or Windows NT with the Active Desktop enabled or when you start Internet Explorer". Microsoft Support Knowledgebase article Q175379. Retrieved February 13, 2005.
• Microsoft. Netscape-Style Plug-ins Do Not Work After Upgrading Internet Explorer. Microsoft Support Knowledgebase article Q303401. Retrieved February 13, 2005.
• Microsoft. PNG Files Do Not Show Transparency in Internet Explorer. Microsoft Support Knowledgebase article Q294714. Retrieved February 13, 2005.
• Giannandrea, J. (September 4, 2001) Microsoft breaks Web Plugins in Windows XP.
• Thurott, Paul (January 22, 1997) Microsoft and Spyglass kiss and make up. Windows IT Pro.
• Livingstone, Brian (March 9, 1999). How to remove Internet Explorer from Windows 98. CNN.
• LitePC homepage. LitePC.
• United States of America (plaintiff) vs. Microsoft Corporation (defendant). Court findings of facts.
• Using Script encoder. MSDN. Retrieved February 13, 2005.
• Festa, Paula (October 9, 2003). Developers gripe about IE standards inaction. News.com.
• CSS contents and browser compatibility (no date). quirksmode.org. Retrieved February 13, 2005.
• Massey, Dave (August 05, 2004). Transparent PNG Support. Dave Massey's webblog.
• XHTML Media Types W3C Note 1 August 2002 (August 2002). W3C.
• Hickson, Ian (September 2002). Sending XHTML as text/html Considered Harmful. Retrieved February 13, 2005.

External links

Official

• Internet Explorer Home
• IEBlog — The weblog of the Internet Explorer team
• Channel9 Wiki: InternetExplorer — The wiki for Internet Explorer
• Internet Explorer Community — The official Microsoft Internet Explorer Community
• Changes in Internet Explorer for Windows Server 2003 — A chat transcript with Brian Countryman (Internet Explorer Program Manager) and Rob Franco (Internet Explorer Program Manager) for Microsoft TechNet
• How to Uninstall Internet Explorer 6 — A Microsoft support article for pre-XP versions of Windows

Bugs

• Secunia.com Vulnerability Report on Internet Explorer
• Unpatched Internet Explorer Bugs — Unfixed problems in Internet Explorer
• Explorer Exposed! — CSS rendering problems in Internet Explorer

Opinion

• Better Browsing with Service Pack 2 — Some benefits of SP2 with Internet Explorer
• "Why I Support Internet Explorer in the New Browser Wars" — A "pro-IE" opinion piece by an undergraduate, Christopher Beach
• The Door Is Ajar — An "anti-IE" article by a Sun Microsystems technology director Tim Bray.
• Why You Should Dump Internet Explorer — An "anti-IE" article by a MCSE Daniel Miessler.
• StopIE — An "anti-IE" campaign by a web developer Stephen O'Brien
• Browse Happy — An "anti-IE" campaign by the Web Standards Project
• Securing Microsoft Windows (for Home and Small Business Users) — An article on securing Windows recommending against using IE, with references to other articles on the topic