11 March 2010
AYE! EEE! The Fear In Internet Explorer
“The fact that Internet Explorer is so widely deployed makes it a prime target. This, combined with the ‘social engineering’ aspect of these attacks – tricking the users into installing or clicking on something they shouldn’t – means the browser will continue to be a focal point of attack.” – Neil MacDonald, Gartner Research
As an information technology professional, I work with computers everyday. Of all the browsers I’ve used, I have grown to detest Internet Explorer for many reasons: Internet Explorer runs as part of the operating system; it lacks standards compliance; it lacks innovation; its excess features endanger the consumer, and; Internet Explorer is slow.
My first Web browser was Mosaic. It is a simple browser designed for uncomplicated web page viewing. Mosaic, a kludgy computer program, delivers the Web in a very minimal form. I used it during the early 1990’s. In the mid-1990’s, my preferred Web browser became Netscape Navigator. It was based on Mosaic’s Web engine. Navigator was very innovative in its day, but it had its share of bugs. Internet Explorer came about in the mid to late 1990’s based on technology similar to Netscape Navigator. All Web browsers evolve throughout the years to allow us to really understand the presentation a designer is trying to convey. During my career, I have used many different Web browsers, sometimes by choice and other times out of sheer necessity.
Microsoft Internet Explorer is the most commonly used Web browser. But Internet Explorer has more than a few flaws and underachievements. When the Internet became popular in the late 1990’s, Microsoft intertwined Internet Explorer with its operating system, Windows. Soon thereafter, Microsoft accelerated its updates to Internet Explorer and became as good or better than their competitors. However, Internet Explorer never would fully support World Wide Web Consortium’s standards. Microsoft’s progress came to a halt after establishing dominance in the Web browser market. The changes Microsoft made to Internet Explorer added features that endangered its customers. This bloat not only put the end-users at risk, but it also increased the time needed to load the Web page.
During one of our scheduled computer system update cycles, I updated our company’s computers using what was called “Internet Connection Wizard”. I remember thinking, “I already have an Internet Connection. Why do I need to use a Wizard to connect?” I would eventually learn this was Microsoft’s attempt to replace the default Web browser on all Windows computers.
Microsoft’s connection wizard forced their otherwise unpopular Internet Explorer browser on us consumers. Internet Explorer 4 became part of the core operating system. By Microsoft imbedding Internet Explorer in the Windows operating system, the Web browser was now at the fingertips of every Windows user. Internet Explorer soon thereafter became the number one Web browser because there was zero cost to the consumer and it was already installed on their computers. Netscape tried to fight back, both by changing its business model and fighting in court. However, Netscape would fail and die a painfully slow death. Well, near death, because it would be resurrected in an open source development named Mozilla and later renamed to Mozilla Firefox.
World Wide Web Consortium (W3C) is an international group that establishes acceptable design standards for the Internet and Web languages. Based on W3C’s approval of new standards, Web browsers take steps to implement and accept those standards. This is often referred to as being “standards compliant”. Some Web browsers stay at the cutting edge of compliance and others only adopt those standards when they have no other choice. There are also browsers at the other end of the spectrum that implemented their own “standards”.
Achieving a near monopoly on Web browser market, Microsoft reached a point of over-confidence. Microsoft’s Internet Explorer made a couple advancements through versions 4 and 5. However, the other browsers made marked improvements through multiple generations in their products. New Web browsers came to the market place, including Firefox, Opera, Safari and eventually Chrome. These browsers innovated the interface and improved the performance.
In the State of Arizona offices, the Human Resources agency (HRIS) contracted to have Lawson setup a user portal where employees could maintain their own benefits elections. The system took advantage of some system holes in Internet Explorer 6 to allow specific types of code to execute. Lawson’s design made it impossible for other user platforms, like Apple Mac OS X, to use the system. But, the errors didn’t stop there. When Microsoft discovered a major vulnerability in some forms of Web scripting, Microsoft released Windows patches to fix these flaws. Lawson, the HRIS contractor, had to release emergency updates to allow their system to continue to function. Six months after that update, Microsoft released a major update, Internet Explorer 7. This update, again, included fixes to major security flaws and broke the HRIS system. Working at a computer help desk, I was able to witness this first hand through all the support calls.
The complacency of Microsoft also added a greater danger. Unscrupulous programmers, with a grudge against the giant Microsoft, sought out axes to chop down the beanstalk. Microsoft’s long stagnation with Windows and Internet Explorer gave the hackers the opportunity to discover and take advantage of flaws in the Windows operating system.
ActiveX is one of Microsoft’s non-standard designs for their Web interface. ActiveX controls are objects in the Web browser that actually runs other programs on your computer. These ActiveX controls have full privilege and access to Windows. The direct access to the Windows operating system gives the webpage designer access to areas of the operating system that control key functions. Because Microsoft so closely intertwined its operating system with the Web browser, once a hacker broke the thin security of the Web browser, they had also broken the operating system. As an IT specialist, I receive advisories from Microsoft on a daily basis. Three out of every five of these announcements report newly discovered vulnerabilities in Internet Explorer.
In recent years, Microsoft has added support for many of W3C standards. However, the new features brought into version 8 are common in other Web browsers. Microsoft has still neglected many design elements common in other browsers, such as Cascading Style Sheets version 3, Scalable Vector Graphics and HTML version 5. Firefox has for many years included nearly all of the features Microsoft added to Internet Explorer. Opera has always been an industry leader in Web browsers, it has the highest security rating, and it includes many features Internet Explorer refers to as “new”.
The latest version of Microsoft Internet Explorer, version 8, has addressed many of these issues, but has still trailed its competitors. Internet Explorer does have a couple new features that are noteworthy. The tabs can be color coded to give it a visual distinguishing characteristic. Internet Explorer now includes an option to prevent recording of cookies and searches called InPrivate mode or, as it’s more affectionately referred to as, “Porn Mode”. This mode gives you some security when using a public computer to check semi-private accounts.
Although Microsoft Internet Explorer has almost caught up to its competitors, again, their continued poor demonstration of constructive design gives me no desire to place my personal data anywhere near its interface. Internet Explorer’s greatest hope is to reach mediocrity.