...popularity. Malware authors typically focus on frequently used software, and IE is no exception. And as the popularity of other Web browsers grows, they begin to attract more attention from hackers.
In fact, Firefox — arguably the most common IE alternative — has seen its fair share of exploitable security problems in recent months. And that means users are stuck between a rock and a hard place.
While it's possible to improve security in IE, it's quite difficult for most people. Although Microsoft has made improvements that allow people to specifically manage add-ons in IE6, the majority of users are still unaware of how to use any of these features.
However, using an alternative Web browser that doesn't support ActiveX prevents users from accessing those Web sites that require it. This is perhaps the largest issue when it comes to not using IE. Despite the overwhelming evidence that using proprietary technologies on Web sites is a horrible idea, Web sites that require IE are actually quite common. And even after years of criticism, Microsoft still remains resistant to fully implementing W3C standards.
There are also differences in how different Web browsers process XML and CSS. While larger Web sites compensate for many of these issues, others do not. And even some Web sites that don't use proprietary Microsoft features simply won't work using alternative Web browsers due to subtle differences in how all Web browsers process HTML, JavaScript, or Java. Despite claims to the contrary, Java is anything but portable.
Regardless of the reasoning, companies need to realise that it's not always feasible to simply abandon IE. If your organisation has decided to stop using IE based on the premise that another browser's security is better, it's making a questionable assumption that might prove to be more trouble than it's worth.
Jonathan Yarden is the senior Unix system administrator, network security manager, and senior software architect for a US regional ISP.
Talkback
And what happens if you are not running Windows in the first place?
Using IE only, is like using any other useful piece of software, its alright when it is popular, but when the support dries up, you have to move on, which can be very painful if you have made use of specialist features.
You can guarantee, when Vista come along, there will be some new feature that prevents the latest version of IE running on XP, and before you know it you might as well be using Firefox or Opera as you are locked out and in the cold. All because Microsoft want you to buy a new computer to allow you to do want you did before.
Yarden might have been well intentioned in writing this, but it comes across as FUD. While IE is the #1 target for malware authors because it has the largest browser share, its so often the *victim* of malware attacks because of its gaping security flaws. Yarden protests that Firefox has security issues of its own... and yet, tiny Mozilla is able to fix them with remarkable speed; Firefox is already up to version 1.0.7 for that reason. Microsoft seems to release patches whenever they get around to it (and I would argue that it hasn't really changed all that much since version 6 was introduced in 2001). If you go to secunia.com you'll see that while Firefox currently has 3 flaws (the worst being "Less critical"), IE has *20* (the worst being "Highly critical" and dating back to 2003!)
A much better article would have been "Thinking of ditching IE? Avoid these pitfalls" and could have talked about a well-planned gradual migration instead of a disastrous abrupt one (actual examples are good; perhaps also contrast with sucessful/unsucessful Linux migrations).
Consider that you could start a company on the right path by installing Firefox with IEView:
http://ieview.mozdev.org/
(FF and IE icons both on the desktop)
Then inform employees of Firefox as an option that's going to eventually replace IE and explain that for the time being they can continue to use IE as the default browser or switch early to FF if they prefer. For those on FF, if they get to a website (as part of their business) that doesn't work right, they should report it to a Sysadmin on the migration project and use IE for it temporarily.
The Sysadmins can then figure out what is going on with those sites and begin to work on solutions (e.g. contacting the website in question or perhaps creating extensions to fix the code dynamically)
In the mean time, as most problems are solved, it should be announced that FF is the new default web browser, but that IE can still be used as a backup via IEView (but remove the blue E from the desktop).
Finally, when everything works well with FF, then you put severe restrictions on IE usage (e.g. sysadmins only; remove IE icon from start menu)
This is the same sort of gradual migration you can also do to transition from MS Word to OpenOffice or even from Windows to Linux. To pooh-pooh the idea is to admit that you'll be a slave to Microsoft forever.
Sure, don't ditch IE. But that shouldn't mean ditch everything else. Unless you want to be writing websites in IE6, IE7 for XP, IE7+, IE (SP) future releases and what not. And keep on explaining to all your visitors and customers that if they don't go the IE route (which one?) as well you're not that interested in them really. As well as explaining to visitors and customers that do use IE but just happen to opt for more restrict security (e.g.: actually follow Microsoft's security recommendations each and every time) that you're not quite ready for them yet.
Excuse me but you have to be absolutely bongers to still believe that the entire world will dance to the tunes of you or whatever vendor nowedays. The future will bring an ever increasing fragmentation within the Microsoft market. Partly because Microsoft itself forces it by delivering various OS version specific (even SP specific) products like IE. Partly because not all Microsoft customers follow Microsoft security advisories in the same way or even all at once and that does impact functionality possibilities from time to time. Partly because Microsoft customers that want to switch won't switch all at once. Partly because a not so small number of Microsoft customers will not switch for the foreseeable future. And partly because a growing number of Microsoft customers will opt for alternative solutions. More and more even including the OS of their choice. And all that is excluding the growing number of people making use of all sorts of handhelds and what not that come with their own flavours and various versions as well. And all of that is excluding the increasing demand for user-friendly security that actually works and as such will add to the burden of making it all work for most and the most important few. Since that also is an upcoming market with various vendors with various products in various versions.
And no, we're not there yet. There's also the desire for identity management because people are getting barking mad from all the different passwords, identities, tokens, crypt-key's, personal certificates and what not that they need to carry around. And no, like all the rest mentioned before, you're not the one telling what others should use and like it too because you know what? Your competitor and even your business partner is telling them the exact same thing but mentioning different products. So you work with whatever the customer has.
Learn to deal with change. Learn to manage diversity. You're no longer in control. No single vendor is in control anymore because they're actually involved in creating fragmentation. So a demanding, one-sided, approach and attitude is not an option anymore. One size fits all? No more.
What's needed is a true open standard like ASCII, DNS, SMTP. Something that works with whatever browser (from whatever vendor on whatever platform) that respects that true open standard in full.
Ditch IE? Yes. Because it doesn't work with a true open standard. In fact, ditch everything that doesn't work with a true open standard. Which true open standard? I don't care. Pick one as an industry and move on.
But if I'm forced to choose I won't go for the one that put me in this predicement (fool me one..., fool me twice...). Plenty of ways to script around it and, besides, the hours saved by opting for a more modern alternative will allow for such scripting. Not to mention that IE users are used to years old stuff anyway so they're easily impressed anyway.
As for FireFox. It's not there yet. But boy it is improving and developing at a rate 10 times faster then IE. And FireFox is not the only alternative out there. All with enhanced user experience and security IE still doesn't offer.
Your choice because I already made mine a long time ago and I haven't looked back. Didn't need to.
Here IE is only used for WindowsUpdate and only for the PC's that are still on Windows.
Quoting from your column:
"In addition, a considerable number of Web sites don't function properly if you're not using IE to access them."
What looks like a site, but isn't one?
A "web site" that doesn't function properly if you're not using IE to access it.
This article is a baseless advertisement for IE. The two main points given are that IE isn't the only browser with security features and that if you don't use IE you won't be able to view a large number of websites. However, while it may be that IE isn't the only browser that can be hacked, you gave no statistical data proving this point, and barely even mentioned IE's competitors. Apparently you think that becuase you said so it's true. Also, of all the sites I've visited in the last year, the only one that I remember not handling Firefox/Mozilla was the microsoft site itself. You also never mentioned Firefox's innate functions that make it a much more comfortable and easy browser to use, such as tabbing and a built-in pop-up blocker. In one sentence you even referenced a statement that is against the use of internet explorer, and in the next tried to turn it around into a reason to use the browser. This article is propaganda that only mentions the pros to internet explorer and completely foregoes the pros of other browsers. It seems to be nothing more than an attempt to trick uninformed users from making a logical choice.
Of course you keep IE around: generally you have to or the manual Windows Update site doesn't work. However as an IT programmer, consultant and contractor of years standing, I come across an IE only site of any worth once in a blue moon now. In general you need IE for some company intranet sites, and those companies aren't going to 'ditch' IE entirely for that very reason.
Therefore I think this article is somewhat redundant. Companies will ban the use of IE (still of more dubious code quality than firefox et al, and far less responsively patched) if they can do without it; otherwise they won't. There's no need for an article about it.
""In addition, a considerable number of Web sites don't function properly if you're not using IE to access them."
Actually, that is true for fewer and fewer web sites. Non-IE browsers are now over 10% of the market. Firefox has a program where they notify IE-only web sites, explain to them they are losing viewers, and help them become web standards compliant. My guess is that in a couple of years this problem will have vanished entirely.
In the meantime, you can have IE and another browser on your machine, and use IE only when needed.
I use other browsers because of all the functionality that they offer me that IE doesn't. I love Firefox, for example, because of the various plugins I can use to tailor it's use - and to give me functionality I just can't get in IE, from minor things (like tabs) to big things like adblocking, smarter popup-blocking, RSS feeds, viewing HTTP headers, viewing tables and CSS formats - the list goes on.
Sure, ActiveX might be required on a corporate intranet, but if it's on the web at large, well, stuff 'em if they're going to lock out all non-IE consumers. It's their loss.
I stopped using IE after a month of closing unwanted popups. Loaded up Firefox and turned off popups. For the sites I access, there has been no noticeable reduction in browser functionality. All the major web sites detect and handle the "Netscape" browser type, some even identify it as Firefox.
Additionally, the ability to turn Java[script] on and off, store passwords, tabbed browsing and plugins make Firefox my browser of choice. The only time I click on the big blue "e", is to see whether a malfunctioning web site works better in IE...almost always, the problem is a broken website, not Firefox's lack of features.
So, I've thought again, and my answer is still "there are other browsers equal to or better than IE"
It is a very weak argument to reconsider to switch away from IE due to its “rich functionality". When ever you have to choose between IE specific “functionality” and security, security should put more weight into the scale. And when you have to give up this IE specific “functionality” there are always other ways to obtain the same functionality without IE.
Obviously on the side of IE. The pain of migrating (which is very small) compared with the pain of constantly removing spyware etc, etc (vary large - even with MS Anti-spyware) makes it a no-brainer. I'm made Firefox my default browser for everything. For those few (and I mean 3 or 4 that I need) I either use a shortcut that lunches IE or just go to my start menu and pick IE. I mean how difficult is that? And the benefit; I've actually given up runing regular spyware scans, I now do them every month or so. Do you know how much I find? Zip, zilch, nada, nothing. A big fat zero. you tell me think again. I say you think again! This goes for my girlfriends PC, my Mum's PC and a couple of my clients who don't seem to be able to resist any link for porn!
Stick with Firefox it will never let you down!
IE = Unsafe and does not support web standards. BAD!
Firefox: Safe and supports web standards and is more sutomisable! GOOD
See the difference?
Microsoft wide web rather than World wide web I suppose !