Why you should think twice before ditching Internet Explorer
by Jonathan Yarden
Tags: Web browsers | Security | Internet | Microsoft Windows
Takeaway:
If your organization has decided that using IE on a regular basis exposes it to security risks, it's not necessarily wrong. But switching to an alternative Web browser isn't necessarily the right decision either. Find out why even long-time Microsoft critic Jonathan Yarden says companies shouldn't be so quick to look to alternative Web browsers.
Long before Internet security became a mainstream concern, many users chose to dump Microsoft's Internet Explorer and switch to other Web browsers, most notably products from Netscape. And given IE's checkered security history, that trend continues—particularly thanks to the growing popularity of the Firefox browser.
However, while I'll be the first to criticize Microsoft, I'll also say that companies shouldn't be so quick to look to alternative Web browsers. As anyone who has switched to an alternative Web browser has discovered, security isn't always the only issue. Companies often focus so intensely on security that they manage to overlook areas that are just as vital—such as functionality.
It's an undeniable fact that IE sports some functionality that simply isn't present in other Web browsers. In addition, a considerable number of Web sites don't function properly if you're not using IE to access them.
Over the years, Microsoft has adamantly maintained that IE is a part of Windows—not an add-on. In fact, the software giant has spent a great deal of time and money ensuring that users can't easily remove IE from Windows. (It is, however, much easier to disable IE on your system.)
If your organization has decided that using IE on a regular basis exposes it to security risks, it's not necessarily wrong. The majority of browser-hijacking malware targets IE—and for good reason. Hackers are taking advantage of features designed to make IE more extensible to create malware that takes over the operation of IE.
For example, a primary way that spyware and adware infest a Windows system is via the use of the Browser Helper
Objects (BHOs) that alter IE's behavior. This is another case of the common conflict between functionality and security—to the detriment of average users.
例如,间谍软件和广告程序感染Windows系统的一个主要途径是通过使用能改变IE行为的浏览器帮助者对象(Browser Helper
Object,BHO)。功能和安全之争的另一种情况是对一般用户的伤害。
The security of the Web browser itself is often a primary motivation for searching for an IE replacement. In the past, exploitable programming errors in IE have resulted in viruses and other malware infesting a Windows system.
But this is the point where most organizations go astray in their logic: They assume that switching to an alternative browser will keep them safe. Yet, just because IE has suffered from security issues before doesn't guarantee that a replacement Web browser won't experience similar issues.
Yes, IE is a common target for hackers, but that's primarily due to its popularity. Malware authors typically focus on frequently used software, and IE is no exception. And as the popularity of other Web browsers grows, they begin to attract more attention from hackers.
In fact, Firefox—arguably the most common IE alternative—has seen its fair share of exploitable security problems in recent months. And that means users are stuck between a rock and a hard place.
While it's possible to improve security in IE, it's quite difficult for most people. Although Microsoft has made improvements that allow people to specifically manage add-ons in IE6, the majority of users are still unaware of how to use any of these features.
However, using an alternative Web browser that doesn't support ActiveX prevents users from accessing those Web sites that require it. This is perhaps the largest issue when it comes to not using IE. Despite the overwhelming evidence that using proprietary technologies on Web sites is a horrible idea, Web sites that require IE are actually quite common. And even after years of criticism, Microsoft still remains resistant to fully implementing W3C standards.
There are also differences in how different Web browsers process XML and CSS. While larger Web sites compensate for many of these issues, others do not. And even some Web sites that don't use proprietary Microsoft features simply won't work using alternative Web browsers due to subtle differences in how all Web browsers process HTML, JavaScript, or Java. Despite claims to the contrary, Java is anything but portable.
Regardless of the reasoning, companies need to realize that it's not always feasible to simply abandon IE. If your organization has decided to stop using IE based on the premise that another browser's security is better, it's making a questionable assumption that might prove to be more trouble than it's worth.
(Source:
http://articles.techrepublic.com.com/5100-1009-5890288.html?tag=nl.e044)