(Rest your mouse cursor over the green text to see its description.)
4 out of 5 people use Microsoft Internet Explorer as their web browser. Internet Explorer frequently presents critical security risks to systems that use it, allowing malicious websites to hijack their computers, infect them with viruses, and conduct identity theft, and its lack of technology support has driven up the cost of web development and stifled innovation.
It is in the best interest of all Internet users to stop using Internet Explorer as soon as possible!
There are free alternatives that offer quality as good or better than Internet Explorer. The following article will explain in greater depth the problems with Internet Explorer and what the alternatives are.
Too much to read? An abridged version is available.
This page was last updated March 23, 2009.
Internet Explorer is the single most actively exploited piece of software on most computers. A majority of computer spyware and adware makes its way onto your computer through Internet Explorer's security holes. In an October 2004 study, 80% of home computers were found to be infected with spyware or adware, even though 85% had antivirus software installed. Studies have shown that these percentages are much higher among people who use Internet Explorer than with any other major web browser. This is largely because Internet Explorer was designed to grant websites control over the user's computer, and malicious websites can easily abuse this power, automatically installing programs and viruses onto your computer without your knowledge and performing dangerous system operations behind your back. Once your computer is hit with a spyware or adware attack, Microsoft says the only solution may be to dump your system and start from scratch.
These security holes are due to fundamental flaws in the design of Internet Explorer, as well as Microsoft's slow and ineffective security response process. Microsoft's chief technical officer Craig Mundie stated, “Many of the products we designed in the past have been less secure than they could have been because we were designing with features in mind rather than security. [...] In the past we sold new applications on the strength of new features, most of which people didn't use.” Although Microsoft issues monthly security updates, vulnerabilities have continued to be found at a much faster rate than they have been fixed. According to a Security Fix study, a fully-updated Internet Explorer was found to be “unsafe” (unprotected against serious known vulnerability exploits) for 78% of the year 2006, while its main competitor, Firefox, was “unsafe” for only 2% of the year. Through Internet Explorer, you could have your identity stolen and your bank account wiped clean, or your system could be destroyed and all of your important files deleted. The situation has gotten to where even the U.S. Department of Homeland Security is suggesting that consumers switch away from Internet Explorer. In May 2006, PC World named Internet Explorer the 8th worst tech product of all time, stating that it “might be the least secure software on the planet”.
The following is a brief summary of the vulnerability levels in the three most popular web browsers. The information was collected from Secunia, a leading computer software security monitoring company. These statistics cover all reported vulnerabilities in Windows versions of Internet Explorer, Firefox, and Opera. Historical cumulative values are provided in three forms: for all vulnerabilities in the entire of life of these products, for all vulnerabilities that were present during an equal length of time since the first reported vulnerability in the product, and for all vulnerabilities that were present during the same length of time before and including the present. That length of time is equal to half the number of days since the first reported vulnerability in the newest browser covered (Firefox, 2004-02-09). Note that some vulnerabilities may have been present during both time periods, so the sum of both values may be greater than the total number. “High severity” values include vulnerability reports that were marked as “highly critical” and above. Relative danger levels are calculated by adding up the square of the criticality levels for each vulnerability report (not critical=1, extremely critical=5). The vulnerability information was last updated February 10, 2009. For more details, see the Web browser security summary resource.
|Historical cumulative values (Product life)|
|High severity vulnerability reports||66||31||5||21|
|Historical cumulative values (from first 365 days)|
|High severity vulnerability reports||13||2||5||4|
|Historical cumulative values (from last 365 days)|
|High severity vulnerability reports||1||0||0||0|
|Highest values at one time|
|High severity vulnerability reports||5||2||1||1|
|Mean average per day (from last 365 days)|
|High severity vulnerability reports||1||0||0||0|
|Median average per day (from last 365 days)|
|High severity vulnerability reports||1||0||0||0|
|High severity vulnerability reports||1||0||0||0|
Internet Explorer has had 140 vulnerability reports. 25 were marked as moderately critical, 50 were marked as highly critical, and 16 were marked as extremely critical. There are still 38 remaining, including 9 that were marked as moderately critical and 1 that was marked as highly critical.
Firefox has had 77 vulnerability reports. 19 were marked as moderately critical, 31 were marked as highly critical, and 0 were marked as extremely critical. There are still 5 remaining, including 1 that was marked as moderately critical.
Safari has had 7 vulnerability reports. 0 were marked as moderately critical, 5 were marked as highly critical, and 0 were marked as extremely critical. There are still 2 remaining, both of which were marked as less critical or not critical.
Opera has had 70 vulnerability reports. 20 were marked as moderately critical, 20 were marked as highly critical, and 1 was marked as extremely critical. There is still 1 remaining, which was marked as not critical.
It is also important to consider how quickly each web browser fixes its vulnerabilities. The following table lists the average time taken between Secunia's vulnerability reports and the release dates of their respective patches, if all aging unfixed vulnerabilities (vulnerabilities at least as old as the mean of all fixed vulnerabilities for that browser) were to be fixed today. Data does not include unfixed vulnerabilities less than that age, vulnerabilities with unknown fix dates, or vulnerabilities that were only publicly known after the patch release. Values listed are in days.
|Per vulnerability report|
|High severity mean||328||13||21||8|
|High severity median||53||10||21||8|
|Per vulnerability issue|
|High severity mean||253||17||21||8|
|High severity median||61||23||23||8|
|Weighted by relative danger|
|High severity mean||299||13||21||7|
|High severity median||52||10||21||1|
|Per fully-disclosed vulnerability report|
|High severity mean||57||5||21||1|
|High severity median||48||5||21||1|
The Washington Post Security Fix column conducted a similar study comparing patch delay between Microsoft products and Mozilla products in 2003 through 2005, using different sources than the above information. Note that, unlike the above information, the Security Fix study ignores unfixed vulnerabilities.
The following graphs illustrate present security figures in each browser over time. Higher levels mean greater danger. The graphs span from February 9, 2004 to today.
In today's fast growing Internet world, we are seeing a greater demand for web applications that are both powerful and versatile. This calls for new technologies to be developed, and quickly. In order to create and organize these new technologies, a standards body called the World Wide Web Consortium (W3C) formed. Their members include people from many of the world's largest technology companies, all working together to develop technology standards that will take the Internet to the next level and beyond.
Unfortunately, in the last several years, one of the most significant members of the W3C has failed to adopt the very standards that it helped to create. Microsoft, feeling confident with Internet Explorer holding over 90% of the market, stopped adding the new technological developments to its web browser. Microsoft employee Dare Obasanjo explained, “In an almost text book example of how monopolies work, Microsoft abandoned innovation in IE in a move that showed that at this point IE was considered a cost center not a revenue generator.” The W3C has continued to develop technologies that would give websites new levels of functionality, break down barriers for the disabled, and aid software and search engines in actually understanding the information that's presented on the Web. Many of these technologies exist, but with Microsoft's incredible weight in the market and unwillingness to develop their browser, they've been unable to see the light of day.
By 2006, Internet Explorer had fallen nearly a decade behind in Internet technology. Practically all of the standards that it supports are met and exceeded by other competing browsers, who are now diving deep into a new world of Internet technology that Internet Explorer has yet to touch. While Internet Explorer is in high use, web developers are forced to either stay with outdated technology, often costing them double or triple the time and money, or turn away a majority of their potential visitors. As time goes on, an increasing number of personal websites, development journals, and online tools are being made using technology not supported by Internet Explorer.
Since their market dominance began to slip following the release of the Firefox web browser, Microsoft finally decided to develop Internet Explorer again. However, web standards experts who have reviewed the new additions in Internet Explorer 7 see the situation as too little too late. Overall, IE7 only made about as much progress over IE6 as Firefox 1.5 and Opera 9 did over their immediate predecessors.
The following table is a summary of web technology support among the three most popular web browsers, including the new version of Internet Explorer (IE 7). The three technologies listed are fundamental in modern web design. For more information, see the extended Web browser standards support page.
|Technology||IE 6||IE 7||Firefox 2||Firefox 3||Opera 9|
|HTML / XHTML||73%||73%||90%||90%||85%|
Luckily, there are several good alternatives to Internet Explorer, and all of the major ones are available completely free of charge.
Firefox is a new free web browser that is quickly gaining massive popularity and a lot of media attention. It is all-around safer, easier, and more useful than Internet Explorer. Since its premier in November 2004, it has been downloaded over 300 million times and is now used by 10% - 20% of the public. Firefox has been developed by a group of highly dedicated and skilled open source programmers who work without pay. Their motivation isn't money, but simply to make the best web browser available, so that they and their friends and family can have a better web browsing experience.
On top of popular modern features like tabbed browsing, phishing protection, and popup blocking, Firefox offers a wide range of features not available in Internet Explorer:
Spell checking: When you're writing messages in a message board, blog, or web-based e-mail, misspelled words are indicated with a red underline as you type them. No more copy/pasting messages into a separate application just to check for spelling mistakes.
Integrated search: Firefox has several useful search tools built into the browser. You can perform a Web search using your favorite search engine right from a search box in your toolbar and get suggestions for popular searches as you type. The Find bar with find-as-you-type makes it easy to find a word or phrase on the current webpage. Advanced users also have additional search tools at their fingertips, such as keyword searches.
Session restore: Have you ever gotten frustrated because your browser suddenly crashed while you were in the middle of something important? If something causes Firefox to crash, you will be brought right back to where you were, including any form information you were in the process of filling out.
Themes: Themes allow you to change Firefox's look and feel to fit your personality. A theme will change the appearance of your toolbar icons and window, making them look fun, sleek and sexy, or simple and compact — however you like it. There are over a hundred Firefox themes available from the main website.
Extensions: This is one of the greatest innovations in Firefox. Firefox has a unique “extension” system that allows you to easily install small plugins to add any variety of features you can dream of. Do you want to use Firefox to chat with people online? Grab the ChatZilla extension. Do you want Firefox to get rid of all banner ads on the websites you visit? Grab the AdBlock extension. Do you want Firefox to tell you the weather forecast for the next few days? Grab the ForecastFox extension. Major companies like Google, Yahoo!, and Amazon.com have developed free extensions for Firefox.
Web technology: Firefox has some of the best support for the latest developments in web technology. This means that it offers support for high-end web applications, rich webpage designs, and other features that allow for powerful, interactive websites. More and more websites are beginning to make use of these advanced technologies that aren't supported by Internet Explorer. View the Web browser standards support tables for details.
Security: Security is a top priority in Firefox. Unlike Internet Explorer, Firefox was built from the ground up with a security-conscious architecture. It won't install things behind your back like often Internet Explorer does, and it will always warn you if you're about to do something to compromise your security. Mozilla (the group that develops Firefox) has offered to pay hundreds of dollars to anyone who can find a security vulnerability in Firefox. So far, the vulnerabilities that have been found in Firefox have been less serious than those in Internet Explorer, and they have consistently been fixed before any users were affected. While no browser offers perfect security, Firefox's quick and thorough security team keeps it a much safer alternative to Internet Explorer.
Switching to Firefox is easy. Your Favorites, passwords, and other settings from Internet Explorer are carried on to Firefox automatically, so you don't need to worry about losing anything. Setup is quick and easy, and no technical skills are required to get Firefox running on your system.
Here are some official Instructions for switching from Internet Explorer to Firefox.
Firefox is available on all major platforms. See the System requirements for details.
If you're looking for a second option, try out Opera. Opera is very small and lightweight, yet is packed with useful features. Like Firefox, it offers tabbed browsing, phishing protection, popup blocking, themes, and better security, it's nearly tied with Firefox in webpage technology support, and it's also completely free.
Although Opera doesn't have the robust extension system that Firefox offers, it comes with many more features right out of the box:
E-mail: Rather than having a separate e-mail application like Outlook, you can use the e-mail interface built right into Opera. This interface also supports newsfeeds, allowing you to be notified of new content on your favorite websites.
Chat: Opera has support for Internet Relay Chat (IRC). This allows you to have quick back-and-forth conversations with one or more people online. IRC can also be used to share photos and documents with others.
Mouse gestures: Gestures provide a convenient new way of navigating webpages. By holding the right mouse button and moving the mouse in a certain way, you can quickly tell Opera to go back or forward a page, reload the current page, open a new tab, or a number of other commands.
Notes: Need to remember something about a particular website? Rather than grabbing a pen and paper or starting up a word processor, you can just write it down on an Opera note. These notes are convenient and are linked with the website.
Zoom: Want a close-up of the webpage you're viewing? Opera's zoom feature can be used to shrink or enlarge the entire webpage. Everything is scaled evenly, so the page doesn't fall apart like it might in some browsers.
Voice: Sit back and tell your browser what to do, or rest your eyes and let it read the webpage aloud. Opera for Windows supports advanced speech features that allow you to surf the Web with just a microphone and speakers.
Here are some official Instructions for switching from Internet Explorer to Opera.
Opera is available on all major platforms.
Flock is a free cutting-edge social web browser that is based on Firefox and optimized for blogging, newsreading, sharing photos, and generally making the most of the modern Web. If you are regularly involved in these kinds of social aspects of the Web, Flock may prove to be an ideal out-of-the-box browser for you. Like Firefox, Flock supports its own brand of over a hundred extensions that can further enhance your Web experience.
Flock is available on all major platforms. See the System requirements for details.
Setting them up is a snap. Just go to the website and follow the download link. Open the file that you download (either by clicking “Run” or “Open” at the start of the download or by double-clicking the program icon when it's done), and you'll be given a simple installation screen. From there, you can just agree to everything that comes up and it'll all work out nicely. If you find that you don't like it and want to go back to Internet Explorer, all you have to do is start up Internet Explorer like you normally do. Installing a different web browser will not break or replace your old one, so there's no reason not to give one of the alternative browsers a try.
After you've installed the browser, make sure you click on the right icon to start it up. You don't want to click on the blue “e” anymore. The Firefox icon looks like an orange fox wrapped around a globe, Opera looks like a red “O”, and Flock looks like a flock of little blue blobs.
Modern alternative browsers like those listed above very rarely have problems with websites. They adhere closely to the web technology standards, meaning that all websites should look and function more or less the same in all browsers.
On occasion, you might come across a website that has errors in its code. In some older webpage formats, still widely used, there is no clear standard regarding how errors are to be treated by the web browser, and you may experience slight differences in different browsers.
You may also experience issues resulting from Internet Explorer's incorrect implementation of many standard webpage elements. Webpages are made up of a large set of rules written by the webpage author. If the author adjusts the rules to suit Internet Explorer's incorrect behavior, the webpage might not look right in other browsers that handle the rules correctly. In fact, Microsoft has announced plans to make new upcoming versions of Internet Explorer behave more in accordance with the standards — and therefore, more like the other web browsers — even if it causes problems with these poorly-coded websites.
Some sites are designed to use Microsoft's ActiveX technology, which most other browsers choose not to support because of the serious security holes in ActiveX. Even Microsoft advises users to disable ActiveX for regular web browsing, and it will be disabled by default in the new versions of Internet Explorer.
Most often, if a website doesn't look correct in an alternative browser, it is because the website wasn't written correctly, not because of a fault of the browser. If you experience a problem, it is best to contact the website administration and inform them. They should be embarrased for shutting out a significant and growing percentage of their potential visitors due to not following the established web standards. In fact, in some cases it is illegal for a business website or a government website to not work properly in these alternative browsers.
Fore more information, see the following resources:
If you own a website and are familiar with server-side scripting, you may redirect Internet Explorer users to <
http://www.webdevout.net/browser-warning?forward_uri=location> where location is the URL of the document that the user attempted to access, but without the redirect. Note that the entire location, including any query parameters, must be stored within the forward_uri parameter, so be sure to encode it properly.
You may also limit this warning message to occurring only once per browsing session. It is recommended that you do this from your website, but if that isn't possible, you may instead add
&once to the end of the request for this page to achieve that effect. This will only work properly for users that accept cookies.
If your website supports PHP, you may use my prebuilt script for detecting and redirecting Internet Explorer users. Follow the instructions in readme.txt.
Alternatively, you may use the basic informative version by linking to <
http://www.webdevout.net/ie-is-dangerous>. It is recommended that you use the previous method for automatic redirections.
If you have further questions, you may direct them to firstname.lastname@example.org. I encourage website owners to spread this message, and I am flexible with the use of this document. This article is under a very generous Creative Commons License and you may reproduce it and modify it under the stated terms.