|Surf the Internet Safely|
Because many computer professionals regard Internet Explorer as the weak link in guarding computers against Internet hazards, PC users are being advised with increasing frequency to switch to another browser. On this page we will discuss the reasons for switching and consider an alternative browser, Firefox.
(Before I start getting mail about Opera or Netscape or other browsers, let me first say that I am concentrating on Firefox because it is what I use and because it is the most widely used alternative browser for Windows systems. Doubtless the other alternatives have their virtues but Firefox is free and is probably the easiest for Internet Explorer users to adapt to. PC Magazine has a recent review of several browsers.)
Why consider another browser?
By technology standards, Internet Explorer (IE) is an old design. Except for some changes added in Windows XP SP2, Microsoft apparently has no interest in upgrading IE until the next Windows operating system called Longhorn (now Vista) comes out. Meanwhile, everyone with older versions of Windows will see no improvements. In fact, it seems possible that only those with Windows XP SP2 will receive all the security patches.
Note added after this article first appeared: On February 15, 2005, Bill Gates announced the reversal of the previously stated Microsoft policy that no new version of Internet Explorer would be available separate from the next Windows operating system called Longhorn. Instead, Gates said that a beta version of Internet Explorer version 7 would be released sometime in the summer of 2005. However, it would be available only to owners of Windows XP, version SP2, meaning that those with older versions of Windows are still out in the cold.
Second note added October, 2006: Internet Explorer 7 has now been released for Windows XP SP2. It contains increased security features including anti-phishing measures. Windows Vista (formerly Longhorn) is in final beta and will appear shortly. Its version of IE 7 will have the added security feature of being able to run with reduced privileges. Firefox 2 is also in its final beta before release and also contains anti-phishing defenses.
Newer browsers like Firefox have added features and continue to be updated and improved. These new features will appeal to many and will be sufficient to attract them to use a different browser. However, whether someone prefers this or that browser depends to a considerable extent on the level of the user's computer sophistication and on individual patterns of Internet use. Since these pages are aimed at the typical home PC user and Internet security issues, I am not going to dwell on tabbed browsing or the features like the built-in popup blocker or the various extensions that Firefox has. Those who wish more details can check out these aspects of Firefox in the references in the sidebar. For example, Scot Finnie has an extensive review.
For the average home user the big issues in choosing a browser are convenience and security. IE can probably claim an edge in convenience because it's already there and the Microsoft desktop monopoly means that many Web sites are optimized around the way IE behaves (even though IE does not follow the World Wide Web Consortium standards). From inertia, many home PC users will be prone to stand pat with the IE that they already know and use. However, IE falls down in many ways when it comes to the all-important issue of security. In the September 16, 2004 issue of the Wall Street Journal, Walter Mossberg, the respected writer on consumer technology, described the Internet security problem this way:
If you use a Windows personal computer to access the Internet, your personal files, your privacy and your security are all in jeopardy. An international criminal class of virus writers, hackers, digital vandals and sleazy businesspeople wakes up every day planning to attack your PC.
Along with other suggestions for protecting your computer, Mossberg went on to recommend changing to the Firefox browser. As can be read in the references in the sidebar, Mossberg is only one of many commentators who have recommended dumping Internet Explorer and changing to Firefox or other browser for security reasons.
One of the reasons IE is particularly vulnerable is its use of the Microsoft technology called ActiveX, which is discussed on another page. ActiveX is a convenient programming tool but it is exactly this convenience that is its undoing. It allows unscrupulous types easy access to the Windows operating system either by subterfuge or programming tricks that fool unwary surfers. Windows XP Service Pack 2 tightens up the security but problems remain and older Windows systems are left out of any of the SP2 security improvements. As is discussed in detail on other pages, the ActiveX settings for the various security zones of IE can be configured for greater security by experienced PC users. However, the average PC user may find the procedure a little daunting. Also, disabling or configuring the ActiveX settings lessens one of the advantages in convenience that IE has.
Another source of trouble is that IE itself is deliberately designed to be closely tied into the operating system. This integration means that problems in IE can affect the whole system. Many of the seemingly endless parade of Windows security holes are related to problems with IE. Even since the SP2 upgrade of Windows XP, more IE problems have been uncovered.
Note that other browsers such as Firefox do not support ActiveX. Also, they are separate software applications.They do not have intimate access to the Windows operating system. This makes for less versatility but is a lot more secure. Firefox is clearly a safer browser to use than IE. But, as is usually the case, greater safety brings some loss of functionality. In the next section we look at the tradeoffs incurred in using non-IE browsers.
Drawbacks to using non-IE browsers
Microsoft also wants to be different when it comes to style sheet support and DHTML. They do not abide by the standards set up by the World Wide Web Consortium. All major browsers except IE conform to these standards. However, because IE is so widely used, some Web site designers tailor their sites specifically for IE and these sites do not resolve properly in other browsers. Also, IE is more tolerant of sloppy HTML that will not work in other browsers. I have not personally found this to be much of a problem in the sites that I visit but there are probably a lot of sites with coding errors that only IE will forgive. Note added later: IE 7 conforms better (but not completely) to W3C standards.
Strategy for more secure browsing
Experienced computer users who are well-versed in the many precautions that need to be taken on the Internet can make a choice of browser based on its features and their personal preferences but I am concerned with the less knowledgeable home user.
Typical home PC users should give very serious attention to the possibility of using an alternative browser and overcome their natural reluctance to get involved with reconfiguring their computer in any significant way. Unfortunately, the security problems on the Internet have reached the point where everyone should think about whether to continue using IE as their browser. This is especially important for anyone continuing to use Windows operating systems older than XP. Older systems will get no more IE upgrades from Microsoft. Firefox is an attractive and safer alternative with many positive features. Its interface is similar to IE and it has functions to import IE favorites and cookies so that it is no problem to begin using it right away. Click here to download (4.7 MB). Detailed instructions on how to install and use Firefox are given in references in the sidebar including a step-by-step guide (IE users will need to scroll down at this site). For additional help go here.
IE will still have to be used for some sites for reasons given in the preceding section. It is important to configure the Internet zone in IE to high security (see these pages for instructions) and to disable ActiveX and scripting in this zone. Those sites that will require IE and are known to be safe should be put in the Trusted zone (instructions here) where AciveX and scripting will remain enabled.
Those who prefer to continue to use IE as their main browser should harden the defenses by following the procedures given in these pages. Note that these more stringent security settings for IE will mean that ActiveX and scripting will be disabled except for sites in the Trusted zone. Anyone using AOL is actually using IE under the AOL interface and should take measures accordingly.