Internet Explorer 6

From Wikipedia, the free encyclopedia

  (Redirected from IE6)
Jump to: navigation, search
 This article may require cleanup to meet Wikipedia's quality standards. Please improve this article if you can. (March 2009)
To comply with Wikipedia's guidelines, the introduction of this article may need to be rewritten. Please discuss this issue on the talk page and read the layout guide to make sure the section will be inclusive of all essential details.
Internet Explorer 6

Internet Explorer 6 in Windows XP SP2
Developer(s) Microsoft
Initial release August 27, 2001
Stable release 6.0 SV3 ('6 SP3')[1] / May 5, 2008
Operating system Microsoft Windows (98 to WS2003)
Development status Extended support only
Superseded by 7.0
License MS-EULA
Website Internet Explorer 6
1 · 2 · 3 · 4 · 5 · 6 · 7 · 8
Microsoft Internet Explorer 6
A component of Microsoft Windows
Details
Included with Windows XP and Windows Server 2003
Replaces Microsoft Internet Explorer 5
Replaced by Windows Internet Explorer 7
Related components
Internet Explorer

Microsoft Internet Explorer 6 (commonly abbreviated to IE6), is a graphical web browser developed by Microsoft. It was included as part of the Microsoft Windows XP and Windows Server 2003 lines of operating systems. It was the most widely used web browser during its tenure (surpassing Internet Explorer 5.x), attaining a peak in usage share during 2002 and 2003 in the high 80s, and together with other versions up to 95% in 2003. It only slowly declined up to 2007, when it lost about half its market share to Windows Internet Explorer 7 and Mozilla Firefox between late 2006 to 2008. Current estimates of IE6's global market share are generally in the range of 15-25%.[2][3][4]

Microsoft Internet Explorer 6.0 was released on August 27, 2001, shortly after Windows XP was finished. It includes DHTML enhancements, content restricted inline frames, and partial support of CSS level 1, DOM level 1 and SMIL 2.0.[5] The MSXML engine was also updated to version 3.0. Other new features included a new version of the Internet Explorer Administration Kit (IEAK), Media bar, Windows Messenger integration, fault collection, automatic image resizing, P3P, and a new look-and-feel that was in line with the "Luna" visual style of Windows XP, when used in Windows XP. XBM image files were no longer supported. In 2002, the Gopher protocol was disabled and support for it was dropped in Internet Explorer 7.[6]

In a May 7, 2003 Microsoft online chat, Brian Countryman, Internet Explorer Program Manager, declared that Internet Explorer would cease to be distributed separately from Windows (IE 6 would be the last standalone version);[7] it would, however, be continued as a part of the evolution of Windows, with updates coming only bundled in Windows upgrades. Thus, Internet Explorer and Windows itself would be kept more in sync. However, after one release in this fashion (IE6 SP2 in Windows XP SP2, in August 2004), Microsoft changed its plan and released Internet Explorer 7 for Windows XP SP2 and Windows Server 2003 SP1 in late 2006. Microsoft Internet Explorer 6 was the last version of Internet Explorer not to have "Windows" in the title, with later versions shifting to "Windows Internet Explorer", as a reaction to the allegations of anti-competitive tying of Internet Explorer and Windows raised in United States v. Microsoft and the European Union Microsoft competition case.

Contents

[edit] Security issues

As of January 10, 2009, Secunia reports 142 vulnerabilities in Internet Explorer 6, 22 of which are unpatched, some of which are rated moderately critical in severity[8].

Although security patches continue to be released for a range of platforms, most recent feature additions and security improvements were released for Windows XP only.

As of June 23, 2006, security advisory site Secunia counted 20 unpatched security flaws for Internet Explorer 6, many more and older than for any other browser, even in each individual criticality-level, although some of these flaws only affect Internet Explorer when running on certain versions of Windows or when running in conjunction with certain other applications.[9]

On June 23, 2004, an attacker used two previously undiscovered security holes in Internet Explorer to insert spam-sending software on an unknown number of end-user computers.[10] This malware became known as Download.ject and it caused users to infect their computers with a back door and key logger merely by viewing a web page. Infected sites included several financial sites.

Probably the biggest generic security failing of Internet Explorer (and other web browsers too) is the fact that it runs with the same level of access as the logged in user, rather than adopting the principle of least user access. Consequently any malware executing in the Internet Explorer process via a security vulnerability (e.g. Download.ject in the example above) has the same level of access as the user, something that has particular relevance when that user is an Administrator. Tools such as DropMyRights are able to address this issue by restricting the security token of the Internet Explorer process to that of a limited user. However this added level of security is not installed or available by default, and does not offer a simple way to elevate privileges ad-hoc when required (for example to access Microsoft Update).

Art Manion, a representative of the United States Computer Emergency Readiness Team (US-CERT) noted in a vulnerability report that the design of Internet Explorer 6 Service Pack 1 made it difficult to secure. He stated that:

There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. … IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.[11]

Manion later clarified that most of these concerns were addressed in 2004 with the release of Windows XP Service Pack 2, and other browsers have now begun to suffer the same vulnerabilities he identified in the above CERT report.[12]

Many security analysts[who?] attribute Internet Explorer's frequency of exploitation in part to its ubiquity, since its market dominance makes it the most obvious target. However, some critics[who?] argue that this is not the full story, noting that Apache HTTP Server, for example, had a much larger market share than Microsoft IIS, yet Apache had traditionally had fewer (and generally less serious) security vulnerabilities than IIS, at the time.[13]

As a result of its many problems, some security experts, including Bruce Schneier, recommend that users stop using Internet Explorer for normal browsing, and switch to a different browser instead.[14] Several notable technology columnists have suggested the same, including the Wall Street Journal's Walt Mossberg,[15] and eWeek's Steven Vaughan-Nichols.[16] On July 6, 2004, US-CERT released an exploit report in which the last of seven workarounds was to use a different browser, especially when visiting untrusted sites.[17]

In 2006, citing its lack of security, PC World named Internet Explorer 6 number 8 on their list of the "25 worst tech products of all time".[18]

[edit] Market share

IE market share overview


— June 2009[19]
Internet Explorer 5 0.04%
Internet Explorer 5.5 0.03%
Internet Explorer 6 12.78%
Internet Explorer 7 40.83%
Internet Explorer 8 15.12%
All variants 68.80%
This box: view  talk  edit

It was the most widely used web browser during its tenure (surpassing Internet Explorer 5.x), attaining a peak in usage share during 2002 and 2003 in the high 80s, and together with other versions up 95%. It only slowly declined up to 2007, when it lost about half its market share to Windows Internet Explorer 7 and Mozilla Firefox between late 2006 to 2008.

IE6 remained more popular than its successor in business use for more than a year after IE7 came out. [20] A DailyTech article noted, "A Survey found 55.2% of companies still use IE 6 as of December 2007", while "IE 7 only has a 23.4 percent adoption rate".[20]

IE6 market share was almost 25% for September, 2008[21]

[edit] Criticism

 The neutrality of this article is disputed. Please see the discussion on the talk page. Please do not remove this message until the dispute is resolved. (June 2009)

A common criticism of Internet Explorer is of the speed at which fixes are released after discovery of the security problems.[citation needed]

Microsoft attributes the perceived delays to rigorous testing. A posting to the Internet Explorer team blog on August 17, 2004 explained that there are, at minimum, 234 distinct releases of Internet Explorer that Microsoft supports (covering more than two dozen languages, and several different revisions of the operating system and browser level for each language), and that every combination is tested before a patch is released.[22]

In May 2006, PC World rated Internet Explorer 6 the eighth worst tech product of all time. [23] A certain degree of complacency has been alleged against Microsoft over IE6. With near 90% of the browser market the motive for innovation was not strongly present, resulting in the 6 year time between the IE6's introduction and its replacement with IE7. This fact is one contributing factor for the rapid rise of the open source alternative Mozilla Firefox.

IE6 does not fully support CSS version 2 unlike most browsers which in turn means web developers must use "hacks" or workarounds so IE6 will display web pages correctly.

IE6 has also been criticized due to its instability. For example, all one must do to cause IE6 to crash is insert this code into a web page:

<script>for (x in document.write) { document.write(x);}</script>

There are several campaigns aiming to rid Internet Explorer 6, which is still quite popular, from the browser market. http://www.bringdownie6.com/ is one example;

  • as of 20 February, 2009, some Norwegian sites is host to a campaign with the same aim.[24].
  • in march 2009 a Danish anti-IE6 campaign was launched. [25]

http://www.comon.dk/news/danske.medier.lover.dod.over.internet.explorer.6_40308.html

There is also a sarcastic campaign aimed at saving IE6 at saveie6.com

[edit] Security framework

Internet Explorer uses a zone-based security framework, which means that sites are grouped based upon certain conditions. IE allows the restriction of broad areas of functionality, and also allows specific functions to be restricted. The administration of Internet Explorer is accomplished through the Internet Properties control panel. This utility also administers the Internet Explorer framework as it is implemented by other applications.

Patches and updates to the browser are released periodically and made available through Windows Update web site. Windows XP Service Pack 2 adds several important security features to Internet Explorer, including a popup blocker and additional security for ActiveX controls. ActiveX support remains in Internet Explorer although access to the "Local Machine Zone" is denied by default since Service Pack 2. However, once an ActiveX control runs and is authorized by the user, it can gain all the privileges of the user, instead of being granted limited privileges as Java or JavaScript do. This was later solved in the Windows Vista version of IE 7, which supported running the browser in a low-permission mode, making malware unable to run unless expressly granted permission by the user.

[edit] Quirks trigger

Version 5.5 was the last to have Compatibility Mode, which allowed Internet Explorer 4[26] to be run side by side with 5.x.[27][28] With IE6, there was a quirks mode that could be triggered that caused it to behave like IE 5.5.[29]

[edit] Supported platforms

Internet Explorer 6.0 supports Windows NT 4.0 (Service Pack 6a only), Windows 98, Windows Me, Windows 2000, Windows XP and Windows Server 2003. The Service Pack 1 update supports all of these versions, but Security Version 1[1] is only available as part Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 and later service packs for those versions. Versions after Windows XP, includes Internet Explorer 7, and higher only.

[edit] Release history

Major version Minor version Release date Significant changes Shipped with
Version 6 6.0 Beta 1 March 2001 More CSS changes and bug fixes to be more W3C-compliant.
6.0 August 27, 2001 Final release. Windows XP
6.0 SP1 September 9, 2002 Vulnerability patch. Last version supported on Windows NT 4.0, 98, 2000 or Me. Windows XP SP1 and Windows Server 2003
6.0 SP2 August 25, 2004 Vulnerability patch. Popup/ActiveX blocker. Add-on manager. Windows XP SP2 and Windows Server 2003 SP1
6.0 SP3 April 21, 2008 Latest updates included with XP SP3 Windows XP SP3

[edit] References

  1. ^ a b SV1 stands for "Security Version 1", referring to the set of security enhancements made for that release.[I] This version of Internet Explorer is more popularly known as IE6 SP2, given that it is included with Windows XP Service Pack 2, but this can lead to confusion when discussing Windows Server 2003, which includes the same functionality in the SP1 update to that operating system. —
    ^ "XPSP2 and its slightly updated user agent string". The Windows Internet Explorer Weblog. Microsoft via MSDN. 2004-09-02. http://blogs.msdn.com/ie/archive/2004/09/02/224902.aspx. Retrieved on 2008-10-05. 
  2. ^ "Browser Version Market Share". Net Applications. May 2009. http://marketshare.hitslink.com/browser-market-share.aspx?qprid=2. Retrieved on 2009-06-17. 
  3. ^ "Global Web Stats". W3Counter. May 2009. http://www.w3counter.com/globalstats.php. Retrieved on 2009-06-17. 
  4. ^ "StatCounter Global Stats". StatCounter. http://gs.statcounter.com/#browser_version-ww-daily-20080701-20090614. Retrieved on 2009-06-17. 
  5. ^ "SMIL Standards and Microsoft Internet Explorer 6, 7, and 8". http://www.axistive.com/smil-standards-and-microsoft-internet-explorer-6-7-and-8.html. Retrieved on 2007-05-27. 
  6. ^ "Using a web browser to access gopher space". http://gopher.floodgap.com/gopher/gw?gopher.floodgap.com/0/gopher/wbgopher. Retrieved on 2007-05-11. 
  7. ^ Microsoft to abandon standalone IE, January 23, 2006
  8. ^ Microsoft Internet Explorer 6.x, Secunia
  9. ^ "Vulnerability Report – Microsoft Internet Explorer 6.x". Secunia. http://secunia.com/product/11/. Retrieved on 2006-06-23. 
  10. ^ "Researchers warn of infectious Web sites". June 25, 2004. http://news.zdnet.com/2100-1009_22-5247187.html. Retrieved on 2006-04-07. 
  11. ^ "Vulnerability Note VU#713878". US-CERT. June 9, 2004. http://www.kb.cert.org/vuls/id/713878. Retrieved on 2006-04-07. 
  12. ^ "Perspective: A safe browser? No longer in the lexicon". CNet. July 7, 2005. http://news.com.com/A+safe+browser+No+longer+in+the+lexicon/2010-1071_3-5777036.html?part=rss&tag=5777036&subj=news. Retrieved on 2006-04-07. 
  13. ^ Wheeler, David (November 14, 2005). "Why Open Source Software / Free Software (OSS/FS, FLOSS, or FOSS)? Look at the Numbers!". http://www.dwheeler.com/oss_fs_why.html. 
  14. ^ "Safe Personal Computing". December 12, 2004. http://www.schneier.com/blog/archives/2004/12/safe_personal_c.html. Retrieved on 2006-04-07. 
  15. ^ Mossberg, Walt (September 16, 2004). "How to Protect Yourself From Vandals, Viruses If You Use Windows". Personal Technology. Wall Street Journal. http://ptech.wsj.com/archive/ptech-20040916.html. Retrieved on 2006-04-07. 
  16. ^ Vaughan-Nichols, Steven (June 28, 2004). "Internet Explorer Is Too Dangerous to Keep Using". Linux & Open Source – Opinions. eWeek. http://www.eweek.com/article2/0,1759,1617931,00.asp. Retrieved on 2006-04-07. 
  17. ^ "Vulnerability Note VU#713878". US-CERT. June 9, 2004. http://www.kb.cert.org/vuls/id/713878. Retrieved on 2006-04-07. 
  18. ^ "The Top 25 Worst Tech Products of All Time". PCWORLD. May 26, 2006. http://www.pcworld.com/article/125772-3/the_25_worst_tech_products_of_all_time.html. Retrieved on 2009-01-10. 
  19. ^ "Browser Version Market Share". NetApplications.com. January 2009. http://marketshare.hitslink.com/browser-market-share.aspx?qprid=2. Retrieved on 2009-07-01. 
  20. ^ a b Mick, Jason (2008-04-03). "Firefox Makes Big Gains In Business at IE's Expense". DailyTech. http://www.dailytech.com/Firefox+Makes+Big+Gains+In+Business+in+at+IEs+Expense/article11340.htm. Retrieved on 2008-10-05. 
  21. ^ "Top Browser Share Trend". Net Applications. September 2008. http://marketshare.hitslink.com/report.aspx?qprid=3&qpdt=1&qpct=4&qptimeframe=M&qpsp=83&qpnp=11. Retrieved on 2008-10-05.  The date range spans October, 2006—September, 2008.
  22. ^ "The Basics of the IE Testing Matrix". Internet Explorer team blog. Microsoft. August 17, 2004. http://blogs.msdn.com/ie/archive/2004/08/17/216080.aspx. Retrieved on 2006-04-07. 
  23. ^ PCWorld (2005-05-26). "The 25 Worst Tech Products of All Time". http://www.pcworld.com/reviews/article/0,aid,125772,pg,3,00.asp. Retrieved on 2006-07-18. 
  24. ^ http://blog.wired.com/business/2009/02/norwegian-websi.html
  25. ^ http://www.comon.dk/news/danske.medier.lover.dod.over.internet.explorer.6_40308.html
  26. ^ "How to install and use Compatibility mode in Internet Explorer 5 or 5.5 (KB197311)". Microsoft Help and Support. microsoft.com. 2007-01-23. http://support.microsoft.com/kb/197311/EN-US. Retrieved on 2008-10-05. 
  27. ^ "Unable to Use Internet Explorer 4.0 Compatibility Mode (KB237787)". Microsoft Help and Support. microsoft.com. 2007-01-24. http://support.microsoft.com/kb/237787/EN-US. Retrieved on 2008-10-05. 
  28. ^ Hardmeier, Sandi (2005-08-25). "The History of Internet Explorer". Internet Explorer Community. microsoft.com. http://www.microsoft.com/windows/ie/community/columns/historyofie.mspx. Retrieved on 2008-10-05. 
  29. ^ Chao, Ingo; Holly Bergevin, Bruno Fassino, John Gallant, Georg Sørtun, Philippe Wittenbergh (2005-08-15). "Quirks mode in IE 6 and IE 7". satzansatz.de. http://www.satzansatz.de/cssd/quirksmode.html. Retrieved on 2008-10-05.  Last updated on June 3, 2006.

[edit] See also

[edit] External links

v  d  e
Windows Internet Explorer
Versions
Overview
Technologies
Software
Implementations
Events
People
Web Browsers (Timeline · comparison · usage · list)
Retrieved from "http://en.wikipedia.org/wiki/Internet_Explorer_6"
Personal tools