Humor Limits

The time has come to dump Internet Explorer. I know, I know — you may have
heard the same thing before from those that think it’s cool to hate
Microsoft; but I’m not one of those guys. I’m actually an MCSE and I happen
to like quite a few of Microsoft’s products. Rather than lump me into the
Microsoft-basher category, consider for a moment why you use the browser you
use, and humor me by entertaining the notion, if even for a second, that
switching to another might be worth your while. My argument is simple:

Written in June 2004

Security

Since information security is my hobby/job/obsession, this particular topic
is near and dear to my heart. Just about everyone reading this has seen
computers that have been beaten down with spyware – the evil junk that
hijacks IE and renders a system virtually useless. How many times have you
been called to a family member’s house to clean up their system? Or had to
call your techie friend to come clean yours? It’s often quite awkward – the
system slows to a crawl and every other mouse click conjures up some species
of perverse, obscene image. What most people don’t realize, however, is that
there is a very simple and powerful way to defend your system (and/or the
systems of your loved ones) in one fell swoop.

Don’t use Internet Explorer.

What makes other browsers better than IE at protecting vs. spyware and other
attacks? Well, it’s simple really – most other browsers don’t make it so
easy to install malicious software on your system without you knowing about
it. IE makes it relatively trivial through two features called ActiveX and
Active Scripting. These technologies were designed specifically for the
purpose of giving websites more control over a user’s computer.
Unfortunately, as we have seen with exploit after exploit – that’s not
always a good thing.

In addition to the spyware issues, IE in general has had a terrible track
record when it comes to all types of serious security issues. For years now,
it’s seemed like every time you turn around there is a new way to have your
computer taken over via Internet Explorer. Put “internet explorer” and
“allow an attacker to execute commands” (with the quotes) into Google and
you’ll see what I mean.

In IE’s defense, many anti-Microsoft types will claim that it’s not possible
to lock down IE at all. This is not true. It is possible, but if and only if
you have a fair amount of technical know-how on the subject, and the time to
do it. My personal view, however, is that tools such as Internet browsers
should not require extensive expertise and configuration time to be able to
use them safely.

Standards

This is likely to get me in some hot water with my fellow security
enthusiasts, but I find this issue to be of even more concern than that of
IE’s security. The Internet works for one simple reason – everything at its
core has been built on agreements that bind it together. Whether a computer
is connected from California or Sri Lanka, it’s going to speak the same
language and obey the same rules – the rules defined by standards. If this
weren’t the case there would be no Internet at all.

These agreements are forged by a body of people whose goal is nothing short
of designing a better and more efficient Internet for everyone. Microsoft,
for some odd reason, seems bent on breaking stride with these agreed-upon
standards. Case in point: the next time you’re in a bookstore, head over to
the technology section and pick up a book on XHTML or CSS. These are two
major web standards that deal with how web pages are displayed to users, and
within any book on the subjects you will find one common theme:

Page after page in these books will reveal features supported in other
browsers, but not in IE. Ask yourself why a company would choose not to
support standards that benefit everyone? The way I see it, it’s for
precisely one of two reasons — either they are unable to, or they don’t want
to. Given the fact that they are a multi-billion dollar company (one of the
richest on the planet), I can’t help but lean toward the second option.
Without going into too much detail, they have their own plans, and those
plans involve implementing their own standard and forcing it upon the world.
Call me a geek/hippie, but the idea of a multi-billion dollar corporation
snubbing its nose at agreed-upon standards is nothing short of infuriating.

Options

Lucky for us, we have alternatives. The good news is that the alternative
browsers are actually as good or better than IE. There are many out there,
but in my opinion the
Mozilla products
are the best. I personally prefer and recommend
Mozilla Firefox
as a web browser. Not only does it keep your browsing sessions a lot more
secure and spyware-free, but it also supports the standards religiously and
has a wide range of powerful features. Arguably the biggest benefit to using
a Mozilla-based product is something called tabbed browsing. What this
allows you to do is have multiple pages open within a single browser window.
Rather than going from window to window in the taskbar, you can simply
switch between clearly visible tabs, all within the same view. You can even
do this and many other commands via the keyboard if you are into that sort
of thing.

Get a weekly breakdown of what’s happening in security and tech—and why it matters.

Using Firefox will not require any major shift in your daily browsing
habits. It’ll import your favorites automatically, and you can benefit from
the improved security starting the first time you open it. With the popup
blocking enabled, you can breath quite a bit easier when browsing to unknown
sites. Attempts to install garbage on your system that could have easily
succeeded if you were using IE will simply be ignored by Firefox. Plus, the
whole time you’re browsing you’ll know that you are doing your part to keep
the soul of the Internet alive by choosing to use a browser whose developers
actually care about standards.

Of course, I still use IE. (pause for effect); it’s how I usually get my
Windows security updates. Seriously though – Windows Update is a must, and
it works best in IE, so that in itself is a good reason to fire it up once
in a while. Aside from Windows Update though, there is still the occasional
site that I go to that doesn’t look right in any other browser. Those sites,
by the way, are all the more reason to not use IE. They weren’t
written according to the standards, and they look bad in any browser other
than IE as a result of that fact. Using IE all the time just because the
occasional site is designed so poorly as to look like crap in other browsers
is utterly bad form. I implore you not to give into this temptation.

Wrapping It Up

So, in closing, I leave you with two thoughts:

1. Due to the combination of ActiveX, scripting, and its integration with
   the Windows operating system, Internet Explorer is more vulnerable to
   attack than many other browsers.

2. The designers of Internet Explorer have purposely turned their back on
   the standards designed to benefit the Internet as a whole. They have
   done this for years, continue to do it today, and appear to have nothing
   but their own interests at heart.

I ask that you consider these points and pull down a copy of Firefox, Opera,
or another alternative browser. Run it for a week and see how it feels. As
mentioned above, I personally recommend Firefox due to its excellent
development team and large user base. Once you have had some time to get to
know your new onramp to the web, I think you’ll find that you’ll wish you
had switched sooner. No longer will you have to worry about garbage clogging
up your system because of your browser, or having to make a mad rush for a
patch every time an IE vulnerability is released.

Finally, and most importantly – spread the word. It’s time now for us to put
alternative browsers on the map and let it be known that we are aware of our
choices. We need not settle for what we are being fed when there are better,
more secure alternatives out there.:

If you have any questions, feel my position is flawed, or would just like to
give some feedback, feel free to contact me at
[email protected].

[ Originally written for
Lockergnome
in June 2004.]