Especially in retrospect, Internet Explorer really did used to suck. Even though browsers were all about standards from the beginning, Microsoft used to think of it purely as a vehicle for pushing proprietary features. Not anymore. IE9 Release Candidate is available, today, and things really are different.
Microsoft's public relations and technical docs for IE9 are all about high performance, security and safety and a high level of standards compliance. It's too early to tell if it really is as good at these characteristics as they say it is, but they are at the very least saying the right things.
Too little, too late?
Report after report shows that usage share of Internet Explorer has declined from nearly 100 percent (think about that!) to a slim majority. The 56 percent usage share reported by Net Applications would be considered dominant in almost any other context, but it makes IE look like the Roman Empire, circa 400 A.D. The decline has been proceeding for years and IE9 is not enough to make it rebound.
The new browser could stop the bleeding though. It's not logical to think that IE share will go all the way to nothing, especially since it really is a good browser. There will likely come a point where all the people who really care about their browser have at least tried alternatives. At that point, things will get interesting.
Internet Explorer began to stop sucking in earnest with IE7 on Vista -- nothing on Windows XP is a good browser. IE8, for my money, was a fine-tuning of v7. You could reasonably call it 7.5. Both, when run on Vista or Windows 7, are significantly more secure browsers than earlier versions and probably a lot more secure than Firefox.
There are security enhancements in IE9 and they're meaningful (I'll get to them in a bit). But the big security improvements happened with Windows Vista and IE7. Vulnerability exploits both became much more difficult at that point. In fact, browser vulnerabilities are not a big piece of the threat landscape these days if -- you ask me. All the action is in malware that is based on social engineering, and in this sense, browser security is largely irrelevant. It's the user who gets hacked.
ActiveX Filtering and Tracking Protection
There are two big security enhancements in IE9: ActiveX Filtering and Tracking Protection. ActiveX Filtering allows the user to make Internet Explorer opt out of ActiveX controls by default. If you visit a site that has controls on it, you will get a notice to that effect and you can choose to view them for that site. This is a good approach. Similarly, IE9 gives you the option to disable all add-ons to make it run faster (as well as safer).
Tracking Protection is a tricky business at this point, however. You might have read that the Federal Trade Commission and some other parties, including Mozilla, agreed on a "do not track" HTTP header standard to allow users to request, automatically, that a site not track them with cookies or anything else. Whether the site really tracks them or not is another matter.
Microsoft has taken another approach with IE9: Tracking Protection Lists (TPLs). Users can create their own list of what to block, use and edit a provided default list, or download a list from a third-party service. In this way, the browser blocks the tracking and doesn't rely on the site to comply.
Both approaches are problematic, but for sure the Microsoft approach will work better at first. Will people notice? Will they care? Personally, I think the whole tracking thing is overblown. Users may like the idea of just being able to check a single "Do Not Track" box and that's that, and they probably won't know or care which approach works better.
Microsoft Really Cares
Still, Tracking Protection is a good example of how Microsoft really does care about the quality of Internet Explorer. Not too long ago Microsoft was happy to let it stagnate, but now the company's attitude is that if you are going to do a browser you should do it well.
At the same time that Microsoft's browser share has been racing downhill, Windows usage share has declined only slightly. I suspect that Firefox has peaked or is close to it, but Chrome is my browser of choice these days. What do I run it on? Windows. Have I spent any less money on Microsoft products as a result? No, thanks in part to Microsoft, browsers are free.
A world full of Windows users running Firefox and Chrome is a world full of Windows users. They probably still buy Office, they probably still use Windows Server in their businesses, and they probably all listen to Zunes. OK, maybe not the Zune part.
The bottom line is that it's good for Microsoft to make a good web browser, and maybe some users expect it from the company -- they demand it. But if it's not enough to keep the barbarian horde out of the city, it doesn't matter. The empire will live on.
Larry Seltzer is a freelance writer and consultant, dealing mostly with security matters. He has written recently for Infoworld, eWEEK, Dr. Dobb's Journal, and is a Contibuting Editor at PC Magazine and author of their Security Watch blog. He has also written for Symantec Authentication (formerly VeriSign) and Lumension's Intelligent Whitelisting site.
Copyright Betanews, Inc. 2010