The ghost of Internet Explorer will haunt the web for years

After years of refuse and a final outfitting Over the past 13 months, Microsoft on Wednesday confirmed the retirement of Internet Explorer, the company’s long-lived and increasingly infamous web browser. Launched in 1995, IE came pre-installed on Windows computers for nearly twenty years, and like Windows XP, Internet Explorer became a mainstay — to the point that when it came time for users to upgrade and move on, they often didn’t. did. And while last week’s milestone will push even more users away from the historic browser, security researchers emphasize that IE and its many security vulnerabilities are far from gone.

In the coming months, Microsoft will disable the IE app on Windows 10 devices and instead direct users to the next-generation Edge browser, which was first released in 2015. However, the IE icon still remains on the desktops. of users, and Edge includes a service called “IE Mode” to maintain access to old websites built for Internet Explorer. Microsoft says it will support IE mode until at least 2029. In addition, for now, IE will still work on all supported versions of Windows 8.1, Windows 7 with Microsoft’s Extended Security Updates, and Windows Server, although the company says it will eventually phase out IE on these as well.

Seven years after the debut of Edge, sector analysis indicates that Internet Explorer may still hold more than half a percent of browsers’ total global market share. And in the United States, that share may be closer to as much as 2 percent.

“I think we’ve made progress and we probably won’t see that many exploits against IE in the future, but we’ll have remnants of Internet Explorer for a long time to come that scammers can take advantage of,” said Ronnie Tokazowski, a long-time independent malware researcher and chief threat advisor at cybersecurity firm Cofense. “Internet Explorer as a browser will disappear, but there are still bits that exist.”

For something as long as IE, backward compatibility is hard to balance with the desire for a clean slate. “We haven’t forgotten that some areas of the web still rely on the specific behaviors and features of Internet Explorer,” said Sean Lyndersay, general manager of Microsoft Edge Enterprise. wrote in an IE retrospective on Wednesday, pointing to IE mode.

But he added that it was really necessary to start over with Edge instead of trying to save IE. “The web has evolved and so have browsers,” he wrote last week. “Incremental improvements to Internet Explorer couldn’t match the general improvements to the web in general, so we started over.”

Microsoft says it will still support IE’s underlying browser engine, known as “MSHTML,” and it has its eye on versions of Windows that are still “used in critical environments.” But Maddie Stone, a researcher for Google’s Project Zero vulnerability hunting team, points out that hackers still exploit IP vulnerabilities in real-world attacks.

“Since we started tracking in-the-wild 0 days, Internet Explorer has had a fairly constant number of 0 days per year. 2021 actually equaled 2016 for the wildest Internet Explorer 0 days we’ve ever tracked, though Internet Explorer’s market share in web browser users continues to decline,” she said. wrote in April, referring to previously unknown vulnerabilities called zero-days. “Internet Explorer is still a ripe attack surface for first-time access to Windows machines, even if the user is not using Internet Explorer as their Internet browser.”

Specifically, in her analysis, Stone noted that while the number of new IE vulnerabilities that Project Zero has discovered has remained fairly constant, over the years attackers have shifted to the MSHTML browser engine through malicious files such as corrupted Office documents. This could mean that spaying the IE application doesn’t immediately change the attack trends that have already been set in motion.

Given how hard it has been to keep Internet Explorer in check, Microsoft and IE users around the world have certainly come a long way. But for a browser that’s supposed to be dead, IE still loads with the living.

Leave a Comment

Your email address will not be published.