Internet Explorer

Internet Explorer[a] (formerly Microsoft Internet Explorer[b] and Windows Internet Explorer,[c] commonly abbreviated IE or MSIE) is a series of graphical web browsers developed by Microsoft and included in the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year. Later versions were available as free downloads, or in service packs, and included in the original equipment manufacturer (OEM) service releases of Windows 95 and later versions of Windows. The browser is discontinued, but still maintained.[2]

Internet Explorer was one of the most widely used web browsers, attaining a peak of about 95% usage share during 2002 and 2003.[5] This came after Microsoft used bundling to win the first browser war against Netscape, which was the dominant browser in the 1990s. Its usage share has since declined with the launch of Firefox(2004) and Google Chrome (2008), and with the growing popularity of operating systems such as Android and iOS that do not run Internet Explorer. Estimates for Internet Explorer's market share are about 3.88% across all platforms or by StatCounter's numbers ranked 5th, while on the only platform it's ever had significant share (i.e. excluding mobile, and not counting Xbox) it's ranked 3rd at 8.47%[6] just after Firefox (others place 2nd with 13.13% just ahead of), as of November 2017(browser market share is notoriously difficult to calculate). Microsoft spent over US$100 million per year on Internet Explorer in the late 1990s,[7] with over 1,000 people working on it by 1999.[8][9]

Versions of Internet Explorer for other operating systems have also been produced, including an Xbox 360 version called Internet Explorer for Xbox and for platforms Microsoft no longer supports: Internet Explorer for Mac and Internet Explorer for UNIX (Solaris and HP-UX), and an embedded OEM version called Pocket Internet Explorer, later rebranded Internet Explorer Mobile made for Windows Phone, Windows CE, and previously, based on Internet Explorer 7 for Windows Mobile.

On March 17, 2015, Microsoft announced that Microsoft Edge would replace Internet Explorer as the default browser on its Windows 10 devices. This effectively makes Internet Explorer 11 the last release. Internet Explorer, however, remains on Windows 10 primarily for enterprise purposes.[10] Starting January 12, 2016, only Internet Explorer 11 is supported.[11][12] Support varies based on the operating system's technical capabilities and its support lifecycle.[13]

The browser has been scrutinized throughout its development for use of third-party technology (such as the source code of Spyglass Mosaic, used without royalty in early versions) and security and privacy vulnerabilities, and the United States and the European Union have alleged that integration of Internet Explorer with Windows has been to the detriment of fair browser competition.

History
Main articles: History of Internet Explorer and Internet Explorer version history

Internet Explorer 1
The Internet Explorer project was started in the summer of 1994 by Thomas Reardon, who, according to the Massachusetts Institute of Technology Review of 2003,[14] used source code from Spyglass, Inc. Mosaic, which was an early commercial web browser with formal ties to the pioneering National Center for Supercomputing Applications (NCSA) Mosaic browser.[15][16] In late 1994, Microsoft licensed Spyglass Mosaic for a quarterly fee plus a percentage of Microsoft's non-Windows revenues for the software.[16] Although bearing a name similar to NCSA Mosaic, Spyglass Mosaic had used the NCSA Mosaic source code sparingly.[17]

The first version, dubbed Microsoft Internet Explorer, made its debut on August 16, 1995.[15][16] It was installed as part of the Internet Jumpstart Kit in Microsoft Plus! for Windows 95 and Plus!.[18] The Internet Explorer team began with about six people in early development.[17][19] Internet Explorer 1.5 was released several months later for Windows NT and added support for basic table rendering. By including it free of charge on their operating system, they did not have to pay royalties to Spyglass Inc, resulting in a lawsuit and a US$8 million settlement on January 22, 1997.[15][20]

Microsoft was sued by Synet Inc. in 1996, over the trademark infringement.

Internet Explorer 2–10
Main articles: Internet Explorer 2, Internet Explorer 3, Internet Explorer 4, Internet Explorer 5, Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10

Internet Explorer 11
Main article: Internet Explorer 11

Internet Explorer 11 is featured in a Windows 8.1 update which was released on October 17, 2013. It includes an incomplete mechanism for syncing tabs. It is a major update to its developer tools,[22][23] enhanced scaling for high DPI screens,[24] HTML5 prerender and prefetch,[25] hardware-accelerated JPEG decoding,[26] closed captioning, HTML5 full screen,[27] and is the first Internet Explorer to support WebGL[28][29][30] and Google's protocol SPDY (starting at v3).[31] This version of IE has features dedicated to Windows 8.1, including cryptography (WebCrypto),[22] adaptive bitrate streaming (Media Source Extensions)[32] and Encrypted Media Extensions.[27]

Internet Explorer 11 was made available for Windows 7 users to download on November 7, 2013, with Automatic Updates in the following weeks.[33]

Internet Explorer 11's user agent string now identifies the agent as "Trident" (the underlying layout engine) instead of "MSIE". It also announces compatibility with Gecko (the layout engine of Firefox).

Microsoft claimed that Internet Explorer 11, running the WebKit SunSpider JavaScript Benchmark, was the fastest browser as of October 15, 2013.

End of life
Microsoft Edge, officially unveiled on January 21, 2015, has replaced Internet Explorer as the default browser on Windows 10. Internet Explorer is still installed in Windows 10 in order to maintain compatibility with older websites and intranet sites that require ActiveX and other Microsoft legacy web technologies.[35][36][37]

According to Microsoft, development of new features for Internet Explorer has ceased. However, it will continue to be maintained as part of the support policy for the versions of Windows with which it is included.[2]

Features
Internet Explorer has been designed to view a broad range of web pages and provide certain features within the operating system, including Microsoft Update. During the heyday of the browser wars, Internet Explorer superseded Netscape only when it caught up technologically to support the progressive features of the time.[38][better source needed]

Standards support
Internet Explorer, using the Trident layout engine: Internet Explorer uses DOCTYPE sniffing to choose between standards mode and a "quirks mode" in which it deliberately mimicks nonstandard behaviours of old versions of MSIE for HTML and CSS rendering on screen (Internet Explorer always uses standards mode for printing). It also provides its own dialect of ECMAScript called JScript.
 * Supports HTML 4.01, HTML 5, CSS Level 1, Level 2 and Level 3, XML 1.0, and DOM Level 1, with minor implementation gaps.
 * Fully supports XSLT 1.0 as well as an obsolete Microsoft dialect of XSLT often referred to as WD-xsl, which was loosely based on the December 1998 W3C Working Draft of XSL. Support for XSLT 2.0 lies in the future: semi-official Microsoft bloggers have indicated that development is underway, but no dates have been announced.
 * Almost full conformance to CSS 2.1 has been added in the Internet Explorer 8 release.[39][40] The trident rendering engine in Internet Explorer 9 in 2011, scored highest in the official W3C conformance test suite for CSS 2.1 of all major browsers.
 * Supports XHTML in Internet Explorer 9 (Trident version 5.0). Prior versions can render XHTML documents authored with HTML compatibility principles and served with a   MIME-type.
 * Supports a subset[41] of SVG in Internet Explorer 9 (Trident version 5.0), excluding SMIL, SVG fonts and filters.

Internet Explorer was criticised by Tim Berners-Lee for its limited support for SVG which is promoted by W3C.[42]

Non-standard extensions
Internet Explorer has introduced an array of proprietary extensions to many of the standards, including HTML, CSS, and the DOM. This has resulted in a number of web pages that appear broken in standards-compliant web browsers and has introduced the need for a "quirks mode" to allow for rendering improper elements meant for Internet Explorer in these other browsers.

Internet Explorer has introduced a number of extensions to the DOM that have been adopted by other browsers. These include the innerHTML property, which provides access to the HTML string within an element[citation needed] ; the XMLHttpRequest object, which allows the sending of HTTP request and receiving of HTTP response, and may be used to perform AJAX; and the designMode attribute of the contentDocument object, which enables rich text editing of HTML documents[citation needed] . Some of these functionalities were not possible until the introduction of the W3C DOM methods. Its Ruby character extension to HTML is also accepted as a module in W3C XHTML 1.1, though it is not found in all versions of W3C HTML.

Microsoft submitted several other features of IE for consideration by the W3C for standardization. These include the 'behaviour' CSS property, which connects the HTML elements with JScript behaviours (known as HTML Components, HTC); HTML+TIME profile, which adds timing and media synchronization support to HTML documents (similar to the W3C XHTML+SMIL), and the VML vector graphics file format. However, all were rejected, at least in their original forms; VML was subsequently combined with PGML (proposed by Adobe and Sun), resulting in the W3C-approved SVG format, one of the few vector image formats being used on the web, which IE did not support until version 9.[43]

Other non-standard behaviours include: support for vertical text, but in a syntax different from W3C CSS3 candidate recommendation, support for a variety of image effects[44] and page transitions, which are not found in W3C CSS, support for obfuscated script code, in particular JScript.Encode.[45] Support for embedding EOT fonts in web pages.[46]

Favicon
Support for favicons was first added in Internet Explorer 5.[47] Internet Explorer supports favicons in PNG, static GIF and native Windows icon formats. In Windows Vista and later, Internet Explorer can display native Windows icons that have embedded PNG files.[48][49]

Usability and accessibility
Internet Explorer makes use of the accessibility framework provided in Windows. Internet Explorer is also a user interface for FTP, with operations similar to that of Windows Explorer. Pop-up blocking and tabbed browsing were added respectively in Internet Explorer 6 and Internet Explorer 7. Tabbed browsing can also be added to older versions by installing MSN Search Toolbar or Yahoo Toolbar.

Cache
Internet Explorer caches visited content in the Temporary Internet Files folder to allow quicker access (or offline access) to previously visited pages. The content is indexed in a database file, known as Index.dat. Multiple Index.dat files exist which index different content—visited content, web feeds, visited URLs, cookies, etc.[50]

Prior to IE7, clearing the cache used to clear the index but the files themselves were not reliably removed, posing a potential security and privacy risk. In IE7 and later, when the cache is cleared, the cache files are more reliably removed, and the index.dat file is overwritten with null bytes.

Caching has been improved in IE9.[51]

Group Policy
Internet Explorer is fully configurable using Group Policy. Administrators of Windows Server domains (for domain-joined computers) or the local computer can apply and enforce a variety of settings on computers that affect the user interface (such as disabling menu items and individual configuration options), as well as underlying security features such as downloading of files, zone configuration, per-site settings, ActiveX control behaviour and others. Policy settings can be configured for each user and for each machine. Internet Explorer also supports Integrated Windows Authentication.

Architecture
Internet Explorer uses a componentized architecture built on the Component Object Model (COM) technology. It consists of several major components, each of which is contained in a separate Dynamic-link library (DLL) and exposes a set of COM programming interfaces hosted by the Internet Explorer main executable, iexplore.exe:[52] Internet Explorer does not include any native scripting functionality. Rather, MSHTML.dll exposes an API that permits a programmer to develop a scripting environment to be plugged-in and to access the DOM tree. Internet Explorer 8 includes the bindings for the Active Scripting engine, which is a part of Microsoft Windows and allows any language implemented as an Active Scripting module to be used for client-side scripting. By default, only the JScript and VBScript modules are provided; third party implementations like ScreamingMonkey (for ECMAScript 4 support) can also be used. Microsoft also makes available the Microsoft Silverlight runtime (not supported in Windows RT) that allows CLI languages, including DLR-based dynamic languages like IronPython and IronRuby, to be used for client-side scripting.
 * WinInet.dll is the protocol handler for HTTP, HTTPS and FTP. It handles all network communication over these protocols.
 * URLMon.dll is responsible for MIME-type handling and download of web content, and provides a thread-safe wrapper around WinInet.dll and other protocol implementations.
 * MSHTML.dll houses the Trident rendering engine introduced in Internet Explorer 4, which is responsible for displaying the pages on-screen and handling the Document Object Model of the web pages. MSHTML.dll parses the HTML/CSS file and creates the internal DOM tree representation of it. It also exposes a set of APIs for runtime inspection and modification of the DOM tree. The DOM tree is further processed by a layout engine which then renders the internal representation on screen.
 * IEFrame.dll contains the user interface and window of IE in Internet Explorer 7 and above.
 * ShDocVw.dll provides the navigation, local caching and history functionalities for the browser.
 * BrowseUI.dll is responsible for rendering the browser user interface such as menus and toolbars.[53]

Internet Explorer 8 introduces some major architectural changes, called Loosely Coupled IE (LCIE). LCIE separates the main window process (frame process) from the processes hosting the different web applications in different tabs (tab processes). A frame process can create multiple tab processes, each of which can be of a different integrity level; each tab process can host multiple web sites. The processes use asynchronous Inter-Process Communication to synchronize themselves. Generally, there will be a single frame process for all web sites. In Windows Vista with Protected Mode turned on, however, opening privileged content (such as local HTML pages) will create a new tab process as it will not be constrained by Protected Mode.[54]

Extensibility
Internet Explorer exposes a set of Component Object Model (COM) interfaces that allows add-ons to extend the functionality of the browser.[52] Extensibility is divided into two types: Browser extensibility and content extensibility. Browser extensibility involves adding context menu entries, toolbars, menu items or Browser Helper Objects (BHO). BHOs are used to extend the feature set of the browser, whereas the other extensibility options are used to expose that feature in the user interface. Content extensibility adds support for non-native content formats.[52] It allows Internet Explorer to handle new file formats and new protocols, e.g. WebM or SPDY.[52] In addition, web pages can integrate widgets known as ActiveX controls which run on Windows only but have vast potentials to extend the content capabilities; Adobe Flash Player and Microsoft Silverlight are examples.[52] Add-ons can be installed either locally, or directly by a web site.

Since malicious add-ons can compromise the security of a system, Internet Explorer implements several safeguards. Internet Explorer 6 with Service Pack 2 and later feature an Add-on Manager for enabling or disabling individual add-ons, complemented by a "No Add-Ons" mode. Starting with Windows Vista, Internet Explorer and its BHOs run with restricted privileges and are isolated from the rest of the system. Internet Explorer 9 introduced a new component – Add-on Performance Advisor. Add-on Performance Advisor shows a notification when one or more of installed add-ons exceed a pre-set performance threshold. The notification appears in the Notification Bar when the user launches the browser. Windows 8 and Windows RT introduce a Metro-style version of Internet Explorer that is entirely sandboxed and does not run add-ons at all.[55] In addition, Windows RT cannot download or install ActiveX controls at all; although existing ones bundled with Windows RT still run in the traditional version of Internet Explorer.[55]

Internet Explorer itself can be hosted by other applications via a set of COM interfaces. This can be used to embed the browser functionality inside a computer program or create Internet Explorer shells.[52]

Security
See also: Browser security

Internet Explorer uses a zone-based security framework that groups sites based on certain conditions, including whether it is an Internet- or intranet-based site as well as a user-editable whitelist. Security restrictions are applied per zone; all the sites in a zone are subject to the restrictions.

Internet Explorer 6 SP2 onwards uses the Attachment Execution Service of Microsoft Windows to mark executable files downloaded from the Internet as being potentially unsafe. Accessing files marked as such will prompt the user to make an explicit trust decision to execute the file, as executables originating from the Internet can be potentially unsafe. This helps in preventing accidental installation of malware.

Internet Explorer 7 introduced the phishing filter, that restricts access to phishing sites unless the user overrides the decision. With version 8, it also blocks access to sites known to host malware. Downloads are also checked to see if they are known to be malware-infected.

In Windows Vista, Internet Explorer by default runs in what is called Protected Mode, where the privileges of the browser itself are severely restricted—it cannot make any system-wide changes. One can optionally turn this mode off but this is not recommended. This also effectively restricts the privileges of any add-ons. As a result, even if the browser or any add-on is compromised, the damage the security breach can cause is limited.

Patches and updates to the browser are released periodically and made available through the Windows Update service, as well as through Automatic Updates. Although security patches continue to be released for a range of platforms, most feature additions and security infrastructure improvements are only made available on operating systems which are in Microsoft's mainstream support phase.

On December 16, 2008, Trend Micro recommended users switch to rival browsers until an emergency patch was released to fix a potential security risk which "could allow outside users to take control of a person's computer and steal their passwords". Microsoft representatives countered this recommendation, claiming that "0.02% of internet sites" were affected by the flaw. A fix for the issue was released the following day with the Security Update for Internet Explorer KB960714, on Microsoft Windows Update. [56][57]

In 2011, a report by Accuvant, funded by Google, rated the security (based on sandboxing) of Internet Explorer worse than Google Chrome but better than Mozilla Firefox.[58][59]

A more recent browser security white paper comparing Google Chrome, Microsoft Edge, and Internet Explorer 11 by X41 D-Sec in 2017 came to similar conclusions, also based on sandboxing and support of legacy web technologies.[60]

Security vulnerabilities
Internet Explorer has been subjected to many security vulnerabilities and concerns: much of the spyware, adware, and computer viruses across the Internet are made possible by exploitable bugs and flaws in the security architecture of Internet Explorer, sometimes requiring nothing more than viewing of a malicious web page in order to install themselves. This is known as a "drive-by install". There are also attempts to trick the user into installing malicious software by misrepresenting the software's true purpose in the description section of an ActiveX security alert.

A number of security flaws affecting IE originated not in the browser itself, but ActiveX-based add-ons used by it. Because the add-ons have the same privilege as IE, the flaws can be as critical as browser flaws. This has led to the ActiveX-based architecture being criticized for being fault-prone. By 2005, some experts maintained that the dangers of ActiveX have been overstated and there were safeguards in place.[61] In 2006, new techniques using automated testing found more than a hundred vulnerabilities in standard Microsoft ActiveX components.[62] Security features introduced in Internet Explorer 7 mitigated some of these vulnerabilities.

Internet Explorer in 2008, had a number of published security vulnerabilities. According to research done by security research firm Secunia, Microsoft did not respond as quickly as its competitors in fixing security holes and making patches available.[63] The firm also reported 366 vulnerabilities in ActiveX controls, an increase from the prior year.

According to an October 2010 report in The Register, researcher Chris Evans had detected a known security vulnerability which, then dating back to 2008, had not been fixed for at least 600 days.[64] Microsoft says that it had known about this vulnerability but it was of very low severity as the victim web site must be configured in a special way for this attack to be feasible at all.[65]

In December 2010, researchers were able to bypass the "Protected Mode" feature in Internet Explorer.[66]

Vulnerability exploited in attacks on U.S. firms
In an advisory on January 14, 2010, Microsoft said that attackers targeting Google and other U.S. companies used software that exploits a security hole, which had already been patched, in Internet Explorer. The vulnerability affected Internet Explorer 6 on Windows XP and Server 2003, IE6 SP1 on Windows 2000 SP4, IE7 on Windows Vista, XP, Server 2008 and Server 2003, and IE8 on Windows 7, Vista, XP, Server 2003, and Server 2008 (R2).[68]

The German government warned users against using Internet Explorer and recommended switching to an alternative web browser, due to the major security hole described above that was exploited in Internet Explorer.[69] The Australian and French Government issued a similar warning a few days later.[70][71][72][73]

Major vulnerability across versions[edit]
On April 26, 2014, Microsoft issued a security advisory relating to CVE-2014-1776 (use-after-free vulnerability in Microsoft Internet Explorer 6 through 11[74]), a vulnerability that could allow "remote code execution" in Internet Explorer versions 6 to 11.[75] On April 28, 2014, the United States Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) released an advisory stating that the vulnerability could result in "the complete compromise" of an affected system.[76] US-CERT recommended reviewing Microsoft's suggestions to mitigate an attack or using an alternate browser until the bug is fixed.[77][78] The UK National Computer Emergency Response Team (CERT-UK) published an advisory announcing similar concerns and for users to take the additional step of ensuring their antivirus software is up-to-date.[79] Symantec, a cyber security firm, confirmed that "the vulnerability crashes Internet Explorer on Windows XP".[80] The vulnerability was resolved on May 1, 2014, with a security update.[81]

Market adoption and usage share
The adoption rate of Internet Explorer seems to be closely related to that of Microsoft Windows, as it is the default web browser that comes with Windows. Since the integration of Internet Explorer 2.0 with Windows 95 OSR 1 in 1996, and especially after version 4.0's release in 1997, the adoption was greatly accelerated: from below 20% in 1996, to about 40% in 1998, and over 80% in 2000. This made Microsoft the winner in the infamous 'first browser war' against Netscape. Netscape Navigator was the dominant browser during 1995 and until 1997, but rapidly lost share to IE starting in 1998, and eventually slipped behind in 1999. The integration of IE with Windows led to a lawsuit by AOL, Netscape's owner, accusing Microsoft of unfair competition. The infamous case was eventually won by AOL but by then it was too late, as Internet Explorer had already become the dominant browser.

Internet Explorer peaked during 2002 and 2003, with about 95% share. Its first notable competitor after beating Netscape was Firefox from Mozilla, which itself was an offshoot from Netscape.

Firefox 1.0 had surpassed Internet Explorer 5 in early 2005, with Firefox 1.0 at roughly 8 percent market share.[82]

Approximate usage over time based on various usage share counters averaged for the year overall, or for the fourth quarter, or for the last month in the year depending on availability of reference.[83][84][85][86][87][88]

According to StatCounter Internet Explorer's marketshare fell below 50% in September 2010.[89] In May 2012, it was announced that Google Chrome overtook Internet Explorer as the most used browser worldwide.

Industry adoption
Browser Helper Objects are also used by many search engine companies and third parties for creating add-ons that access their services, such as search engine toolbars. Because of the use of COM, it is possible to embed web-browsing functionality in third-party applications. Hence, there are a number of Internet Explorer shells, and a number of content-centric applications like RealPlayer also use Internet Explorer's web browsing module for viewing web pages within the applications.

Removal
While a major upgrade of Internet Explorer can be uninstalled in a traditional way if the user has saved the original application files for installation, the matter of uninstalling the version of the browser that has shipped with an operating system remains a controversial one.

The idea of removing a stock install of Internet Explorer from a Windows system was proposed during the United States v. Microsoft Corp. case. One of Microsoft's arguments during the trial was that removing Internet Explorer from Windows may result in system instability. Indeed, programs that depend on libraries installed by IE, including Windows help and support system, fail to function without IE. Before Windows Vista, it was not possible to run Windows Update without IE because the service used ActiveX technology, which no other web browser supports.

Impersonation by malware
The popularity of Internet Explorer has led to the appearance of malware abusing its name. On January 28, 2011, a fake Internet Explorer browser calling itself "Internet Explorer – Emergency Mode" appeared. It closely resembles the real Internet Explorer, but has fewer buttons and no search bar. If a user launches any other browser such as Google Chrome, Mozilla Firefox, Opera, Safari or the real Internet Explorer, this browser will pop-up instead. It also displays a fake error message, claiming that the computer is infected with malware and Internet Explorer has entered Emergency Mode. It blocks access to legitimate sites such as Google if infected users try to access them.[90][91]