Microsoft Browser may be dead — but its remnants are nowhere to be found, and they are not the only danger.
AFTER years of downsizing and demolition for the last 13 months, on Wednesday Microsoft confirmed the withdrawal of Internet Explorer, a long-lived and increasingly popular web browser. Founded in 1995, IE came pre-installed on Windows computers for nearly two decades, and like Windows XP, Internet Explorer became a pillar — so much so that when it was time for users to improve and move forward, they often did not. And while last week’s milestone will force more users to move away from the historical browser, security researchers insist that IE and its many security risks are far from over.
In the coming months, Microsoft will launch the IE Windows 10 device, which directs users to replace the next-generation Edge browser, which was first released in 2015. The IE icon will still remain on users’ desktops, however, and Edge integrates the service. called “IE mode” to maintain access to older websites built for Internet Explorer. Microsoft says it will support IE mode by at least 2029. Additionally, IE will currently be running on all supported versions of Windows 8.1, Windows 7 with Microsoft’s Extended Security Updates, and Windows Server, although the company says it will eventually release IE. and in these, too.
Seven years after the launch of Edge, an industry analysis shows that Internet Explorer may have more than half of the global browser market share. And in the United States, that figure may be closer to 2 percent.
“I think we have made progress, and we probably will not see much exploitation against IE in the future, but we will still have the remains of Internet Explorer as long as fraudsters can use them,” said Ronnie Tokazowski. , an independent researcher of a long-term computer program. “Internet Explorer as a browser will be gone, but there are still fragments.”
For something as long as IE, backward compatibility is hard to match with the desire for a clean slate. “We have not forgotten that some parts of the web are still dependent on the behavior and features of Internet Explorer,” Sean Lyndersay, general manager of Microsoft Edge Enterprise, wrote in IE retrospective on Wednesday, pointing to IE mode.
But he adds that there is a real need to restart with Edge rather than trying to redevelop IE. “The web has changed and it has browsers,” he wrote last week. “The growing advances in Internet Explorer could not be compared to normal developments across the web, so let’s start over.”
Microsoft says it will continue to support IE’s basic browser engine, known as “MSHTML,” and its focus on Windows versions “is still in use in critical areas.” But Maddie Stone, a researcher on Google’s Project Zero hunting team, points out that hackers are still using the IE threat in real-world attacks.
“Since we started tracking 0 wild days, Internet Explorer has had an average of 0 days each year. 2021 actually tied 2016 to the 0st day of Internet Explorer we have ever tracked, although the market share of Internet Explorer for web browser users continues to decline, ”he wrote in April, referring to the previously unknown, so-called risks. zero days. “Internet Explorer is still a mature hotspot for Windows for the first time, even if the user does not use Internet Explorer as an Internet browser.”
In his analysis, Stone noted in particular that while the number of new IE risks of Project Zero has been found to remain unchanged, attackers have changed over the years to better control the MSHTML browser engine through malicious files such as dirty Office documents. This could mean that the withdrawal of the IE application will not immediately change the trends that have already begun to move.
Considering how difficult it has been to restore Internet Explorer at all, Microsoft and IE users around the world have come a long way. But in a browser that should be dead, IE is still very much alive.