Criticisms Of Internet Explorer Article Index for
Criticisms Of 		Website Links For
Criticisms 		 

Information About

Criticisms Of Internet Explorer
APPAREL
BABY
BEAUTY
BOOKS
CAR TOYS
CELL PHONES
DVD'S
ELECTRONICS
GOURMET FOOD
GROCERIES
HEALTH & PERSONAL
HOME & GARDEN
JEWELRY
MUSIC
MUSIC INSTRUMENTS
OFFICE PRODUCTS
SOFTWARE
SPORTING GOODS
TOOLS & HARDWARE
TOYS
VIDEO GAMES
SHOPPING HOME
MORE SHOPPING...




CRITICISMS REGARDING SECURITY

Internet Explorer comes under heavy scrutiny from the Computer Security research community, in part due to its sheer ubiquity. Exploitation of Internet Explorer's Security Hole s has earned IE the reputation as the least secure of the Major Web Browsers .

See Computer Security for more details about the importance of unpatched known flaws.

Art Manion, a representative of the United States Computer Emergency Readiness Team ( US-CERT ) noted in a vulnerability report that the design of Internet Explorer 6 Service Pack 1 made it difficult to secure. He stated that:

Note that the security features introduced with Windows XP Service Pack 2 (and Windows Server 2003 Service Pack 1) are not available for earlier versions of Windows, including Windows 9x, NT and 2000.




Component Object Model

A number of IE's security issues are related to components based on Component Object Model (COM). The embedding of COM into the Internet Explorer via ActiveX or Browser Helper Object s (BHO) created a combination of functions that provided a gateway for Computer Virus , Trojan and Spyware infections.

These Malware attacks mostly depend on ActiveX for their activation and propagation to other computers. Microsoft has recognized the problem with ActiveX since 1996 when Charles Fitzgerald, program manager of Microsoft's Java team said:

ActiveX controls, once run, have all the users' privileges instead of the limited privileges granted by competing approaches (like Java); ActiveX controls are also Windows-specific applications and are not portable to non-Windows platforms without significant effort. In 1997, Professor Edward Felten of Princeton University wrote:

ActiveX security relies on security zones, digital signing, and human judgement, which are not as provably reliable as other software-based measures like the Sandbox Security Model used with Java, or Same Origin Policy , which cannot be reliably enforced as ActiveX controls are typically not constrained in what they can access. It is explained in an O'Reilly book, "Malicious Mobile Code":