Microsoft security chief: IE is not a browser, so stop using it as your default

By Liam Tung | February 7, 2019 -- 13:42 GMT (05:42 PST) | Topic: Enterprise Software

Is Internet Explorer (IE) a browser? According to Microsoft, no. Today, it's a 'compatibility solution' for enterprise customers to deal with legacy sites that should be updated for modern browsers. 

Chris Jackson, Microsoft's worldwide lead for cybersecurity, really doesn't want enterprise customers to use IE for all web traffic, even though for some organizations that would be the easiest option. 

Companies in that situation are willing to take on 'technical debt', such as paying for extended support for a legacy software, but that habit needs to stop in the case of IE, argues Jackson in a new blog post, 'The perils of using Internet Explorer as your default browser'.

ALSO: Microsoft says you shouldn't buy its awful software 

The main gist of Jackson's argument is you should only use IE selectively for internal sites that need it, pointing to tools like Enterprise Mode Site List in IE 11 that help customers make the transition and limit IE use to where it's needed. 

Jackson doesn't mention anywhere that customers should use Edge, the soon-to-be Chromium-based browser. Nor does he suggest using Chrome or Firefox, only that most developers aren't testing sites for IE. 

"I'm not here to enforce any browser on anyone. Windows gives you a choice in your browser, and you should choose the one that best meets your needs," he replied to one commenter. 

Jackson doesn't even consider IE to be a browser, at least in the modern, standards-based sense.  

"You see, Internet Explorer is a compatibility solution," wrote Jackson in the blog. "We're not supporting new web standards for it and, while many sites work fine, developers by and large just aren't testing for Internet Explorer these days. They're testing on modern browsers. 

"So, if we continued our previous approach, you would end up in a scenario where, by optimizing for the things you have, you end up not being able to use new apps as they come out. As new apps are coming out with greater frequency, what we want to help you do is avoid having to miss out on a progressively larger portion of the web."

Jackson admits that Microsoft is partly to blame for customers' willingness to take on technical debt. In particular, he singles out Internet Explorer 6, released in 2001, the year of Microsoft's IE-Windows antitrust settlement in the US

In a section called 'Creating technical debt by default', Jackson notes: "In the past, Internet Explorer was optimized for simplicity at the expense of technical debt. Looking all the way back to Internet Explorer 6, the very concept of 'standards mode' vs 'quirks mode' comes from this 'easy button' approach."

More effort on the part of IT teams was required to get to standards mode, which made "getting modern" an opt-in choice. 

SEE: 20 pro tips to make Windows 10 work the way you want (free PDF)

Jackson explains that as IE began to support more standards, Microsoft also realized it risked breaking applications written for an older interpretation of the standards. 

"So, with Internet Explorer 8 (IE8), we added IE8 standards, but also kept Internet Explorer 7 (IE7) standards. That meant, for sites in the internet zone, it would default to IE8 standards, but, for sites in the local intranet zone, it would default to IE7 standards," explains Jackson, noting this was also an 'easy button' solution.  

"As you can see, by going with the 'technical debt by default' approach, we ended up in a scenario whereby if you create a brand-new webpage today, run it in the local intranet zone, and don't add any additional markup, you will end up using a 1999 implementation of web standards by default. Yikes."

Previous and related coverage

Microsoft makes final push to rid world of Internet Explorer 10

Enterprise customers running Windows Server 2012 have one year to change from IE10 to IE11.

Microsoft confirms that Chrome extensions will run on new Edge browser

Microsoft's Chromium-based Edge browser could close the extension gap.

Mozilla: Why Microsoft Edge's switch to Google's Chromium is bad news

Microsoft's move probably won't help Edge and it's also bad for the open web, say Mozilla, Vivaldi.

Microsoft's Edge to morph into a Chromium-based, cross-platform browser

Microsoft is going to remake its Edge desktop browser by using Chromium components and by bringing it to Windows 7, 8.1 and macOS, in addition to Windows 10.

Microsoft Edge: What went wrong, what's next

Microsoft's grand browser experiment flopped in the marketplace, so the company is turning to an unlikely successor: the open-source Chromium project. Can it succeed where EdgeHTML failed?

Apple killing off web passwords? Safari trials WebAuthn logins on macOS

Safari could join Firefox, Chrome, and Edge support for Web Authentication.

Microsoft reportedly looking to ditch Edge for Chromium

The world of web renderers could be down a significant member should Microsoft can its EdgeHTML renderer.

Google is raiding Firefox for Chrome's next UI features

Tab groups and a scrollable tabs bar are coming to Chrome. When? Yet unknown.

How to use Vivaldi Quick Commands TechRepublic

Why you should stop pointing and clicking your way around an interface and instead Vivaldi's new Quick Commands feature.

Google cracks down on malicious Chrome extensions CNET

A more rigorous review process that includes more humans seeks to better scrutinize extensions that demand lots of power.