Monday, April 30, 2007

Criticism


[edit] Security

A screenshot of a malicious website attempting to install spyware via an ActiveX Control
A screenshot of a malicious website attempting to install spyware via an ActiveX Control

Much criticism of Internet Explorer is related to concerns about security: Much of the spyware, adware, and computer viruses across the Internet are made possible by exploitable bugs and flaws in the security architecture of Internet Explorer, sometimes requiring nothing more than viewing of a malicious web page in order to install themselves. This is known as a "drive-by download": an attempt to trick the user into installing malicious software by misrepresenting the software's true purpose in the description section of an ActiveX security alert.

While Internet Explorer is not alone in having exploitable vulnerabilities, its ubiquity has resulted in many more affected computers when vulnerabilities are found. Microsoft has not responded as quickly as competitors in fixing security holes and making patches available.[10] Not only are there more security holes discovered in Internet Explorer, but these vulnerabilities tend to remain unpatched for a much longer time, in some cases giving malicious web site operators months to exploit them before Microsoft releases a patch.

The security website Secunia keeps an up-to-date list of known unpatched vulnerabilities. According to the Washington Post, Internet Explorer was known to have exploit code for unpatched critical flaws for 284 days of 2006 [1]. The article goes on to compare this with 9 days for Mozilla Firefox.

[edit] Standards support

Other criticisms, mostly coming from technically proficient users and developers of websites and browser-based software applications, concern Internet Explorer's support of open standards, because the browser often uses proprietary extensions to achieve similar functionality.

Internet Explorer supports, to some degree, a number of standardized technologies, but has numerous implementation gaps and conformance failures—some minor, some not—that have led to criticism from an increasing number of developers. The increase is attributable, in large part, to the fact that competing browsers that offer relatively thorough, standards-compliant implementations are becoming more widely used.

Internet Explorer's ubiquity, in spite of its inferiority in this area, frustrates developers who want to write standards-compliant, cross-browser code and the advanced functionality it provides, because they are often stuck coding pages around Internet Explorer's bugs, proprietary featureset, and missing standards support instead.

Web developers must work with the least advanced technology across all browsers they wish to support, and Internet Explorer is often criticized for being technically obsolete. These include supporting fewer CSS, HTML, and DOM features than Firefox or Opera and not having native XHTML support.[11] For another long-standing concrete example, see Internet Explorer's poor PNG transparency support, which remained unfixed until Internet Explorer 7. Even still, although Internet Explorer 7 now displays transparent PNG files more correctly, webpages including transparent PNGs cause Internet Explorer 7 to suffer a considerable delay in performance.

No comments: