Internet Explorer 6

Internet Explorer 6
Internet Explorer 6 in Windows XP SP2
Developed by	Microsoft
Initial release	August 27, 2001
Latest release	6.0 SV1 ('6 SP2')[1] / August 6, 2004
OS	Microsoft Windows (98 to WS2003)
Development status	Supported Superseded by 7.0
License	MS-EULA
Website	Internet Explorer 6 Site 1 · 2 · 3 · 4 · 5 · 6 · 7 · 8

Microsoft Internet Explorer 6 (commonly abbreviated to IE6), is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows XP and Windows Server 2003 lines of operating systems. It was the most widely used web browser during its tenure (surpassing Internet Explorer 5.x), attaining a peak of about 95% usage share during 2002 and 2003 when it began steadily declining until 2007 when it rapidly lost market share to Windows Internet Explorer 7.

Microsoft Internet Explorer 6.0 was released on August 27, 2001, shortly after Windows XP was finished. It includes DHTML enhancements, content restricted inline frames, and partial support of CSS level 1, DOM level 1 and SMIL 2.0.^[2] The MSXML engine was also updated to version 3.0. Other new features included a new version of the Internet Explorer Administration Kit (IEAK), Media bar, Windows Messenger integration, fault collection, automatic image resizing, P3P, and a new look-and-feel that was in line with the "Luna" visual style of Windows XP, when used in Windows XP. In 2002, the Gopher protocol was disabled and support for it was dropped in Internet Explorer 7.^[3]

In a May 7, 2003 Microsoft online chat, Brian Countryman, Internet Explorer Program Manager, declared that Internet Explorer would cease to be distributed separately from Windows (IE 6 would be the last standalone version);^[4] it would, however, be continued as a part of the evolution of Windows, with updates coming only bundled in Windows upgrades. Thus, Internet Explorer and Windows itself would be kept more in sync. However, after one release in this fashion (IE6 SP2 in Windows XP SP2, in August 2004), Microsoft changed its plan and released Internet Explorer 7 for Windows XP SP2 and Windows Server 2003 SP1 in late 2006.

IE6 remained more popular than its successor in business use for more than a year after IE7 came out. ^[5] A DailyTech article noted, "A Survey found 55.2% of companies still use IE 6 as of December 2007", while "IE 7 only has a 23.4 percent adoption rate". ^[6]

IE6 market share was about 25% for August 2008 ^[7]

Contents 1 Security issues 2 Criticism 3 Security framework 4 Quirks trigger 5 Supported platforms 6 Release history 6.1 Extended 7 References and notes 8 See also 9 External links

Security issues

As of May 28, 2006, Secunia reports 104 vulnerabilities in Internet Explorer, 18 of which are unpatched, some of which are rated moderately critical in severity^[8]. In contrast, Mozilla Firefox, the main competitor to Internet Explorer, is reported to have only 34 security vulnerabilities, of which 3 remain unpatched and rated less critical^[9]. Opera, another competitor to Internet Explorer, has 15 vulnerabilities and none of them remain unpatched^[10].

Although security patches continue to be released for a range of platforms, most recent feature additions and security improvements were released for Windows XP only.

As of June 23, 2006, security advisory site Secunia counted 20 unpatched security flaws for Internet Explorer 6, many more and older than for any other browser, even in each individual criticality-level, although some of these flaws only affect Internet Explorer when running on certain versions of Windows or when running in conjunction with certain other applications.^[11]

On June 23, 2004, an attacker used two previously undiscovered security holes in Internet Explorer to insert spam-sending software on an unknown number of end-user computers.^[12] This malware became known as Download.ject and it caused users to infect their computers with a back door and key logger merely by viewing a web page. Infected sites included several financial sites.

Probably the biggest generic security failing of Internet Explorer (and other web browers too) is the fact that it runs with the same level of access as the logged in user, rather than adopting the principle of least user access. Consequently any malware executing in the Internet Explorer process via a security vulnerability (e.g. Download.ject in the example above) has the same level of access as the user, something that has particular relevance when that user is an Administrator. Tools such as DropMyRights are able to address this issue by restricting the security token of the Internet Explorer process to that of a limited user. However this added level of security is not installed or available by default, and does not offer a simple way to elevate privileges ad-hoc when required (for example to access Microsoft Update).

Art Manion, a representative of the United States Computer Emergency Readiness Team (US-CERT) noted in a vulnerability report that the design of Internet Explorer 6 Service Pack 1 made it difficult to secure. He stated that:

There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. … IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.^[13]

Manion later clarified that most of these concerns were addressed in 2004 with the release of Windows XP Service Pack 2, and other browsers have now begun to suffer the same vulnerabilities he identified in the above CERT report.^[14]

Many security analysts attribute Internet Explorer's frequency of exploitation in part to its ubiquity, since its market dominance makes it the most obvious target. However, some critics argue that this is not the full story, noting that Apache HTTP Server, for example, had a much larger market share than Microsoft IIS, yet Apache had traditionally had fewer (and generally less serious) security vulnerabilities than IIS, at the time.^[15]

As a result of its many problems, some security experts, including Bruce Schneier, recommend that users stop using Internet Explorer for normal browsing, and switch to a different browser instead.^[16] Several notable technology columnists have suggested the same, including the Wall Street Journal's Walt Mossberg,^[17] and eWeek's Steven Vaughan-Nichols.^[18] On July 6, 2004, US-CERT released an exploit report in which the last of seven workarounds was to use a different browser, especially when visiting untrusted sites.^[19]

Criticism

A common criticism of Internet Explorer is of the speed at which fixes are released after discovery of the security problems, and in some circumstances, the problems not always being completely fixed.^{[citation needed]}

Microsoft attributes the perceived delays to rigorous testing. The testing matrix for Internet Explorer demonstrates the complexity and thoroughness of corporate testing procedures. A posting to the Internet Explorer team blog on August 17, 2004 explained that there are, at minimum, 234 distinct releases of Internet Explorer that Microsoft supports (covering more than two dozen languages, and several different revisions of the operating system and browser level for each language), and that every combination is tested before a patch is released.^[20]

In May 2006, PC World rated Internet Explorer 6 the eighth worst tech product of all time. ^[21]

Security framework

Internet Explorer uses a zone-based security framework, which means that sites are grouped based upon certain conditions. IE allows the restriction of broad areas of functionality, and also allows specific functions to be restricted. The administration of Internet Explorer is accomplished through the Internet Properties control panel. This utility also administers the Internet Explorer framework as it is implemented by other applications.

Patches and updates to the browser are released periodically and made available through Windows Update web site. Windows XP Service Pack 2 adds several important security features to Internet Explorer, including a popup blocker and additional security for ActiveX controls. ActiveX support remains in Internet Explorer although access to the "Local Machine Zone" is denied by default since Service Pack 2. However, once an ActiveX control runs and is authorized by the user, it can gain all the privileges of the user, instead of being granted limited privileges as Java or JavaScript do. This was later solved in the Windows Vista version of IE 7, which supported running the browser in a low-permission mode, making malware unable to run unless expressly granted permission by the user.

Quirks trigger

Version 5.5 was the last to have Compatibility Mode, which allowed Internet Explorer 4^[22] to be run side by side with 5.x.^[23][24][23] With IE6, there was a quirks mode that could be triggered that caused it to behave like IE 5.5.^[25]

Supported platforms

Internet Explorer 6.0 supports Windows NT 4.0, Windows 98, Windows 2000, Windows Me, Windows XP and Windows Server 2003. The Service Pack 1 update supports all of these versions, but Security Version 1^[1] is only available as part Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 and later service packs for those versions. Windows Vista is not supported, and uninstalling IE7 on Windows XP SP3 is not supported, except via a system restore.

Release history

Major version	Minor version	Release date	Significant changes	Shipped with
Version 6	6.0 Beta 1	March 2001	More CSS changes and bug fixes to be more W3C-compliant.
	6.0	August 27, 2001	Final release.	Windows XP
	6.0 SP1	September 9, 2002	Vulnerability patch. Last version supported on Windows NT 4.0, 98, 2000 or Me.	Windows XP SP1 and Windows Server 2003
	6.0 SP2	August 25, 2004	Vulnerability patch. Popup/ActiveX blocker. Add-on manager.	Windows XP SP2 and Windows Server 2003 SP1

Extended

Shdocvw.dll version numbers plus related notes.^[26]

• major version.minor version.build number.sub-build number

• 6.00.2462.0000 Internet Explorer 6 Public Preview (Beta)
• 6.00.2479.0006 Internet Explorer 6 Public Preview (Beta) Refresh
• 6.00.2600.0000 Internet Explorer 6 (Windows XP)
• 6.00.2800.1106 Internet Explorer 6 Service Pack 1 (Windows XP SP1)
• 6.00.2900.2180 Internet Explorer 6 for Windows XP SP2
• 6.00.2900.5512 Internet Explorer 6 for Windows XP SP3
• 6.00.2800.1278 Internet Explorer 6 Update v.01 Developer Preview (SP1b Beta)
• 6.00.2800.1314 Internet Explorer 6 Update v.04 Developer Preview (SP1b Beta)
• 6.00.3663.0000 Internet Explorer 6 for Microsoft Windows Server 2003 RC1
• 6.00.3718.0000 Internet Explorer 6 for Windows Server 2003 RC2
• 6.00.3790.0000 Internet Explorer 6 for Windows Server 2003 (released)
• 6.00.3790.1830 Internet Explorer 6 for Windows Server 2003 SP1 and Windows XP x64
• 6.00.3790.3959 Internet Explorer 6 for Windows Server 2003 SP2

References and notes

• "Microsoft Windows Family Home Page". Windows History: Internet Explorer History. Retrieved on May 12, 2005.
• "Microsoft Knowledge Base". How to determine which version of Internet Explorer is installed. Retrieved on November 6, 2005.
• "Index DOT Html and Index DOT Css". Browser History: Windows Internet Explorer. Retrieved on May 12, 2005.

See also

• History of the Internet
• List of web browsers
• Comparison of web browsers
• Browser timeline

External links

• Internet Explorer: Home Page (Internet Explorer 7)
• IEBlog — The weblog of the Internet Explorer team
• Internet Explorer History

v • d • e Internet Explorer Versions Version 2 · Version 3 · Version 4 · Version 5 · Version 6 · Version 7 · Version 8 Mobile · for Mac · for UNIX Overview History · Removal · Easter eggs · Box model bug · Add-ins · Extensions · Shells Current technologies and related software Trident (MSHTML) · MSXML · RSS Platform · JScript · XMLHttpRequest · ActiveX · Administration Kit · Developer Toolbar · HTA · HTML+TIME · Web Archive (MHTML) · Favicon · HTML Components · Vector Markup Language (VML) · Integrated Windows Authentication · Temporary Internet Files · Index.dat · Browser Helper Object (BHO) · Web Proxy Autodiscovery Protocol (WPAD) Previous technologies and related software Outlook Express · Internet Mail and News · Comic Chat/Chat 2.0 · NetMeeting · NetShow · DirectX Media · Windows Address Book · Windows Desktop Update · Active Desktop · Active Channel · Channel Definition Format · Java Virtual Machine · Server Gated Cryptography (SGC) · Smart tags · MSN Explorer · Spyglass · Tasman Events First browser war · United States v. Microsoft · Sun v. Microsoft · Download.ject · Eolas v. Microsoft · Second browser war Related topics Comparison of Web browsers · Usage share of web browsers · List of web browsers · Browser timeline

---

No comments have been added.

Your name:
City:
Country:	USA UK India Pakistan UAE Saudi Arabia Germany Afghanistan Albania Algeria Andorra Angola Antigua Barbuda Argentina Armenia Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bhutan Bolivia Bosnia Herzegovina Botswana Brazil Brunei Bulgaria Burkina Faso Burma Burund Cambodia Cameroon Canada Central African Rep Chad Chile China Columbia Comoros Congo Costa Rica Croatia Cuba Cyprus Czech Republic DR Congo Denmark Djiboutil Dominica Dominican Rep Ecuador Egypt El Salvador Eq Guinea Eritrea Estonia Ethiopia Fiji Finland France Gabon Gambia Georgia Germany Ghana Greece Grenada Grenadines Guatemala Guinea Bissau Guinea Guyana Haiti Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Ivory Coast Jamaica Japan Jordan Kazakhstan Kenya Kiribati Kuwait Kyrgyzstan Laos Latvia Lebanon Liberia Libya Liechtenstein Lithuania Luxembourg Macedonia Macau Madagascar Malawi Malaysia Maldives Mali Malta Mauritania Mauritius Mexico Micronesia Moldova Monaco Mongolia Morocco Mozambique Namibia Nauru Nepal Neth Antilles Netherlands New Zealand Nicaragua Niger Nigeria North Korea Norway Oman Pakistan Panama Papua New Guinea Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Rawanda Romania Russia Sao Tome Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Korea South Africa Spain Sri Lanka St Kitts_Nevis St Lucia Sudan Suriname Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Togo Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Tuvala UAE Uganda Ukraine Uruguay Uzbekistan Vanuatu Venezuela Vietnam Western Samoa Yemen Yugoslavia Zaire Zambia Zimbabwe
Your comments:
Security check * (Please enter the number into adjoining box)