You are on page 1of 6

The History of Internet Explorer by Scott Schnoll

Copyright © 1998-2001 - All Rights Reserved

Internet Explorer is Microsoft·s World Wide Web browser, and the name for a set of Internet-based technologies that provide browsing, email, collaboration and multimedia features to millions of people around the world. It·s a four-year old product that has received glowing reviews from end users and the media, harsh criticism from Microsoft·s competitors and the anti-Microsoft crowd, and it is one of the cornerstones of an ongoing anti-trust trial that the Department of Justice has brought against Microsoft. It remains a testament to Microsoft·s ability to turn it·s product strategy on a dime, it is used by millions upon millions of users navigate the World Wide Web, and it has emerged the victor in the long-standing browser wars with Microsoft·s competitor, Netscape Corporation. To properly understand the security aspects surrounding Internet Explorer, I believe one should begin with a historical perspective. This is important for two reasons. First, given the many different released versions of Internet Explorer, you need to determine where you are in the Internet Explorer product timeline. Only then will you be able to determine what security issues you·re facing and what you can do about them. Second, and more importantly, Internet Explorer is here to stay. Microsoft has forever interwoven the Internet Explorer suite of products and set of technologies into its Windows, Office and BackOffice family product lines. There are over 200 million Windows users, and I don·t think Windows is going to disappear any time soon. The Beginning of an Era In 1995, Microsoft was busily working on a very important project, code-named ´Chicago.µ An extension of that project ² code-named ´O·Hareµ after Chicago·s O·Hare Airport ² was being developed in tandem. Microsoft·s intent was to combine the technologies of both projects into a single consumer product. Toward the end of these projects, Microsoft decided to take the O·Hare technologies, and distribute them as part of a separate add-on pack to the Chicago product. Chicago, now known as Windows 95, proved to be one of the most successful operating systems to date. O·Hare, now known as Internet Explorer 1.0, first shipped as an Internet Jumpstart Kit in Microsoft Plus! For Windows 95. Although Internet Explorer 1.0 integrated nicely with Windows 95, few customers used it, preferring instead to use the highly popular browser from Netscape Development Corporation, or other web browsers such as Mosaic, Lynx and Opera. Microsoft remained undeterred. Microsoft·s market research indicated that their customers wanted to use Windows 95 as a universal network client; one that could connect to Windows NT, Novell NetWare, Banyan Vines, and the Internet. Microsoft made great strides over the next year with version 2.0. This was Microsoft·s first crossplatform browser, available to both Macintosh and 32-bit Windows users. Version 2 introduced support for a wide variety of emerging Internet technologies, such as Secure Sockets Layer (SSL), HTTP cookies, RealAudio, Virtual Reality Modeling Language (´VRMLµ), and support for Internet newsgroups (NNTP). We·ll discuss these things more in depth in forthcoming chapters. Full Steam Ahead

Ever since the release of version 3. This flaw allowed malicious websites to ´spoofµ other web sites. cascading style sheets. which seemingly overnight triggered a mass exodus from Netscape·s browser to Internet Explorer. while Microsoft gave Internet Explorer away for free. Others were concentrating on other issues. As a result of these new compelling features. This new and quickly increased popularity had the unintended side-effect of putting Microsoft and it·s web browser under intense public scrutiny. was the fact that it was a bundled suite of products. But the debate was nearly made moot by one distinguishing aspect ² Netscape charged nearly $50 for its web browser. So they introduced additional integrated components when they released version 3. Microsoft released version 3. One of the primary reasons behind the success of Microsoft Office. The picture was becoming clear ² this new territory called the Internet could be a dangerous place. Discovered by two well-known Princeton researchers ² Edward Felten and Dirk Balfanz ² this security hole enabled a malicious webmaster to download files to an unsuspecting user·s PC without their knowledge. the browser wars have raged on. a Trojan program that could open a ´back doorµ into the target system. Felten reported his discovery of some serious Java vulnerabilities in Netscape Navigator.0. Java applets. Trouble Begins to Brew Technologists and pundits began to write about how Microsoft was trying to dominate the Internet by flooding the market with their web browser and turning the Internet into a Microsoft proprietary domain. a Windows Address Book. More and more security bugs started appearing. including support for video and audio multimedia. such as browser security. version 3·s popularity skyrocketed. a mere nine days after Internet Explorer 3 was released. On August 22. except that it isn·t hosted on a web server that belongs to the web site you think you·re visiting.0. Or worse. The very next day. Microsoft released a patch to close the Princeton Word Macro Virus Loophole. In December. This could be any file. In other words. as well as which one more closely adhered to RFCs and other Internet standards. There was much to be concerned about. The Internet community became polarized on the issue of which web browser had the most features and the most support for the latest Internet technologies. it can literally be an identical copy of a real site. the first Internet Explorer security problem was reported ² The Princeton Word Macro Virus Loophole. Internet Explorer 3 boasted a wide variety of features. by applying this practice to Internet Explorer. or a program designed to discretely transmit files back to the malicious web site. While Microsoft downplayed the significance of the loophole. the Internet community was becoming increasingly concerned. Months before reporting this loophole. 1996. and Microsoft·s ActiveX controls. including a Microsoft Word Macro that could in turn execute DOS commands. a malicious webmaster could transmit a virus. Microsoft felt that. 1996. and later on. while you think you·ve just purchased the latest subscription to Foo Magazine. they would be able to duplicate this success. Microsoft NetMeeting and the Windows Media Player. you·ve actually just transmitted your credit card number and other personal information to a fake site. Felton reported another security flaw in Internet Explorer. A spoofed web site is a site that looks real. such as Internet Mail and News 1. The Princeton Word Macro Virus Loophole should have been a wake-up call for Microsoft.In the summer of 1996. .

Internet Explorer 4 provided a much richer Internet experience. including the Department of Justice. In fact. it was so critical to their vision. browsing and retrieving information easy. In fact. one security problem after another was being steadily reported. On the surface. Microsoft introduced a new feature called the ´Active Desktop. Microsoft was targeting three major markets with this latest version. But it was much more than that. When Windows 95 debuted. Thanks.µ This allowed Internet Explorer 4 users to replace their normal desktop and wallpaper with any web content they wanted. In addition. It also brought drag-and-drop functionality to the Start Menu. and added integrated Favorites. Internet Explorer 3. IAYF means ´the right information at the right time for the right purpose. Microsoft was undeterred. once installed. that Microsoft completely scrapped earlier betas and alphas of Internet Explorer in favor of the version that is available today. The changes were there. Microsoft Chat was added and Microsoft NetMeeting was upgraded. According to Microsoft. in September 1997 they stepped up their efforts to improve upon version 3 by releasing an all new version ² version 4 ² one that was completely integrated into Windows 95. Windows NT and. when later released.µ Microsoft·s goal was to make finding. Internet Mail and News was replaced with Outlook Express. while allowing IS departments a granular level of control. and they were significant. Internet Explorer 4 was a major milestone in this campaign. For programmers and software developers. the user didn·t notice much change. This claim was made early on in the still-running antitrust trial against Microsoft. When a Windows 95 user installed Internet Explorer 4. their Explorer shell was replaced with Internet Explorer. Windows 98. the word ´shellµ refers to the user interface (´UIµ). Again. For home users. new interface that caught on. and allowed novice users to quickly learn how to use Windows. Microsoft had unveiled its ´Information at Your Fingertipsµ (IAYF) campaign. and there was the revelation that Internet Explorer maintained a bit-by-bit record of where users went online. Explorer was a slick. Internet Explorer 4 provided a platform for delivering interactive and compelling content. in effect. Between Java bugs. and a growing anti-Microsoft sentiment. and hotly disputed by many. In 1990. The launch of Internet Explorer 4 meant the end of the already extremely blurred line between Windows and Internet Explorer. create their own custom UI for Windows. There were numerous vulnerabilities which exposed computer files to malicious web sites. In Windows terminology. however. For companies and organizations. all because of Internet Explorer. a Quick Launch Bar and Address Bars. scripting holes. Internet Explorer 4 represented a quantum leap over the prior versions of Internet Explorer. the original Windows Program Manager shell was replaced with the Windows Explorer shell.0 could not be completely uninstalled from Windows 95. there were other bugs that inadvertently transmitted encrypted information in plain text to unauthorized sites.Month after month. Microsoft was being attacked on all sides. Internet Explorer 4 would make users more productive and evangelize intranets. Goodbye Web Browser. Hello Integrated Functionality Microsoft·s strategy for Internet Explorer took an interesting turn in late 1997 when Microsoft claimed that. Instead of icons and a single wallpaper image. Internet Explorer 4 users could. Year 2000 problems. with access to the information location-independent. but No Thanks .

But on Internet Time. when turned on. and what they would see. and Microsoft NetMeeting. where they went. were reporting one serious security hole after another. people complained. the Active Desktop would slow the system to a crawl. For example. A lavishly customized Active Desktop can add quite a bit of resource overhead to a Windows PC. It is common for development on the next version of a product to occur simultaneously with the release or near-release of the current version. Customers didn·t like Internet Explorer 4·s heavy footprint or the way Active Desktop performed. Today·s systems. It·s a sort of ´dog yearsµ analogy for technology. such as Channels. the development cycle might now be six months to a year. are significantly more powerful that those in 1997.µ that is. Some went so far as to claim that. The very nature of the Internet made this a technical impossibility. . by dumping its web browser into the market for free. and.Despite this power and flexibility. a new TCP/IP auto-dialer. occur. making the Active Desktop features useful and richly interactive. however. everything they did seemed to backfire. Many Windows users were still running with 28. By Internet Time standards. Some felt that this feature was ´code bloat. and Security Zones. and it was supposed to include a web browser. but that Microsoft added anyway because they thought it was cool. and webcasting. 32MB of RAM or less in their systems. Dynamic HTML. Internet Explorer 4 has enjoyed an extremely long life cycle. many users didn·t care for the Active Desktop. The project ² code-named ´Athenaµ ² was scheduled to be released in the Summer of 1996. This is what happened with Internet Explorer 4. Version 3 was an ambitious project to begin with. subscriptions and webcasting (aka ´Pushµ technology) were Microsoft·s efforts to move from a technology company to a content company. but nonetheless. Security was also beefed up with the addition of Authenticode 2. say your company·s product happens to be a web browser. and secure Internet Explorer. enhanced multimedia.8Bps modem connections. a feature that no one really wanted. they were right. an email client and news reader.0. such as Carnegie-Mellon·s Computer Emergency Response Team (´CERTµ). Subscriptions. Microsoft would control who got on the Internet. Software development cycles can run anywhere from twelve months to several years. Internet Explorer 4 also introduced a slew of new features. And security experts worldwide. To a certain extent. Microsoft·s partners didn·t like having to license and distribute Internet Explorer 4 ² unmodified ² in order to retain their status as a Windows licensee. Despite Microsoft·s best attempts to add features. A Very Long Life ² In Internet Time The concept of ´Internet Timeµ refers to the frenzied and never-ending pace at which things on the Internet. Channels. or things related to the Internet. provide integration. This only fueled the now prevalent fears that Microsoft·s intent was to dominate the Internet.

Therefore. Their intent was to release a new version of Windows with Nashville blended in. security issues began cropping up. Internet News Server.0 and Microsoft NetMeeting 1. Microsoft Outlook 98 ² like it·s cousin Outlook Express ² uses Internet Explorer·s HTML parsing and rendering engine. But in a matter of days. Internet Mail and News 1. such as Microsoft Chat Server.µ Normandy was a product line comprised of various Internet-related technologies. would later become blended into another project ² code-named ´Nashvilleµ ² which was to be the successor to Windows 95 UI shell. So. Late in the development cycle for Internet Explorer 3. and a personal information manager. This amounted to the transmission of a whopping ten terabytes of data! The demand exceeded everyone·s expectations. Microsoft then began working on a new project under the code-name of ´Nashville. It would be a web browser (at the time based on Internet Explorer 3). Microsoft Personalization Server. and Microsoft began releasing what was to be a long stream of patches. Office 2000 . resulting in a number of different builds for version 4. it became apparent that Microsoft would not be able to deliver Athena as planned in the Summer of 1996. the boundary between Windows 95 and Internet Explorer. including Microsoft·s. In the first 24 hours it was available. if you install Outlook 98 onto a computer without version 4 or higher.0.Athena would also be the primary client in another project ² code-named ´Normandy. Microsoft Merchant Server. and created a new shell (which is still called Explorer). a news reader. an email client. as well. data and audio conferencing. updates and service packs.µ Microsoft had ambitious plans for Nashville. Microsoft cut back on their plans and released Internet Explorer 3. making it a completely integrated product. it was being downloaded once every six seconds. including its Office and BackOffice family of products. Nashville·s goal was realized in on September 30. Internet Explorer gets installed. a personal web server. The Nashville team merged elements from the Windows 95 Explorer with features from Internet Explorer. and others.µ as it came to be known. 1997.µ Nashville was being billed as an ´Internet Update Release. blurring (and removing). it would replace the existing Windows shell. Nashville·s goal was to evolve the Windows 95 shell to provide integration between the user·s PC and the Internet. The demand for version 4 was impressive. More importantly. Resistance is Futile Microsoft continues to integrate Internet Explorer into its other product lines. The ´summer Internet package. when Microsoft released Internet Explorer 4.

it. Before it was even released. This foundational approach makes sense. The history thus far of Internet Explorer. too has security vulnerabilities. Version 5 isn·t too much of a departure from version 4. Internet Explorer 4 continues to be a popular browser. Microsoft capitalized on version 4·s success with the release of Internet Explorer 5. it·s a pretty safe assumption that all future versions of Internet Explorer ² as with any web browser ² will be affected by one or more security issues. In fact. user-friendly and highly configurable. .extends this practice by including and using Internet Explorer 5 technologies. On March 18. It does add a some very nice features. So there you have it. over 2 million copies of the beta version were downloaded. Why reinvent the wheel (or in this case why re-write the code) if it already exists? On the other hand. 1999. but like its predecessors. Nearly two years after its release it is still the most popular version in use today. It is feature-rich. This only adds to the already mounting challenges of maintaining a safe and secure operating environment. this also means that security issues that affect Internet Explorer more often than not also affect products which use its codebase.