Bears repeating: Don’t use Internet Explorer, and make some other browser your default

Topic

New Reply

Lots of angst floating around because of the latest, buggy patches, but the bottom line is clear: Don’t use Internet Explorer Make some other browser
[See the full post at: Bears repeating: Don’t use Internet Explorer, and make some other browser your default]

11 users thanked author for this post.

Lori, johnf, jburk07, lurks about, Great Lake Bunyip, GoneToPlaid, Pierre77, Myst, Microfix, Lars220

Reply | Quote

Replies

? says;

thanks, boss! timely advice. i’m going a step futher in January 2020 by getting off the Windows merry go round altogether…

Reply | Quote

On Win8.1 pro x64, I’ve blocked IE and Explorer from accessing the internet using firewall inbound/outbound rules after all, I have browsers for that.

Windows - commercial by definition and now function...

1 user thanked author for this post.

Myst

Reply | Quote

What do you use for windows Updates?

Reply | Quote

The ms catalog using my browser. Easier patching for me YMMV, as I have three Win8.1 devices and only have to download once, then transfer/copy to other devices and install

However, on Win 7 x64/86 I use WU and don’t have IE or Explorer blocked via firewall rule sets.

Windows - commercial by definition and now function...

3 users thanked author for this post.

jburk07, Geo, Myst

Reply | Quote

If you’re talking about Windows Update… you don’t need a browser for that. It runs regardless of what browsers you have, or which is default – and it doesn’t use IE.

2 users thanked author for this post.

jburk07, SueW

Reply | Quote

You’re not entirely off the hook by not using IE.

Some applications use IE under the hood.

 

8 users thanked author for this post.

jburk07, AJNorth, rc primak, Myst, Microfix, Great Lake Bunyip, GoneToPlaid, wdburt1

Reply | Quote

You’re not entirely off the hook by not using IE.

Absolutely, there are multiple hooks involved that are integral to the OS via IE, dll’s, executables in the Windows and Windows/ system32 folder all interconnected.

Windows - commercial by definition and now function...

2 users thanked author for this post.

AJNorth, rc primak

Reply | Quote

anonymous #1975349 said:

Some applications use IE under the hood.

That’s right. For instance, the workaround recommended for mitigating the latest zero-day IE vulnerability — ie. removing SYSTEM user’s permissions from IE’s 32/64-bit jscript.dll — will break the respective 32/64-bit Windows Media Player in Win 7.

Clicking on any video/audio file will lead to the “Server execution failed” error, while clicking wmplayer.exe will result in no response.

Since I use portable 3rd-party media players, I’m fine with leaving jscript.dll in its restricted crippled state.

But what about Microsoft.JScript.dll (basically the the .NET implementation of JScript) ? Is it vulnerable to the latest zero-day remote code execution vulnerability ?

Another precautionary measure I’d taken is to disable the IE browser via ‘Turn Windows Features on or off‘. After a reboot, it is no longer possible to launch IE in any way. in fact, the following items disappear from view:-

• C:\Program Files\Internet Explorer\iexplore.exe
• C:\Program Files (x86)\Internet Explorer\iexplore.exe
• IE’s shortcut links via the START menu search

I use portable 3rd-party web browsers, & to prevent registry entries, I do NOT set any browser as default. As such, with the system’s “default” IE being disabled from launching, it is impossible for any malicious hyperlink to open any web browser w/o triggering a “Windows can’t open this file” prompt.

That being said, to avoid a false sense of security …

https://en.wikipedia.org/wiki/Removal_of_Internet_Explorer#Overview
Starting with Windows 2000, it is possible to disable Internet Explorer. The user can no longer launch it, but its web browser engine remains operational for applications that use it.

Here’s a non-exhaustive list of 3rd-party web browsers & non-browser applications that use IE for various purposes.

PS: In Win 7, Windows Explorer (which uses IE’s binaries) works just fine with IE “turned off” (ie. merely prevented from launching). So perhaps it’s only a matter of time before malicious actors come up with payloads that target Win Explorer & IE-dependent applications.

5 users thanked author for this post.

wdburt1, jburk07, AJNorth, rc primak, woody

Reply | Quote

That list is old, from the Windows 2000 era. And it only covers Trident, which is only one of many IE components used elsewhere in Windows and by third parties. The issue is much broader than this.

-- rc primak

Reply | Quote

rc primak said:
That list is old, from the Windows 2000 era.

The aforementioned Wiki entry is meant to be a historical record, so some of the listed applications are old. Meanwhile, others like SlimBrowser (initial release: Dec 2012) & UltraBrowser (initial release: Sep 2009) did not exist during the Windows 2000 era.

Moreover, many of the listed applications are still actively being developed to this day, such as Skype, Maxthon, Sleipnir, SlimBrowser, WebbIE, Steam client, & Winamp (community update build).

Skype, Steam client & the unofficial Winamp probably have significant number of users. I’m also concerned about WebbIE (latest release: 22 Dec 2018), which caters to visually-impaired users.

Some Internet Explorer-dependent applications not mentioned in the Wiki list include:-

• Tablacus Explorer (latest release: 29 Sep 2019) — tabbed file manager
• Forkle (04 Oct 2019) — web browser
• MyIE9 (06 Oct 2019) — web browser
• BriskBard (27 Aug 2019) — web browser/ email client/ feed reader/ IRC chat client/ multimedia player; installer build uses IE’s Trident & Chromium’s Blink for rendering

Meanwhile, the perfectly functional Malwarebytes v1.75.x has a legitimate iexplore.exe (digitally signed by Malwarebytes) at: C:\Program Files (x86)\Malwarebytes’ Anti-Malware\Chameleon\iexplore.exe

Reply | Quote

anonymous wrote:

You’re not entirely off the hook by not using IE. Some applications use IE under the hood.

You’re absolutely right. At some point, you’ll have to install whatever fix Microsoft finally delivers. But for now, all roads lead through IE. If you don’t use IE, and you have a different default browser, the methods for invoking this particular vulnerability become much, much more difficult — and much less likely.

4 users thanked author for this post.

pmcjr6142, jburk07, AJNorth, rc primak

Reply | Quote

I use Firefox, but understand IE still does “stuff”. When I go to the “Internet Properties” box, the “General” tab, down at “Browsing History, click “settings”,  I get “Website Data Settings” box. On the “Temporary Internet Files” tab I try to select NEVER check for newer versions of stored pages, but the “apply” button on the “Internet Properties” box is greyed out! it will not save. I reopen  Internet Properties and the default “Automatic” is once again checked. Can’t make the changes stick, always goes back to default automatic. I  clear cache/history, etc every time I disconnect from the internet, but would like to know I’m not wasting resources collecting and storing new pages somewhere. Any thoughts? Not a techie, but follow directions well!

OS version is Win10 1809  build 17763.805

Reply | Quote

anonymous wrote:

the “apply” button on the “Internet Properties” box is greyed out! it will not save.

I get the same thing. However, if I toggle the “Delete Browsing History on Exit” option box (on, then off immediately), the Apply works, and saves. Hopefully that works on your machine too

Reply | Quote

Thank you. The “apply” activated, but the “Never” did not save. No big deal, I guess… Not going to bother with it any more.  I love this site. Saved me years of win10 upgrade prompt nightmares on my win7 machine (still primary, with ZERO MS updates since about March 2018)!!! Prior to that manual install ‘security only’ updates. Thanks again to all of the commenters and contributors!

Reply | Quote

For those who like Chrome but not the google snooping, Chromium is a good choice.  Chrome without the snoopy parts.  Stable builds available here:

https://chromium.woolyss.com/

 

Reply | Quote

I use 4 browsers interchangeably, IE11 (still the default), Opera 12.18 (Presto), Slimjet (Chromium) and Firfox portable

Opera had been my primary browser for ever, but eventually i had to switch to more modern one, Slimjet

1 user thanked author for this post.

rc primak

Reply | Quote

abbodi86 wrote:
Opera had been my primary browser for ever, but eventually i had to switch to more modern one

If you’re a long-time Opera user looking for something more modern, have you considered Jon von Tetzchner’s current browser, Vivaldi?

https://vivaldi.com/

And thank you, abbodi86, for all of your helpful and informative posts on this site… we’re all smarter – or at least better informed – because of you!

2 users thanked author for this post.

abbodi86, rc primak

Reply | Quote

I know it, and tried it about 2 years ago, still didn’t level up to Opera Presto

maybe i could give it another shot, thanks

Reply | Quote

Were them brown bears or black bears who said this? Either way, I agree that no matter what, everyone should make any other browser aside from IE their default browser.

Reply | Quote

The problem with making a browser you actually use the default browser is that a rogue application can call it and get internet access. IMHO, you should set as default a browser that is fully blocked at your firewall. Moreover, configure the browser to connect via a proxy to an invalid IP.

Reply | Quote

Yeah, that’s exactly what I use edge for. Firewalled as a default browser and epub reader. Of course you don’t even need to dedicate a real browser to this, you may as well make a batch file or something that just echoes its argument back and lets you copy the url if you want it. Far too many programs use this to try and call back home when you install or uninstall them.

Reply | Quote

Yep I remember when IE was basically it for web browsing. Yes almost every browser now uses Chromium engine but so many different featured browsers today all free and work really well. When Microsoft even tells you not to use IE I think that’s about the time to dump IE.

Reply | Quote

I never used IE, even then, except for Windows updates and brief testing.

I used Netscape 2.0 or so with Windows 3.1, then when I got Windows 95 OSR2, I tried the included IE 3.0, but I didn’t like it as much as Netscape.  I kept with Netscape until Microsoft had them destroyed, at which time I moved to Netscape’s offspring, Mozilla.  Because of Microsoft’s behavior, I never seriously considered using IE 6 for anything other than updating Windows XP.  I did try IE7 briefly, but it was seriously wanting compared to Firefox, and that was the last IE version I tried.

I never tried Chrome or any variants thereof until this year, 2019.  I was so disgusted by Mozilla’s continued efforts to copy Chrome that I decided to see what was so good that Firefox had to stop being Firefox to copy.  I tried Chromium, but it was so lacking in its UI that I soon cut the test short.  I’m keeping an eye on Vivaldi, a Chromium based browser that is working on smoothing out the UI issues… they just got the classic menubar working properly in the most recent release, and at this rate, they may one day surpass Firefox proper (though probably never Waterfox).

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Geo

Reply | Quote

? says:

so, does anyone remember this?

https://en.wikipedia.org/wiki/United_States_v._Microsoft_Corp.

just wondering…

Reply | Quote

Well, not using ‘Internet Explorer’ on Windows is next to impossible. This is because most of the infrastructure the Internet Explorer Web browser is built on is part of the operating system; and most of the security flaws affect the infrastructure, not the Internet Explorer Web browser itself. In short terms, any software using the ‘Internet Explorer’ infrastructure under the hood is affected. So be sure the Web browser of your choice does not rely on the infrastructure the Internet Explorer Web browser is built on.

2 users thanked author for this post.

wdburt1, rc primak

Reply | Quote

If you want to use a Chromium-based browser check out the beta version of the new Edge at https://www.microsoftedgeinsider.com/en-us/. I run the Dev channel and it is very solid. The beta channel should be even more solid. It is updated every six weeks. The new Edge is available for all supported versions of Windows and macOS. Microsoft removed all the Google “stuff” and yes they substituted their own for most.

You can add extensions from either the Microsoft Store, the Chrome web store, or both. Some of the Chrome extensions may not work.

--Joe

Reply | Quote

It’s still a Microsoft product. No thanks.

-- rc primak

Reply | Quote

joep517 wrote:
If you want to use a Chromium-based browser check out the beta version of the new Edge

Interesting suggestion, seems like “new Edge” may have broader appeal than “original Edge”, but I do find myself wondering…
does Microsoft’s new Edge browser suffer on any level from the frequently-referenced (e.g., see many posts above, including woody’s post #1975688) problem still plaguing Internet Explorer (i.e., the over-integration of the web browser application with the underlying Windows OS)?

Reply | Quote

No. (Neither did the old Edge.)

Reply | Quote

Do you know when the new Edge will be released to the general public (a non-beta version that’s ready to be used for real)?

Reply | Quote

So  Oct 8th is when the new IE cumulative update will be available and I hope that some testers will be scrutinizing that with some more intense vetting so that can be safely installed sooner rather than later. And maybe Oct’s IE CU needs it’s own DEFCON so that vetting can be established sooner rather than later because of all that is zero day.

MS should have long ago made disabling IE a one setting option, including any default application calling for the default browser functionality just for cases like the current issues with IE security. Having any Internet Browser so integrated into the OS, at any elevated privilege level, was a serious security mistake from day one.

Windows Explorer should have its own code and not be sharing any code with any Internet Browser functionality and the OS needs less direct shared Internet Functionality inside with all that is internet based properly sandboxed outside of any OS/Elevated privilege level.

Reply | Quote

Meanwhile, most of us have to use what exists, not what might have been.  So we here generally follow Woody’s advice and the advice of the other Windows experts and fellow users we find here.

-- rc primak

2 users thanked author for this post.

OscarCP, Myst

Reply | Quote

Firefox and I’ll wait for Oct 2019’s DEFCON3 before installing any patches. And I have completely skipped any months where any Windows 7 Security Only Patches had telemetry.

So now on to Oct’s regular patches and their vetting. September is really been bad anyways so I’m glad I skipped everything that month in addition to the telemetry in the W7 SO update. There’s not may more months to worry about patching Windows 7 that’s just finding some replacement options(8.1, Linux, or BSD based). IE gets cumulative updates anyways so what is skipped one month will be included in the next.

Reply | Quote

And I have completely skipped any months where any Windows 7 Security Only Patches had telemetry.

Telemetry was additional payload riding along with these patches, not the only reason for the update. By skipping the update you are not patched. Please read through AKB2000012. And consider accepting the patches with telemetry, then neutralizing the effects after. You may have reasons for your choice, this is only a suggestion to another option.

Reply | Quote

[phaolo]

I use Firefox since forever, but I checked the Defaults Programs page just for curiosity.
It seems I still have IE associated with 3 files (.url, .website, .partial), but I can’t remove them, they’re greyed out..

• This reply was modified 5 years, 7 months ago by phaolo.

Reply | Quote

Because only IE can handle those three
but they should not be greyed anyway

Reply | Quote

WHATEVER browser you choose to use, I recommend you consider protecting yourself against your computer visiting websites it should not be visiting.

My recommendation: Install UBlock (and for the geeky) UMatrix. Even if you choose to get no other add-ons. The former blacklists a big batch of web sites using information about their bad behavior gathered from all over, and the latter doesn’t allow the execution of scripts from sites other than the one you’re actually visiting unless you allow it (and believe me, the stuff your browser loads comes from ALL over).

Imagine browsing and only seeing the content you want. No ads, no drive by malware. Just what you want to view.

Yes, it really works.

-Noel

3 users thanked author for this post.

Lori, johnf, Myst

Reply | Quote

In addition to all the IE stuff under the hood in other parts of Windows, please be aware that sometimes we in the trenches are required to use and support IE at work.  [One large company, with over 25,000 employees per Forbes.com] REQUIRES IE for their web-based document management, accounting and workflow SAAS.  (I’m a customer, not an employee.)

1 user thanked author for this post.

woody

Reply | Quote

I feel your pain. Really.

Reply | Quote

I manage the Office computer for my HomeOwner’s Associaton. The check reader for deposits to the bank, and the tie in to QuickBooks, requires the use of IE11. I have them on Win10, v1809. It is up to date with the original Patch Tues CU KB4512578 Build 17763.737. It will be interesting to see if it stops working once I install the Oct. updates. Not going to rush that one!

1 user thanked author for this post.

woody

Reply | Quote

[johnf]

Alternative browsers to consider (if you don’t trust ones built from Chrominum, such as Chrome, Edge, etc) are Pale Moon/ WaterFox (I’m not a big fan of the direction Firefox is going). Brave is another good one, though that is built on the Chrominum engine. If you can, follow Noel’s advice about UBlock (or NoScript).

For those of you who need to run IE, using Sandboxie is a good way to isolate IE in a safe, sandbox environment. Sophos recently made it a free tool, and will make it open source later, so no reason not to try it out!

• This reply was modified 5 years, 7 months ago by johnf.

1 user thanked author for this post.

Lori

Reply | Quote

What anonymous #1975669 posted is worth repeating:

To disable the IE browser (in Win 7):

1. Go to Control Panel > Programs and Features > Turn Windows features on or off.

2. Deselect Internet Explorer 11.

3. Reboot.

I still apply the monthly IE11 security updates, and have noticed no problems since disabling the browser >2 years ago.

As always, YMMV.

Reply | Quote

KB4524148 also breaks printing in an RDP session. Event log points back to jscript.dll

 

Uninstall the windows update and it will fix the issue.

Reply | Quote