News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Bears repeating: Don’t use Internet Explorer, and make some other browser your default

    Home Forums AskWoody blog Bears repeating: Don’t use Internet Explorer, and make some other browser your default

    This topic contains 43 replies, has 20 voices, and was last updated by  anonymous 4 weeks ago.

    • Author
      Posts
    • #1975171 Reply

      woody
      Da Boss

      Lots of angst floating around because of the latest, buggy patches, but the bottom line is clear: Don’t use Internet Explorer Make some other browser
      [See the full post at: Bears repeating: Don’t use Internet Explorer, and make some other browser your default]

      11 users thanked author for this post.
    • #1975198 Reply

      anonymous

      ? says;

      thanks, boss! timely advice. i’m going a step futher in January 2020 by getting off the Windows merry go round altogether…

    • #1975271 Reply

      Microfix
      Da Boss

      On Win8.1 pro x64, I’ve blocked IE and Explorer from accessing the internet using firewall inbound/outbound rules after all, I have browsers for that.

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      1 user thanked author for this post.
    • #1975274 Reply

      Geo
      AskWoody Plus

      What do you use for windows Updates?

      • #1975281 Reply

        Microfix
        Da Boss

        The ms catalog using my browser. Easier patching for me YMMV, as I have three Win8.1 devices and only have to download once, then transfer/copy to other devices and install 🙂

        However, on Win 7 x64/86 I use WU and don’t have IE or Explorer blocked via firewall rule sets.

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

        3 users thanked author for this post.
      • #1975687 Reply

        woody
        Da Boss

        If you’re talking about Windows Update… you don’t need a browser for that. It runs regardless of what browsers you have, or which is default – and it doesn’t use IE.

        2 users thanked author for this post.
    • #1975349 Reply

      anonymous

      You’re not entirely off the hook by not using IE.

      Some applications use IE under the hood.

       

      8 users thanked author for this post.
      • #1975563 Reply

        Microfix
        Da Boss

        You’re not entirely off the hook by not using IE.

        Absolutely, there are multiple hooks involved that are integral to the OS via IE, dll’s, executables in the Windows and Windows/ system32 folder all interconnected.

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

        2 users thanked author for this post.
      • #1975669 Reply

        anonymous

        anonymous #1975349 said:

        Some applications use IE under the hood.

        That’s right. For instance, the workaround recommended for mitigating the latest zero-day IE vulnerability — ie. removing SYSTEM user’s permissions from IE’s 32/64-bit jscript.dll — will break the respective 32/64-bit Windows Media Player in Win 7.

        Clicking on any video/audio file will lead to the “Server execution failed” error, while clicking wmplayer.exe will result in no response.

        Since I use portable 3rd-party media players, I’m fine with leaving jscript.dll in its restricted crippled state.

        But what about Microsoft.JScript.dll (basically the the .NET implementation of JScript) ? Is it vulnerable to the latest zero-day remote code execution vulnerability ?

        Another precautionary measure I’d taken is to disable the IE browser via ‘Turn Windows Features on or off‘. After a reboot, it is no longer possible to launch IE in any way. in fact, the following items disappear from view:-

        • C:\Program Files\Internet Explorer\iexplore.exe
        • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        • IE’s shortcut links via the START menu search

        I use portable 3rd-party web browsers, & to prevent registry entries, I do NOT set any browser as default. As such, with the system’s “default” IE being disabled from launching, it is impossible for any malicious hyperlink to open any web browser w/o triggering a “Windows can’t open this file” prompt.

        That being said, to avoid a false sense of security …

        https://en.wikipedia.org/wiki/Removal_of_Internet_Explorer#Overview
        Starting with Windows 2000, it is possible to disable Internet Explorer. The user can no longer launch it, but its web browser engine remains operational for applications that use it.

        Here’s a non-exhaustive list of 3rd-party web browsers & non-browser applications that use IE for various purposes.

        PS: In Win 7, Windows Explorer (which uses IE’s binaries) works just fine with IE “turned off” (ie. merely prevented from launching). So perhaps it’s only a matter of time before malicious actors come up with payloads that target Win Explorer & IE-dependent applications.

        5 users thanked author for this post.
        • #1975699 Reply

          rc primak
          AskWoody_MVP

          That list is old, from the Windows 2000 era. And it only covers Trident, which is only one of many IE components used elsewhere in Windows and by third parties. The issue is much broader than this.

          -- rc primak

          • #1975859 Reply

            anonymous

            rc primak said:
            That list is old, from the Windows 2000 era.

            The aforementioned Wiki entry is meant to be a historical record, so some of the listed applications are old. Meanwhile, others like SlimBrowser (initial release: Dec 2012) & UltraBrowser (initial release: Sep 2009) did not exist during the Windows 2000 era.

            Moreover, many of the listed applications are still actively being developed to this day, such as Skype, Maxthon, Sleipnir, SlimBrowser, WebbIE, Steam client, & Winamp (community update build).

            Skype, Steam client & the unofficial Winamp probably have significant number of users. I’m also concerned about WebbIE (latest release: 22 Dec 2018), which caters to visually-impaired users.

            Some Internet Explorer-dependent applications not mentioned in the Wiki list include:-

            • Tablacus Explorer (latest release: 29 Sep 2019) — tabbed file manager
            • Forkle (04 Oct 2019) — web browser
            • MyIE9 (06 Oct 2019) — web browser
            • BriskBard (27 Aug 2019) — web browser/ email client/ feed reader/ IRC chat client/ multimedia player; installer build uses IE’s Trident & Chromium’s Blink for rendering

            Meanwhile, the perfectly functional Malwarebytes v1.75.x has a legitimate iexplore.exe (digitally signed by Malwarebytes) at: C:\Program Files (x86)\Malwarebytes’ Anti-Malware\Chameleon\iexplore.exe

      • #1975688 Reply

        woody
        Da Boss

        You’re not entirely off the hook by not using IE. Some applications use IE under the hood.

        You’re absolutely right. At some point, you’ll have to install whatever fix Microsoft finally delivers. But for now, all roads lead through IE. If you don’t use IE, and you have a different default browser, the methods for invoking this particular vulnerability become much, much more difficult — and much less likely.

        4 users thanked author for this post.
        • #1989979 Reply

          anonymous

          I use Firefox, but understand IE still does “stuff”. When I go to the “Internet Properties” box, the “General” tab, down at “Browsing History, click “settings”,  I get “Website Data Settings” box. On the “Temporary Internet Files” tab I try to select NEVER check for newer versions of stored pages, but the “apply” button on the “Internet Properties” box is greyed out! it will not save. I reopen  Internet Properties and the default “Automatic” is once again checked. Can’t make the changes stick, always goes back to default automatic. I  clear cache/history, etc every time I disconnect from the internet, but would like to know I’m not wasting resources collecting and storing new pages somewhere. Any thoughts? Not a techie, but follow directions well!

          OS version is Win10 1809  build 17763.805

          • #1990127 Reply

            Kirsty
            Da Boss

            the “apply” button on the “Internet Properties” box is greyed out! it will not save.

            I get the same thing. However, if I toggle the “Delete Browsing History on Exit” option box (on, then off immediately), the Apply works, and saves. Hopefully that works on your machine too 🙂

            • #1991170 Reply

              anonymous

              Thank you. The “apply” activated, but the “Never” did not save. No big deal, I guess… Not going to bother with it any more.  I love this site. Saved me years of win10 upgrade prompt nightmares on my win7 machine (still primary, with ZERO MS updates since about March 2018)!!! Prior to that manual install ‘security only’ updates. Thanks again to all of the commenters and contributors!

    • #1975446 Reply

      georgea
      AskWoody Plus

      For those who like Chrome but not the google snooping, Chromium is a good choice.  Chrome without the snoopy parts.  Stable builds available here:

      https://chromium.woolyss.com/

       

    • #1975459 Reply

      abbodi86
      AskWoody_MVP

      I use 4 browsers interchangeably, IE11 (still the default), Opera 12.18 (Presto), Slimjet (Chromium) and Firfox portable

      Opera had been my primary browser for ever, but eventually i had to switch to more modern one, Slimjet

      1 user thanked author for this post.
      • #1975673 Reply

        anonymous

        abbodi86 wrote:
        Opera had been my primary browser for ever, but eventually i had to switch to more modern one

        If you’re a long-time Opera user looking for something more modern, have you considered Jon von Tetzchner’s current browser, Vivaldi?

        https://vivaldi.com/

        And thank you, abbodi86, for all of your helpful and informative posts on this site… we’re all smarter – or at least better informed 🙂 – because of you!

        2 users thanked author for this post.
        • #1975871 Reply

          abbodi86
          AskWoody_MVP

          I know it, and tried it about 2 years ago, still didn’t level up to Opera Presto 🙂

          maybe i could give it another shot, thanks

    • #1975561 Reply

      GoneToPlaid
      AskWoody Plus

      Were them brown bears or black bears who said this? Either way, I agree that no matter what, everyone should make any other browser aside from IE their default browser.

    • #1975579 Reply

      anonymous

      The problem with making a browser you actually use the default browser is that a rogue application can call it and get internet access. IMHO, you should set as default a browser that is fully blocked at your firewall. Moreover, configure the browser to connect via a proxy to an invalid IP.

      • #1975614 Reply

        anonymous

        Yeah, that’s exactly what I use edge for. Firewalled as a default browser and epub reader. Of course you don’t even need to dedicate a real browser to this, you may as well make a batch file or something that just echoes its argument back and lets you copy the url if you want it. Far too many programs use this to try and call back home when you install or uninstall them.

    • #1975634 Reply

      John
      AskWoody Lounger

      Yep I remember when IE was basically it for web browsing. Yes almost every browser now uses Chromium engine but so many different featured browsers today all free and work really well. When Microsoft even tells you not to use IE I think that’s about the time to dump IE.

      • #1975668 Reply

        Ascaris
        AskWoody_MVP

        I never used IE, even then, except for Windows updates and brief testing.

        I used Netscape 2.0 or so with Windows 3.1, then when I got Windows 95 OSR2, I tried the included IE 3.0, but I didn’t like it as much as Netscape.  I kept with Netscape until Microsoft had them destroyed, at which time I moved to Netscape’s offspring, Mozilla.  Because of Microsoft’s behavior, I never seriously considered using IE 6 for anything other than updating Windows XP.  I did try IE7 briefly, but it was seriously wanting compared to Firefox, and that was the last IE version I tried.

        I never tried Chrome or any variants thereof until this year, 2019.  I was so disgusted by Mozilla’s continued efforts to copy Chrome that I decided to see what was so good that Firefox had to stop being Firefox to copy.  I tried Chromium, but it was so lacking in its UI that I soon cut the test short.  I’m keeping an eye on Vivaldi, a Chromium based browser that is working on smoothing out the UI issues… they just got the classic menubar working properly in the most recent release, and at this rate, they may one day surpass Firefox proper (though probably never Waterfox).

        Group "L" (KDE Neon User Edition 5.17.3).

        1 user thanked author for this post.
        Geo
    • #1975651 Reply

      anonymous

      ? says:

      so, does anyone remember this?

      https://en.wikipedia.org/wiki/United_States_v._Microsoft_Corp.

      just wondering…

    • #1975661 Reply

      anonymous

      Well, not using ‘Internet Explorer’ on Windows is next to impossible. This is because most of the infrastructure the Internet Explorer Web browser is built on is part of the operating system; and most of the security flaws affect the infrastructure, not the Internet Explorer Web browser itself. In short terms, any software using the ‘Internet Explorer’ infrastructure under the hood is affected. So be sure the Web browser of your choice does not rely on the infrastructure the Internet Explorer Web browser is built on.

      2 users thanked author for this post.
    • #1975679 Reply

      joep517
      AskWoody MVP

      If you want to use a Chromium-based browser check out the beta version of the new Edge at https://www.microsoftedgeinsider.com/en-us/. I run the Dev channel and it is very solid. The beta channel should be even more solid. It is updated every six weeks. The new Edge is available for all supported versions of Windows and macOS. Microsoft removed all the Google “stuff” and yes they substituted their own for most.

      You can add extensions from either the Microsoft Store, the Chrome web store, or both. Some of the Chrome extensions may not work.

      --Joe

      • #1975701 Reply

        rc primak
        AskWoody_MVP

        It’s still a Microsoft product. No thanks.

        -- rc primak

      • #1975719 Reply

        anonymous

        joep517 wrote:
        If you want to use a Chromium-based browser check out the beta version of the new Edge

        Interesting suggestion, seems like “new Edge” may have broader appeal than “original Edge”, but I do find myself wondering…
        does Microsoft’s new Edge browser suffer on any level from the frequently-referenced (e.g., see many posts above, including woody’s post #1975688) problem still plaguing Internet Explorer (i.e., the over-integration of the web browser application with the underlying Windows OS)?

        • #1976400 Reply

          b
          AskWoody Plus

          No. (Neither did the old Edge.)

          Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

      • #1975790 Reply

        DrBonzo
        AskWoody Plus

        Do you know when the new Edge will be released to the general public (a non-beta version that’s ready to be used for real)?

    • #1975696 Reply

      anonymous

      So  Oct 8th is when the new IE cumulative update will be available and I hope that some testers will be scrutinizing that with some more intense vetting so that can be safely installed sooner rather than later. And maybe Oct’s IE CU needs it’s own DEFCON so that vetting can be established sooner rather than later because of all that is zero day.

      MS should have long ago made disabling IE a one setting option, including any default application calling for the default browser functionality just for cases like the current issues with IE security. Having any Internet Browser so integrated into the OS, at any elevated privilege level, was a serious security mistake from day one.

      Windows Explorer should have its own code and not be sharing any code with any Internet Browser functionality and the OS needs less direct shared Internet Functionality inside with all that is internet based properly sandboxed outside of any OS/Elevated privilege level.

      • #1975702 Reply

        rc primak
        AskWoody_MVP

        Meanwhile, most of us have to use what exists, not what might have been.  So we here generally follow Woody’s advice and the advice of the other Windows experts and fellow users we find here.

        -- rc primak

        2 users thanked author for this post.
        • #1975975 Reply

          anonymous

          Firefox and I’ll wait for Oct 2019’s DEFCON3 before installing any patches. And I have completely skipped any months where any Windows 7 Security Only Patches had telemetry.

          So now on to Oct’s regular patches and their vetting. September is really been bad anyways so I’m glad I skipped everything that month in addition to the telemetry in the W7 SO update. There’s not may more months to worry about patching Windows 7 that’s just finding some replacement options(8.1, Linux, or BSD based). IE gets cumulative updates anyways so what is skipped one month will be included in the next.

          • #1976083 Reply

            anonymous

            And I have completely skipped any months where any Windows 7 Security Only Patches had telemetry.

            Telemetry was additional payload riding along with these patches, not the only reason for the update. By skipping the update you are not patched. Please read through AKB2000012. And consider accepting the patches with telemetry, then neutralizing the effects after. You may have reasons for your choice, this is only a suggestion to another option.

    • #1975888 Reply

      phaolo
      AskWoody Lounger

      I use Firefox since forever, but I checked the Defaults Programs page just for curiosity.
      It seems I still have IE associated with 3 files (.url, .website, .partial), but I can’t remove them, they’re greyed out..

      • This reply was modified 1 month, 2 weeks ago by  phaolo.
      • #1975893 Reply

        abbodi86
        AskWoody_MVP

        Because only IE can handle those three
        but they should not be greyed anyway

    • #1976089 Reply

      Noel Carboni
      AskWoody_MVP

      WHATEVER browser you choose to use, I recommend you consider protecting yourself against your computer visiting websites it should not be visiting.

      My recommendation: Install UBlock (and for the geeky) UMatrix. Even if you choose to get no other add-ons. The former blacklists a big batch of web sites using information about their bad behavior gathered from all over, and the latter doesn’t allow the execution of scripts from sites other than the one you’re actually visiting unless you allow it (and believe me, the stuff your browser loads comes from ALL over).

      Imagine browsing and only seeing the content you want. No ads, no drive by malware. Just what you want to view.

      Yes, it really works.

      -Noel

      3 users thanked author for this post.
    • #1976107 Reply

      tf231909
      AskWoody Plus

      In addition to all the IE stuff under the hood in other parts of Windows, please be aware that sometimes we in the trenches are required to use and support IE at work.  [One large company, with over 25,000 employees per Forbes.com] REQUIRES IE for their web-based document management, accounting and workflow SAAS.  (I’m a customer, not an employee.)

      1 user thanked author for this post.
    • #1976232 Reply

      PKCano
      Da Boss

      I manage the Office computer for my HomeOwner’s Associaton. The check reader for deposits to the bank, and the tie in to QuickBooks, requires the use of IE11. I have them on Win10, v1809. It is up to date with the original Patch Tues CU KB4512578 Build 17763.737. It will be interesting to see if it stops working once I install the Oct. updates. Not going to rush that one!

      1 user thanked author for this post.
    • #1976326 Reply

      johnf
      AskWoody Lounger

      Alternative browsers to consider (if you don’t trust ones built from Chrominum, such as Chrome, Edge, etc) are Pale Moon/ WaterFox (I’m not a big fan of the direction Firefox is going). Brave is another good one, though that is built on the Chrominum engine. If you can, follow Noel’s advice about UBlock (or NoScript).

      For those of you who need to run IE, using Sandboxie is a good way to isolate IE in a safe, sandbox environment. Sophos recently made it a free tool, and will make it open source later, so no reason not to try it out!

      • This reply was modified 1 month, 2 weeks ago by  johnf.
      1 user thanked author for this post.
    • #1976353 Reply

      rowrbazzle
      AskWoody Plus

      What anonymous #1975669 posted is worth repeating:

      To disable the IE browser (in Win 7):

      1. Go to Control Panel > Programs and Features > Turn Windows features on or off.

      2. Deselect Internet Explorer 11.

      3. Reboot.

      I still apply the monthly IE11 security updates, and have noticed no problems since disabling the browser >2 years ago.

      As always, YMMV.

    • #1976437 Reply

      anonymous

      KB4524148 also breaks printing in an RDP session. Event log points back to jscript.dll

       

      Uninstall the windows update and it will fix the issue.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Bears repeating: Don’t use Internet Explorer, and make some other browser your default

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.