After years of decline and a final end for the past 13 months, Microsoft on Wednesday confirmed the withdrawal of Internet Explorer, the company’s long-lived and increasingly well-known web browser. Launched in 1995, IE was pre-installed on Windows computers for almost two decades, and like Windows XP, Internet Explorer became a mainstay, to the point that when it came time for users to upgrade and keep up, they often didn’t. they did. And while last week’s milestone will push even more users out of the historic browser, security researchers point out that IE and its many security vulnerabilities are far from gone.
In the coming months, Microsoft will be disabling the IE application on Windows 10 devices, guiding users to its next-generation Edge browser, first launched in 2015. The IE icon will still remain on users’ desktops, and Edge incorporates a service. called “IE mode” to preserve access to old websites created for Internet Explorer. Microsoft says it will support IE mode at least until 2029. In addition, IE will still work on all supported versions of Windows 8.1, Windows 7 with extended security updates from Microsoft and Windows Server for the time being, although the company says it will eventually be phased out. in these, too.
Seven years after Edge’s debut, industry analysis indicates that Internet Explorer may still have more than half a percent of the total global browser market share. And in the United States, that share may be closer to 2 percent.
“I think we’ve made progress and we probably won’t see so many exploits against IE in the future, but we’ll still have remnants of Internet Explorer for a long time that scammers can take advantage of,” says Ronnie Tokazowski. , a long-time independent researcher on malware and a leading threat advisor for cybersecurity firm Cofense. “Internet Explorer as a browser will disappear, but there are still pieces that exist.”
For something that exists since IE, backward compatibility is hard to balance with the desire for a clear whiteboard. “We haven’t forgotten that some parts of the web still depend on the specific behaviors and features of Internet Explorer,” Sean Lyndersay, CEO of Microsoft Edge Enterprise, wrote in an IE retrospective on Wednesday, pointing to IE mode.
But he added that there was a real need to start over with Edge instead of trying to save IE. “The web has evolved and so have browsers,” he wrote last week. “Incremental improvements to Internet Explorer couldn’t match the overall improvements to the web in general, so we started again.”
Microsoft says it will still support IE’s underlying browser engine, known as “MSHTML,” and that it has its eye on versions of Windows that are still “used in critical environments.” But Maddie Stone, a researcher on Google’s Project Zero vulnerability research team, notes that hackers are still exploiting IE vulnerabilities in real-world attacks.
“Since we started tracking the 0 natural days, Internet Explorer has had a fairly steady number of 0 days each year. 2021 tied in 2016 with the wildest 0 days of Internet Explorer we’ve ever done, all and that Internet Explorer market share of browser users continues to decline, “he wrote in April, referring to previously unknown vulnerabilities. zero days. “Internet Explorer is still a mature attack surface for initial access to Windows machines, even if the user does not use Internet Explorer as an Internet browser.”
In his analysis, Stone noted in particular that while the number of new IE vulnerabilities that Project Zero has detected has remained fairly constant, attackers have changed over the years to increasingly target MSHTML browser engine through malicious files such as contaminated Office documents. This could mean that the castration of the IE application will not immediately change the attack trends that are already in motion.
Given how difficult it has been to control Internet Explorer, Microsoft and IE users around the world have certainly come a long way. But for a browser that is supposed to be dead, IE still loads a lot with live ones.