What Ordinary Users Think About IE: Debunked

Point all of your chain-mail-forwarding family and friends at this post. It’s a collection of things people have said to me, or that I’ve overheard, that reveal little tidbits about what people are thinking when they use IE.

I have to use IE – it’s my internet!

IE is not your internet. IE is what’s known as a web browser. There are lots of different web browsers. IE just happens to be the one that comes with Windows. It doesn’t make it a good browser or anything. It’s just there in the event that you have no other browser. If the only browser on your system is IE, the first thing you should do is use it to download Firefox by clicking here.

If IE is so horrible, how come everyone uses it?

They don’t, actually. There was a time not too long ago where over 90% of internet users used IE. However, with the constant flood of security issues (IE usage really should be considered dangerous at this point), IE’s horrible support of web standards (which makes it hard for web developers to create cool sites for you to use), and its inability to keep up with really cool features in modern browsers, its share of the internet usage market has been declining steadily over the last couple of years. In fact, this source puts IE usage at around 45% currently, so not even a majority of people use IE anymore, if statistics are to be believed. Accurate statistics for browser use are difficult to nail down, and are probably more useful to discern a trend, not hard numbers. Still, the usage trend for IE is moving downward, steadily, and not particularly slowly. If you’re still using IE, you’re almost a dinosaur. Just about the entire tech-savvy world has migrated over to Firefox, with small contingents choosing Safari (Mac only) and Chrome (Windows only). Very small camps also use Opera and Konqueror.

This is also not to be trusted, but it’s my opinion based on observation of the IT field over the past 10 years: of the 40% of people still using IE, probably half of them are forced to use it in their offices because they don’t have the proper permissions on their office computers to install anything else. The other half probably just don’t realize they have any choice in the matter. You do. There are other browsers. I’ve named a few in this post. Go get one, or three, of them.

Will all of the sites I use still work?

It has always been exceedingly rare that a web site actually *requires* IE in order to work properly. Your online banking, email, video, pictures, shopping, etc., will all still work. The only time you might need IE around is to use the Microsoft Update website. In all likelihood, you’ll be much happier with your internet experience using something like Firefox than you ever were with IE. Think about it this way: I’m a complete geek. I use the internet for things ordinary users didn’t even know you could do. I bank, shop, communicate, manage projects, calendars and email, registered and run my business completely online. It’s difficult to think of a task that can be done on the internet that I don’t use the internet for, and I haven’t used IE in probably 8 years, and have not had any issues. If you find a web site that absolutely, positively CANNOT be used UNLESS you’re viewing it with IE, please post it in the comments, and I’ll create a “hall of shame” page to list them all, along with alternative sites you can access WITHOUT IE, which probably provide a better service anyway :)

I’m not technical enough to install another browser.

Who told you that?! That’s silly. You installed Elf Bowling didn’t you? C’mon, I know you did. Or what about that crazy toolbar that’s now fuddling up your IE window? Or those icons blinking down near the clock that you forgot the purpose of. At some point, you have installed something on your computer, and it was, in all likelihood, harder to do than installing Firefox would be. It’s simple. You go here, click on the huge Firefox logo, and it presents you with super-duper easy instructions (with pictures!) and a download. It takes less than 3 minutes to install, and you DO NOT have to know what you’re doing in any way or be geeky in any way to install it. If you can tell whether you’re computer is turned on or not, you’re overqualified to be a professional Firefox installer.

I Like IE. I have no problems with IE.

Whether you realize it or not, you have problems with IE, believe me. I had a cousin who said he had no problems with IE too. Then he came to my house one day, knocked on my door, and when I opened it, he handed me a hard drive from his computer. He said that all of his pictures of his first-born child were on there, and his computer had contracted a virus, and he couldn’t even boot from the hard drive. So it was up to me to recover the only pics he had of his only son being born. True story. Turns out, I tracked down the virus on the hard drive, and it was contracted by IE. Also, it wasn’t the only virus he had. If you think you’re safe because you have antivirus software, you’re sadly mistaken. He had it installed too, but it hadn’t been updated in 6 months, so any viruses released since the last update weren’t recognized by the antivirus software, and were allowed to roam freely onto his hard drive.

There has never, in the history of browsers, been a worse track record with regards to security than IE. Never. I promise – but you’re free to Google around for yourself. Half of the reason antivirus software even exists is purely to protect IE users (though email viruses are a problem independent of what browser you use, admittedly).

The other reason you might say you like IE is because you’ve never used anything else. As an alternative, I strongly suggest giving Firefox a shot.

Why do you care what browser I use?

I’m a technology guy. I’m one of those people that would work with technology even if he wasn’t being paid. Some people care about cooking, or quilting, or stained glass, or candlemaking, or knitting, or sewing, or horticulture, or wine. Heck, my mom cares about every single one of those things! Me, I care about technology, and I care about the internet. I want the internet to be a better place. Browsers play a non-trivial role in making the internet a better place. Also, one reason I care about technology is that it helps people do things they might otherwise be unable to do. Browsers enable users to do great things, and it allows us developers to make great things available to you. But when countless hours are spent trying to make things work with IE, it just slows everything down, and you don’t get cool stuff on the internet nearly as fast as you could.

So, it’s less about me caring what browser you use. In fact, I don’t really care if you use Firefox or not, it just happens to be the best browser out there currently. If you want to try something completely different, I encourage that too. It’s more about me caring about technology, the internet, and your browsing experience.

  • http://rpbouman.blogspot.com/ Roland Bouman

    One of the hardest fights is with intranet applications. Thinks like sharepoint sites use NTLM authentication by default.

    Although other browsers may be able to technically handle the protocol, it looks nasty from the user’s perspective. For example, in Firefox, you will get smacked by a login box. Users that have used IE for that site before are used to being logged on automatically, because IE handles this authentication transparently. They simply don’t know what to type into the login box. If they do know, their reaction is quite understandably that IE is the better browser for that site because it saves them typing in credentials.

  • m0j0

    Yes, of course, but this falls into the group I mentioned above who are forced to use it at the office. I didn’t address intranet issues because the post is really aimed at less technical people who aren’t even sure of the difference between ‘internet’ and ‘intranet’. Still, you’re right, and I’ve often wondered if this problem is due to unexposed MS APIs, or just a lack of progress in the browser dev camps. I’m not sure which it is. Anyone?

  • http://rpbouman.blogspot.com/ Roland Bouman

    Well, NTLM is a proprietary protocal, but it is not secret. You can get an apache module for it (2 even) and here’s a tip on configuring firefox to work better with NTLM:

    http://www.testingreflections.com/node/view/1365

    But still, the perception remains that IE “just gets it right”, whereas the other browser needs handholding.

  • Ian

    FWIW, Safari isn’t Mac only 😉

  • m0j0

    I’ll be darned. You’re right. You learn something new every day! See, you have to actually be using windows to see that there’s a windows download option there, and I’ve never done that until just now, because I don’t use window unless I have a very large, high-caliber weapon loaded and digging into the skin on my forehead. Even then, I consider it carefully. ;-P

  • Uzi

    Ordinary users don’t think about browsers.
    They just browse the web with whatever works for them.

  • http://www.thedeveloperday.com Žilvinas

    It’s very odd to see such an article on planet-php.org because it’s like saying to a airplane pilots group that some planes have wings to fly. I think you are right about what you are saying it’s just the wrong group of people. You should post this on facebook or twitter where people could actually learn something from this.

  • http://verens.com/ Kae Verens

    you say that IE usage is about 45% (reduced later to 40%). That’s only if you consider technical websites such as w3schools (46%). For more mainstream websites, though, the usage is more like 71%.

    “Your online banking, email, video, pictures, shopping, etc., will all still work.” – some banks have web applications which require ActiveX to work, as evil as that is.

    Apart from that, good article. The next one should be on why Outlook should be replaced with Thunderbird, then Office with OpenOffice and finally Windows with Linux :-)

  • http://chrisarndt.de/ Christopher Arndt

    Someone should do a similar post about Windows vs. Linux/OS X. Replace “IE” with “Windows” and “other browser” with “other OS”. :)

  • http://www.danux.co.uk Daniel Davies

    Post forwarded on to my own mother – thanks! I introduced my dad to firefox last time he got a virus and he loves it, and unsurprisngly he’s not been infected since.

    On a side note – when people ask about whether their favourite sites will still work in Firefox I usually tell them that as a web developer I build all sites usingFirefox, then have to go back and get them to work in IE. This has been the situation in every agency I have worked with – you’ll have a far superior experience using the same browser as the developers.

  • m0j0

    So, it’s occurring to me after reading comments on this site and a couple of others that people aren’t reading the first paragraph of the article, and are therefore not understanding its purpose and target audience. The purpose of this post isn’t to convert people who are already tech-savvy. I put this post up so that people who are tech-savvy can forward the link to people who are *not* tech savvy. So for those folks here, and on reddit, and planet-php, and elsewhere who’ve said things like “why is this here” and “preaching to the choir”, stop scrolling so fast, and take the time to read the very first sentence of the post.

    For the record, I’ve already converted several non-tech folks using these explanations/responses as a base to work from. Of course there are exceptions to every rule, but for the most part, most people I speak to who are non-technical and are using IE are doing so simply because nobody ever told them they have a choice, and it never occurred to them to look for themselves.

  • pfffff

    In 8 years IE changed a lot!
    It is now, in its version 8 Beta able to pass the ACID2 test… as well as FireFox. I’m using both and like them both. No problem with windows or linux either. Just have problems with sectarianism…

  • m0j0

    With all due respect, you might consider looking up the word “sectarianism”, and then explaining to me how this is sectarian. My opinions about IE are technical in nature – it’s not about me just being an IE-hater because it’s fun or something, or I love to hate Microsoft, or whatever. There are very real reasons not to use IE. I touch on them lightly here because the main point is that there’s a choice, not a bunch of IT-speak that non-tech users won’t understand anyway. I’m very happy IE has improved – it’ll make my life easier in about 5 years when it finally dominates among the various versions of IE — but there’s just no justification I can see to recommend its use. It is a bane to the entire web standards process, and its user community, and I really just want that community to know there’s a choice in the matter. It was only in the past year that I started asking family and friends “why do you use IE?” and collecting the responses. I was really shocked to learn that most of them had no idea there was any other browser they could use.

  • http://zone.com Linda Kuczwanski

    zone.com is where I play games online. It works better than any other site I found. It won’t use anything but IE.

  • http://rpbouman.blogspot.com/ Roland Bouman

    @pffff “In 8 years IE changed a lot!”

    What is that? Are you saying that the largest software company in the world that has ruled the OS and browser market place for the better part of the past decade actually advanced to the point that they can create a browser that passes a test already passed by half a dozen browsers created by companies that combined represent about 0.1% of its size? Wow, that’s great!! You’re so right – Leave IE alone, you bullies, or I’ll cry a river about it and post it on youtube, that’ll teach ya…

  • Sebastien Lambla

    Interesting article, but in both “the worst track record in security” and the market share bits, how about substantiating your findings with reliable sources?

    Most sources that attract your “target” audience place IE at 70% usage.

    As for security, what do you count as the worst track record? 0days? Worms? Or security issues having been patched? What numbers do you rely on?

    My mother is a smart woman and likes to verify her sources before making a choice.

  • m0j0

    Seriously? Anyone who cares to verify my claims about IEs security track record relative to other popular browsers is free to do so using whichever sources they deem “reliable”. A simple Google search is all it takes to get started. As for sources of that information that attract my target audience, there clearly aren’t any, or there wouldn’t be so many IE users. I will concede, though, that there’s more than one source that lists IE usage at around 70%. My main point that the usage trend for IE is non-trivially downward, though, still stands.

    I have no idea what you might consider reliable. I think Bruce Schneier is a pretty authoritative source of security commentary: http://www.schneier.com/blog/archives/2005/12/internet_explor.html

    You might also point your mom at a calendar/spreadsheet listing the individual vulnerabilities: http://www.washingtonpost.com/wp-srv/technology/interactives/browsers/
    From that data, Brian Krebs, security columnist for the Washington Post came to this conclusion, which I agree with (not that that matters):

    For at least 38 days in 2005, IE was vulnerable to unpatched critical security flaws that were being exploited actively by viruses, worms and spyware. For at least 256 days last year, Internet Explorer contained unpatched vulnerabilities where the exploit method had been publicly disclosed but was not necessarily being used.

    For Firefox, there were about 35 days in 2005 where exploit code for a known vulnerability was available for an unpatched flaw, and zero days when a worm or virus was known to be taking advantage of an unpatched flaw.

    The numbers were even worse in 2004 .

    Also see the secunia.com site, where you can look up vulnerability statistics for any products you want.

    In short, anyone who understands that they *have* a choice and wishes to base that choice on security has probably already done so, and may not have chosen Firefox, but has certainly not chosen IE.

  • Sebastien Lambla

    Not being funny, but a reliable source would have to be up-to-date, and your link dates back from 2005.

    Secunia is fair enough, let’s detail. Firefox 2 has been released at the same time as IE7, so I’ll add up secunia’s vulnerabilities for ff2+3 and compare to IE7. I have double-checked all the FF3 vulnerabilities and removed the one that was common to FF2 and FF3, so I think you’ll find the numbers accurate.

    IE: 33 advisories, 70 vulnerabilities
    Firefox: 36 advisories, 195 vulnerabilities

    IE Extremely: 9%
    Firefox Extremely: 0%

    IE Highly: 36%
    Firefox Highly: 56% (20)

    IE Moderatly: 9%
    Firefox Moderatly: 5% (2)

    IE Less: 36%
    Firefox Less: 22% (8)

    IE Not: 9%
    Firefox Not: 17% (6)

    So according to secunia, Highly and Extremely critical together put IE at 45% of advisories, and FF at 56. Taking anything above moderate advisories puts it at 54% and FF at 61%.

    The number of advisories and vulnerabilities is also higher in the firefox family of products.

    Let’s make it clear that I do not care much for the browser wars in general, whatever works for you. But making assertions on software security needs to be done with accurate information.

    The difference in numbers and seriousness of vulnerabilities between firefox and IE is not significant. What is significant is the number of attackers that choose to attack IE, and with that I will fully agree.

    If you want to recommend people to switch, it would be less of an insult to their intelligence to recommend a less mainstream browser because there are less attacks, not because there are less flaws. And certainly not for an alleged abyssimal security record.

  • m0j0

    Right. Now go back and figure out the number of days that users of IE vs. Firefox were actually left vulnerable due to vulnerabilities being unpatched. This all comes back to users being vulnerable. It’s not about flawed code. It’s all flawed. It’s about how many vulnerabilities are unpatched, multiplied by the number of days they are unpatched. I’m not sure if secunia has that information, and I can’t take any more time today to find links for you, but if you really want to research it, don’t think about the problem so much as an engineering problem but a customer service one. The question isn’t how many vulnerabilities are reported, but how many are reported multiplied by the number of days they are left unpatched, thereby leaving a user at risk.

    Also, for the links I posted, the dating is mostly irrelevant. The fact is that there has never been a time when Firefox has spent a full year leaving users at risk 98% of the time. IE has. You’ll remember that the initial discussion was “track record”, which necessarily includes historical data.

  • Jacob Santos

    This article is hard to consume, mostly I wouldn’t forward it to anyone, unless I was using it of an example of bias. You make no distinction of which IE version you are speaking of. If you would have said IE 6, then I would follow it immediately to everyone I know.

    You are right in that the majority of businesses do require IE 6 because of commercial products that require it. The good news is that once businesses have switched to Vista, IE 7, which is marginally better with standards and less annoying bugs (but other more obscure standards bugs). IE 8 is extremely better, with both security (of course there was a patch for Beta 2 a few days ago.

    The issue is that for end users, they don’t really care. We care, but until they upgrade to new PCs, they are going to use what they have.

  • http://weblog.juima.org/ Sander

    @Sebastian: you’re absolutely right that making assertions on software security needs to be done with accurate information. That accurate information would, for example, have to include Mozilla’s policy of creating an advisory for _every_ security issue found, including the large number which are discovered by Mozilla developers themselves.
    Microsoft will frequently fail to creates advisories for those security issues which aren’t reported to it from the outside. The number of reported security issues in an open product like Firefox will thus frequently be higher than those in a closed product like MSIE, and this is a _strength_ of the open product, not a weakness. For more on this, see for example this recent blog post by the Mozilla security team: http://blog.mozilla.com/security/2008/12/15/the-importance-of-good-metrics/

    More importantly than that still is the issue m0j0 already mentioned: what’s the average time between a security issue becoming publicly known (thus likely to be exploited), and when a release happens which fixes that security issue?
    I don’t have any terribly recent data for this, but here’s a report from early 2007 (so at least a year better than the one m0j0 posted above) which looks at the situation in 2006: http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html
    To summarize: During the entire year of 2006, IE had 284 days during which it was unpatched for a publicly known critical vulnerability, and 98 days during which it was known that those vulnerabilities were used in the wild for stealing personal or financial data. In contrast, Firefox had a grand total of 9 days in which it was unpatched for a publicly known critical vulnerability.

  • Pingback: Firefox not IE, Please! « Katamat at Home