Internet Explorer 6 Wiki resources & Internet Explorer 6 information at HealthHaven.com

Internet Explorer 6:

Internet Explorer 6

Internet Explorer 6 in Windows XP SP2
Developed by	Microsoft
Initial release	August 27, 2001
Latest release	6.0 SV1 ('6 SP2')^[1] / August 6, 2004
OS	Microsoft Windows (98 to WS2003)
Development status	Supported Superseded by 7.0
License	MS-EULA
Website	Internet Explorer 6 Site 1 · 2 · 3 · 4 · 5 · 6 · 7 · 8

Microsoft Internet Explorer 6 (commonly abbreviated to IE6), is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows XP and Windows Server 2003 lines of operating systems. It was the most widely used web browser during its tenure (surpassing Internet Explorer 5.x), attaining a peak in usage share during 2002 and 2003 in the high 80s, and together with other versions up to 95% in 2003. It only slowly declined up to 2007, when it lost about half its market share to Windows Internet Explorer 7 and Mozilla Firefox between late 2006 to 2008.

Microsoft Internet Explorer 6.0 was released on August 27, 2001, shortly after Windows XP was finished. It includes DHTML enhancements, content restricted inline frames, and partial support of CSS level 1, DOM level 1 and SMIL 2.0.^[2] The MSXML engine was also updated to version 3.0. Other new features included a new version of the Internet Explorer Administration Kit (IEAK), Media bar, Windows Messenger integration, fault collection, automatic image resizing, P3P, and a new look-and-feel that was in line with the "Luna" visual style of Windows XP, when used in Windows XP. XBM image files weren't longer supported. In 2002, the Gopher protocol was disabled and support for it was dropped in Internet Explorer 7.^[3]

In a May 7, 2003 Microsoft online chat, Brian Countryman, Internet Explorer Program Manager, declared that Internet Explorer would cease to be distributed separately from Windows (IE 6 would be the last standalone version);^[4] it would, however, be continued as a part of the evolution of Windows, with updates coming only bundled in Windows upgrades. Thus, Internet Explorer and Windows itself would be kept more in sync. However, after one release in this fashion (IE6 SP2 in Windows XP SP2, in August 2004), Microsoft changed its plan and released Internet Explorer 7 for Windows XP SP2 and Windows Server 2003 SP1 in late 2006. Microsoft Internet Explorer 6 was the last version of Internet Explorer to have Microsoft in the title and later versions are named Windows Internet Explorer.

1 Security issues
2 Market Share
3 Criticism
4 Security framework
5 Quirks trigger
6 Supported platforms
7 Release history
- 7.1 Iterations
8 References and notes
9 See also
10 External links

[edit] Security issues

A screenshot of a malicious website attempting to install spyware via an ActiveX Control in IE6

As of May 28, 2006, Secunia reports 104 vulnerabilities in Internet Explorer, 18 of which are unpatched, some of which are rated moderately critical in severity^[5]. In contrast, Mozilla Firefox, the main competitor to Internet Explorer, is reported to have only 34 security vulnerabilities, of which 3 remain unpatched and rated less critical^[6]. Opera, another competitor to Internet Explorer, has 15 vulnerabilities and none of them remain unpatched^[7].

Although security patches continue to be released for a range of platforms, most recent feature additions and security improvements were released for Windows XP only.

As of June 23, 2006, security advisory site Secunia counted 20 unpatched security flaws for Internet Explorer 6, many more and older than for any other browser, even in each individual criticality-level, although some of these flaws only affect Internet Explorer when running on certain versions of Windows or when running in conjunction with certain other applications.^[8]

On June 23, 2004, an attacker used two previously undiscovered security holes in Internet Explorer to insert spam-sending software on an unknown number of end-user computers.^[9] This malware became known as Download.ject and it caused users to infect their computers with a back door and key logger merely by viewing a web page. Infected sites included several financial sites.

Probably the biggest generic security failing of Internet Explorer (and other web browers too) is the fact that it runs with the same level of access as the logged in user, rather than adopting the principle of least user access. Consequently any malware executing in the Internet Explorer process via a security vulnerability (e.g. Download.ject in the example above) has the same level of access as the user, something that has particular relevance when that user is an Administrator. Tools such as DropMyRights are able to address this issue by restricting the security token of the Internet Explorer process to that of a limited user. However this added level of security is not installed or available by default, and does not offer a simple way to elevate privileges ad-hoc when required (for example to access Microsoft Update).

Art Manion, a representative of the United States Computer Emergency Readiness Team (US-CERT) noted in a vulnerability report that the design of Internet Explorer 6 Service Pack 1 made it difficult to secure. He stated that:

There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. … IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.^[10]

Manion later clarified that most of these concerns were addressed in 2004 with the release of Windows XP Service Pack 2, and other browsers have now begun to suffer the same vulnerabilities he identified in the above CERT report.^[11]

Many security analysts attribute Internet Explorer's frequency of exploitation in part to its ubiquity, since its market dominance makes it the most obvious target. However, some critics argue that this is not the full story, noting that Apache HTTP Server, for example, had a much larger market share than Microsoft IIS, yet Apache had traditionally had fewer (and generally less serious) security vulnerabilities than IIS, at the time.^[12]

As a result of its many problems, some security experts, including Bruce Schneier, recommend that users stop using Internet Explorer for normal browsing, and switch to a different browser instead.^[13] Several notable technology columnists have suggested the same, including the Wall Street Journal's Walt Mossberg,^[14] and eWeek's Steven Vaughan-Nichols.^[15] On July 6, 2004, US-CERT released an exploit report in which the last of seven workarounds was to use a different browser, especially when visiting untrusted sites.^[16]

[edit] Market Share

IE market
Internet Explorer 4	0.01%
Internet Explorer 5	0.06%
Internet Explorer 5.5	0.06%
Internet Explorer 6	24.67%
Internet Explorer 7	46.35%
Internet Explorer 8 (in Beta)	0.37%
All versions^[17]	71.52%
This box: view • talk • edit

It was the most widely used web browser during its tenure (surpassing Internet Explorer 5.x), attaining a peak in usage share during 2002 and 2003 in the high 80s, and together with other versions up 95%. It only slowly declined up to 2007, when it lost about half its market share to Windows Internet Explorer 7 and Mozilla Firefox between late 2006 to 2008.

IE6 remained more popular than its successor in business use for more than a year after IE7 came out. ^[18] A DailyTech article noted, "A Survey found 55.2% of companies still use IE 6 as of December 2007", while "IE 7 only has a 23.4 percent adoption rate".^[18]

IE6 market share was almost 25% for September, 2008^[19]

Based on statistics attributing 72.15% of browser market share to IE, this would give IE6 34.88% of the Internet Explorer market.

[edit] Criticism

A common criticism of Internet Explorer is of the speed at which fixes are released after discovery of the security problems, and in some circumstances, the problems not always being completely fixed.^{[citation needed]}

Microsoft attributes the perceived delays to rigorous testing. The testing matrix for Internet Explorer demonstrates the complexity and thoroughness of corporate testing procedures^{[citation needed]}. A posting to the Internet Explorer team blog on August 17, 2004 explained that there are, at minimum, 234 distinct releases of Internet Explorer that Microsoft supports (covering more than two dozen languages, and several different revisions of the operating system and browser level for each language), and that every combination is tested before a patch is released.^[20]

In May 2006, PC World rated Internet Explorer 6 the eighth worst tech product of all time. ^[21]

[edit] Security framework

Internet Explorer uses a zone-based security framework, which means that sites are grouped based upon certain conditions. IE allows the restriction of broad areas of functionality, and also allows specific functions to be restricted. The administration of Internet Explorer is accomplished through the Internet Properties control panel. This utility also administers the Internet Explorer framework as it is implemented by other applications.

Patches and updates to the browser are released periodically and made available through Windows Update web site. Windows XP Service Pack 2 adds several important security features to Internet Explorer, including a popup blocker and additional security for ActiveX controls. ActiveX support remains in Internet Explorer although access to the "Local Machine Zone" is denied by default since Service Pack 2. However, once an ActiveX control runs and is authorized by the user, it can gain all the privileges of the user, instead of being granted limited privileges as Java or JavaScript do. This was later solved in the Windows Vista version of IE 7, which supported running the browser in a low-permission mode, making malware unable to run unless expressly granted permission by the user.

[edit] Quirks trigger

Version 5.5 was the last to have Compatibility Mode, which allowed Internet Explorer 4^[22] to be run side by side with 5.x.^[23]^[24] With IE6, there was a quirks mode that could be triggered that caused it to behave like IE 5.5.^[25]

[edit] Supported platforms

Internet Explorer 6.0 supports Windows NT 4.0, Windows 98, Windows 2000, Windows Me, Windows XP and Windows Server 2003. The Service Pack 1 update supports all of these versions, but Security Version 1^[1] is only available as part Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 and later service packs for those versions. Windows Vista and Windows Server 2008 are not supported.

[edit] Release history

Major version	Minor version	Release date	Significant changes	Shipped with
Version 6	6.0 Beta 1	March 2001	More CSS changes and bug fixes to be more W3C-compliant.
	6.0	August 27, 2001	Final release.	Windows XP
	6.0 SP1	September 9, 2002	Vulnerability patch. Last version supported on Windows NT 4.0, 98, 2000 or Me.	Windows XP SP1 and Windows Server 2003
	6.0 SP2	August 25, 2004	Vulnerability patch. Popup/ActiveX blocker. Add-on manager.	Windows XP SP2 and Windows Server 2003 SP1

[edit] Iterations

Internet Explorer 6 `Shdocvw.dll` version iterations^[26]
Version	Title/Notes
6.00.2462.0000^[I]	IE6 Public Preview (Beta)
6.00.2479.0006	IE6 Public Preview (Beta) Refresh
6.00.2600.0000	IE6 (Windows XP)
6.00.2800.1106	IE6 Service Pack 1 (Windows XP SP1)
6.00.2800.1278	IE6 Update v.01 Developer Preview (SP1b Beta)
6.00.2800.1314	IE6 Update v.04 Developer Preview (SP1b Beta)
6.00.2900.2180	IE6 for Windows XP SP2
6.00.2900.5512	IE6 for Windows XP SP3
6.00.3663.0000	IE6 for Microsoft Windows Server 2003 RC1
6.00.3718.0000	IE6 for Windows Server 2003 RC2
6.00.3790.0000	IE6 for Windows Server 2003 (released)
6.00.3790.1830	IE6 for Windows Server 2003 SP1 and Windows XP x64
6.00.3790.3959	IE6 for Windows Server 2003 SP2

^ major version.minor version.build number.sub-build number

[edit] References and notes

"Microsoft Windows Family Home Page". Windows History: Internet Explorer History. Retrieved on May 12, 2005.
"Microsoft Knowledge Base". How to determine which version of Internet Explorer is installed. Retrieved on November 6, 2005.
"Index DOT Html and Index DOT Css". Browser History: Windows Internet Explorer. Retrieved on May 12, 2005.

^ ^a ^b SV1 stands for "Security Version 1", referring to the set of security enhancements made for that release.^[I] This version of Internet Explorer is more popularly known as IE6 SP2, given that it is included with Windows XP Service Pack 2, but this can lead to confusion when discussing Windows Server 2003, which includes the same functionality in the SP1 update to that operating system. —
^ "XPSP2 and its slightly updated user agent string". The Windows Internet Explorer Weblog. Microsoft via MSDN (2004-09-02). Retrieved on 2008-10-05.
^ "SMIL Standards and Microsoft Internet Explorer 6, 7, and 8". Retrieved on 2007-05-27.
^ "Using a web browser to access gopher space". Retrieved on 2007-05-11.
^ Microsoft to abandon standalone IE, January 23, 2006
^ Microsoft Internet Explorer 6.x, Secunia
^ Mozilla Firefox 1.x, Secunia
^ Opera 8.x, Secunia
^ "Vulnerability Report – Microsoft Internet Explorer 6.x". Secunia. Retrieved on 2006-06-23.
^ "Researchers warn of infectious Web sites" (June 25, 2004). Retrieved on 2006-04-07.
^ "Vulnerability Note VU#713878". US-CERT (June 9, 2004). Retrieved on 2006-04-07.
^ "Perspective: A safe browser? No longer in the lexicon". CNet (July 7, 2005). Retrieved on 2006-04-07.
^ Wheeler, David (November 14, 2005). "Why Open Source Software / Free Software (OSS/FS, FLOSS, or FOSS)? Look at the Numbers!".
^ "Safe Personal Computing" (December 12, 2004). Retrieved on 2006-04-07.
^ Mossberg, Walt (September 16, 2004). "How to Protect Yourself From Vandals, Viruses If You Use Windows". Personal Technology. Wall Street Journal. Retrieved on 2006-04-07.
^ Vaughan-Nichols, Steven (June 28, 2004). "Internet Explorer Is Too Dangerous to Keep Using". Linux & Open Source – Opinions. eWeek. Retrieved on 2006-04-07.
^ "Vulnerability Note VU#713878". US-CERT (June 9, 2004). Retrieved on 2006-04-07.
^ "Top Browser Share Trend". NetApplications.com (September, 2008). Retrieved on 2008-10-05.
^ ^a ^b Mick, Jason (2008-04-03). "Firefox Makes Big Gains In Business at IE's Expense", DailyTech. Retrieved on 5 October 2008.
^ "Top Browser Share Trend". Net Applications (September 2008). Retrieved on 2008-10-05. The date range spans October, 2006—September, 2008.
^ "The Basics of the IE Testing Matrix". Internet Explorer team blog. Microsoft (August 17, 2004). Retrieved on 2006-04-07.
^ PCWorld (2005-05-26). "The 25 Worst Tech Products of All Time". Retrieved on 2006-07-18.
^ "How to install and use Compatibility mode in Internet Explorer 5 or 5.5 (KB197311)". Microsoft Help and Support. microsoft.com (2007-01-23). Retrieved on 2008-10-05.
^ "Unable to Use Internet Explorer 4.0 Compatibility Mode (KB237787)". Microsoft Help and Support. microsoft.com (2007-01-24). Retrieved on 2008-10-05.
^ Hardmeier, Sandi (2005-08-25). "The History of Internet Explorer". Internet Explorer Community. microsoft.com. Retrieved on 2008-10-05.
^ Chao, Ingo; Holly Bergevin, Bruno Fassino, John Gallant, Georg Sørtun, Philippe Wittenbergh (2005-08-15). "Quirks mode in IE 6 and IE 7". satzansatz.de. Retrieved on 2008-10-05. Last updated on June 3, 2006.
^ "How to determine which version of Internet Explorer is installed (KB164539)". Microsoft Help and Support. microsoft.com (2008-09-03). Retrieved on 2008-10-05.

[edit] See also

Microsoft portal

[edit] External links

Internet Explorer: Home Page (Internet Explorer 7)
IEBlog — The weblog of the Internet Explorer team
Internet Explorer History

v • d • e Internet Explorer

Versions	Version 2 · Version 3 · Version 4 · Version 5 · Version 6 · Version 7 · Version 8 Mobile · for Mac · for UNIX

Overview	History · Removal · Easter eggs · Box model bug · Add-ins · Extensions · Shells

Current technologies and related software	Trident (MSHTML) · MSXML · RSS Platform · JScript · XMLHttpRequest · ActiveX · Administration Kit · Developer Toolbar · HTA · HTML+TIME · Internet Explorer Developer Toolbar · Web Archive (MHTML) · Favicon · HTML Components · Vector Markup Language (VML) · Integrated Windows Authentication · Temporary Internet Files · Index.dat · Browser Helper Object (BHO) · Web Proxy Autodiscovery Protocol (WPAD)

Previous technologies and related software	Outlook Express · Internet Mail and News · Comic Chat/Chat 2.0 · NetMeeting · NetShow · ActiveMovie · DirectX Media · Windows Address Book · Windows Desktop Update · Active Desktop · Active Channel · Channel Definition Format · Java Virtual Machine · Server Gated Cryptography (SGC) · Smart tags · MSN Explorer · Spyglass · Tasman

Events	First browser war · United States v. Microsoft · Sun v. Microsoft · Download.ject · Eolas v. Microsoft · Second browser war

Persons	Scott Isaacs

Related topics	Comparison of Web browsers · Usage share of web browsers · List of web browsers · Browser timeline