Microsoft Internet Explorer 6 (IE6) is the sixth major revision of Internet Explorer, a web browser developed by Microsoft for Windows operating systems, and the successor to Internet Explorer 5. It was released on August 24, 2001, shortly after the completion of Windows XP. It is the default browser that comes with Windows XP and Windows Server 2003.

This version of IE has been widely criticized for its security issues and lack of support for modern web standards, frequently appearing in "worst tech products of all time" lists, with PC World labeling it "the least secure software on the planet." In 2004, Mozilla finalized Firefox to rival IE6, and it became highly popular and acclaimed for its security, add-ons, speed, and other modern features such as tabbed browsing. Microsoft planned to fix these issues in Internet Explorer 7 by June–August 2005, but it was delayed until an October 2006 release, over 5 years after IE6 debuted.

Because a substantial percentage of the web audience still uses the outdated browser (most notably in China), campaigns have been established to encourage users to upgrade to newer versions of Internet Explorer or switch to different browsers. Some websites have dropped support for IE6 entirely, most notably Google, which was dropping support in some of its services. According to Microsoft's modern.ie website, as of August 2015, 3.1% of users in China and less than 1% in other countries are using IE6.

It was the last version of Internet Explorer to be called Microsoft Internet Explorer, as the software was rebranded as Windows Internet Explorer starting with the release of Internet Explorer 7.

It is the last version of Internet Explorer to support Windows NT 4.0 SP6a, Windows 98, Windows 2000, and Windows Me, although it is only supported as included in Windows XP RTM–SP1 and Windows Server 2003 RTM.

Overview

When IE6 was released, it included several enhancements over its predecessor, Internet Explorer 5. It and its layout engine Trident are a requirement for many programs, including Microsoft Encarta. IE6 improved support for Cascading Style Sheets (CSS), adding support for many properties that previously had not been implemented and fixing bugs such as the Internet Explorer box model bug. In Windows XP, IE6 introduced a redesigned interface revolving around the operating system's default theme, Luna.

Additionally, IE6 introduced DHTML enhancements, content-restricted inline frames, and partial support for DOM Level 1 and SMIL 2.0. The MSXML engine was also updated to version 3.0. Other new features included a new version of the Internet Explorer Administration Kit (IEAK), which debuted IExpress, a utility to create self-extracting INF-based installation packages, Media bar, Windows Messenger integration, fault collection, automatic image resizing, and P3P. Meanwhile, IE6 dropped support for X Bitmap (XBM) image files, and in 2002, the Gopher protocol was disabled.

IE6 was the most widely used web browser during its tenure, surpassing Internet Explorer 5. At its peak in 2002 and 2003, IE6 attained a total market share of nearly 90%, with all versions of IE combined reaching 95%. There was little change in IE's market share for several years until Firefox was released and gradually began to gain popularity. Microsoft subsequently resumed development of Internet Explorer and released Internet Explorer 7, further reducing the number of IE6 users.

On March 4, 2011, Microsoft urged web users to stop using IE6 in favor of newer versions of Internet Explorer. They launched a website called IE6 Countdown, which would show the percentage of the world that uses IE6 and aims to get people to upgrade.

Security problems

The security advisory site Secunia reported 24 unpatched vulnerabilities in Internet Explorer 6 as of February 9, 2010. These vulnerabilities, which include several "moderately critical" ratings, amounted to 17% of the 144 security risks listed on the website as of February 11, 2010.

As of June 23, 2006, Secunia counted 20 unpatched security flaws for Internet Explorer 6, many more and older than for any other browser, even in each criticality level, although some of these flaws only affect Internet Explorer when running on certain versions of Windows or when running in conjunction with certain other applications.

On June 23, 2004, an attacker used two previously undiscovered security holes in Internet Explorer to insert spam-sending software on an unknown number of end-user computers. This malware became known as Download.ject and caused users to infect their computers with a backdoor and keylogger merely by viewing a web page. Infected sites included several financial sites.

Probably the biggest generic security failing of Internet Explorer (and other web browsers, too) is the fact that it runs with the same level of access as the logged-in user, rather than adopting the principle of least user access. Consequently, any malware executing in the Internet Explorer process via a security vulnerability (e.g., Download.ject in the example above) has the same level of access as the user, something that has particular relevance when that user is an Administrator. Tools such as DropMyRights can address this issue by restricting the security token of the Internet Explorer process to that of a limited user. However, this added level of security is not installed or available by default, and does not offer a simple way to elevate privileges ad hoc when required (for example, to access Microsoft Update).

Art Manion, a representative of the United States Computer Emergency Readiness Team (US-CERT), noted in a vulnerability report that the design of Internet Explorer 6 Service Pack 1 made it difficult to secure. He stated that:

Manion later clarified that most of these concerns were addressed, and other browsers had begun to suffer the same vulnerabilities he identified in the above CERT report.

In response to a belief that Internet Explorer's frequency of exploitation is due in part to its ubiquity, since its market dominance made it the most obvious target, David Wheeler argues that this is not the full story. He notes that Apache HTTP Server had a much larger market share than Microsoft's IIS, yet Apache traditionally had fewer security vulnerabilities at the time.

As a result of its issues, some security experts, including Bruce Schneier in 2004, recommended that users stop using Internet Explorer for normal browsing and switch to a different browser instead. Several notable technology columnists suggested the same idea, including The Wall Street Journal's Walt Mossberg and eWeek's Steven Vaughan-Nichols. On July 6, 2004, US-CERT released an exploit report in which the last of seven workarounds was to use a different browser, especially when visiting untrusted sites.

Deprecation of support

Several campaigns were later aimed at ridding IE6 from the browser market:

• In July 2008, 37signals announced it would phase out support for IE6 beginning in October 2008.
• In February 2009, some Norwegian sites began hosting campaigns with the same aim.
• In March 2009, a Danish anti-IE6 campaign was launched
• In July 2009, the developers of YouTube placed a site notice that warned about the impending deprecation of support for Internet Explorer 6, prompting its users to upgrade their browser. It is claimed that they represented 18% of the site traffic at that time.
• In January 2010, the governments of Germany and France each advised their citizens to move away from IE6. Google announced it would no longer support IE6 around the same time.
• In February 2010, British citizens began to petition their government to stop using IE6, though this was rejected in July 2010.
• In March 2010, in agreement with the EU, Microsoft began prompting users of Internet Explorer 6 in the EU with a ballot screen in which they are presented with a list of browsers in random order to select and upgrade to. The website was located at BrowserChoice.eu.
• In May 2010, Microsoft's Australian division launched a campaign that compared IE6 to 9-year-old milk and urged users to upgrade to IE8.

With the increasing lack of compatibility with modern web standards, popular websites began removing support for IE6 in 2010, including YouTube and its parent company, Google; however, large IT company support teams and other employers forced staff to use IE6 for compatibility reasons, slowing upgrades. Microsoft itself eventually began its own campaign to encourage users to stop using IE6, though stating that it would support IE6 until SP3 (including embedded versions) support is removed. However, on January 12, 2016, when the new Microsoft Lifecycle Support policy for Internet Explorer went into effect, IE6 support on all Windows versions ended, more than 14 years after its original release, making the January 2016 security update for multiple versions of XP Embedded the last that Microsoft publicly issued for IE6.

Quirks mode

Internet Explorer 6 dropped Compatibility Mode, which allowed Internet Explorer 4 to be run side by side with 5.x. Instead, IE6 introduced quirks mode, which causes it to emulate many behaviors of IE 5.5. Rather than being activated by the user, quirks mode is automatically and silently activated when viewing web pages that contain an old, invalid, or no DOCTYPE. This feature was later added to all other major browsers to maximize compatibility with old or poorly-coded web pages.

External links

• Internet Explorer 6 at Microsoft (archived 2001-09-17)
  • Internet Explorer 6 Public Preview (archived 2001-04-13)
• Internet Explorer 6 at Wikipedia

	Wikipedia This page uses Creative Commons Licensed content from Wikipedia (view authors).