Aug 25, 2005 (11:08 AM EDT)
Analyzing IE At 10: Integration With OS Smart Or Not?
Read the Original Article at InformationWeek
This week marks not only the tenth anniversary of the release of Windows 95, but also the same landmark for Microsoft's browser, Internet Explorer, software that's been, by turns, an underdog, the root of the government's antitrust trial, and the cause of more security problems than any other single component of the operating system.
As with Windows 95, Microsoft took no pause to celebrate. The only official notice of the anniversary's coming (and going) was an entry in the IE blog by Christopher Vaughan, the lead project manager for the IE team, who has worked on the browser, on and off, since version 3.0.
"When we were working on early versions of Internet Explorer we had no idea where the Internet would take the world, or how we would fit in," Vaughan said.
(Firefox's Asa Dotzler didn't let that go uncontested, and in a comment quoted a section of a document entered as evidence in the United States v. Microsoft trial. The memo, "How To Get 30% Share In 12 Months," reads in part: "PSD needs to get serious about cloning Netscape. We must have a plan to clone all the features they have today, plus new ones they will add between now and our next release. We have to make this our only priority and put our top people on the job.")
IE debuted along with Windows 95 on August 24, 1995, which included built-in support for dial-up networking and the TCP/IP protocol, pieces which until then had to be installed separately. That first version wasn't included with the OS, however, but came as part of an add-on package dubbed Microsoft Plus! for Windows 95. ( eBay shows several copies of this 10-year-old package for sale.)
This Internet Explorer was based on the Mosaic browser licensed from Spyglass (but only after attempting, and failing, to license Netscape's Navigator) IE still, in fact, gives a nod to Spyglass; even the most recent version 6.0 for Windows XP SP2 states "Distributed under a licensing agreement with Spyglass, Inc." in the About dialog under the Help menu.
By November, IE had matured to 2.0, adding such now-taken-for-granted protocols or tools as SSL and cookies, then moved to 3.0 by August, 1996, when it was first included with, but not integrated into, Windows. (Want to go back to the past? You can download versions 1.0, 2.0, and 3.0 of IE from OldVersion.com.)
The rate of change -- unseen since then by Internet Explorer -- was fueled in large part by Microsoft's underdog status as it fought for market share with the then leading Netscape browser.
"Microsoft got to the party late," said Michael Cherry, an analyst with Directions on Microsoft, a Redmond, Wash.-based research firm. "The joke is that they don't get anything right until version 3.0; 1.0 and 2.0 arguably came out before they were really ready." But Microsoft, said Cherry, didn't have the luxury of waiting until it had created the "perfect" browser when it was dueling with Netscape.
In 1997, however, IE took a sharp turn when Microsoft integrated the browser with its brand-new Windows 98 operating system. From version 4.0 on, IE has been part of the OS, part of Microsoft's legal troubles, and certainly part of its security woes.
"From a business decision perspective, the decision to integrate IE was brilliant," said John Pescatore, Gartner research director. "No more Netscape.
"But from a security perspective, it was a terrible decision."
The move to tie the browser with the OS ended up in court -- the federal government and several states eventually settled with Microsoft, and IE was allowed to remain -- and brought a plague upon Redmond, Pescatore argued.
"Since IE is embedded in the OS, many other pieces of software use it to do things," he said. "That's why spyware works so well. Integration has, in fact, enabled types of attacks that we otherwise wouldn't even have seen.
"And if you want to make [the browser] better, you have to change the entire operating system. It's made bad security things easier, and made the improvement of security harder."
Directions on Microsoft's Cherry wasn't ready to throw the whole baby out with the bathwater. "There are some services, critical services, that really are necessary and should be part of the operating system. TCP is one. HTTP is another. You can make a strong argument for certain pieces.
"But as far as the entire browser goes, no, it doesn't need to be integrated. I say it's 'unfortunate' that IE is integrated with Windows," said Cherry. "The actual rendering and display of HTML, that's where it gets fuzzy about whether it needs to be in the OS."
Mistake though it may have been, said Pescatore, don't expect Microsoft to retreat.
"We view the entire Windows ecostructure through the IE component," he said. "Changing it now wouldn't give much benefit to security."