Removal of Internet Explorer

From Wikipedia, the free encyclopedia

The idea of removing Internet Explorer from a Microsoft Windows operating system was first proposed during the United States v. Microsoft case. Later, some security advocates took up the idea as a way to protect Windows systems from attack via IE vulnerabilities. Whether the net benefit of removing IE exceeds the cost, and indeed what it means to "remove IE", are disputed.

Contents 1 Vulnerabilities 2 Removing 3 Conflicts 4 Alternative Methods 5 See also

[edit] Vulnerabilities

Simply installing and using another browser does not prevent third party programs and core operating system components from using IE libraries. Thus, a user who does not use IE to browse the Web can still be targeted by attacks against vulnerabilities in these libraries—for instance, via Outlook Express or the Windows Help subsystem. However, removing the IE libraries will cause these programs, and other software which depends upon them, to cease functioning or even to crash the system.

[edit] Removing

It is unclear what it means to "remove IE" because such a removal depends on being able to determine which files or functions on an installed Windows system are part of IE — that is, to draw a line between IE and the rest of Windows. Microsoft has held that this is not meaningful; that in Windows 98 and newer versions, "Internet Explorer" is not a separate piece of software but simply a brand name for the Web-browsing and HTML-displaying capacities of the Windows operating system. In this view, the result of removing IE is simply a damaged Windows system; to have a working system without IE one must replace Windows entirely.

It is possible to remove Internet Explorer from Windows 95 (see instructions on the Netscape website [1] and on Microsoft's website [2]), as well as from Windows 2000 [3], Windows XP [4], and Windows Server 2003 [5] at installation time.

In contrast, some programmers and security writers have held that it is possible to have a useful and working Windows system with IE excised, that is, without Microsoft's implementation of web browsing and HTML viewing. Consultant Fred Vorck, who advocates that consumers should have the choice to remove "integrated" features of Microsoft Windows [6]; Dino Nuhagic, who is the creator of nLite — a product that allows users to remove Windows components like Internet Explorer and Windows Media Player, amongst others [7]; and Shane Brooks, who created 98lite and XPLite to remove and manage Windows components [8] after the installation of the operating system, have all suggested removing Internet Explorer from computers in order to decrease exposure to security risks on the Internet [9].

[edit] Conflicts

One of Microsoft's arguments during the United States v. Microsoft trial was that removing Internet Explorer from Windows may result in system instability. At least one commentator supports this argument, and notes that removing Internet Explorer will also disable Windows Update, leaving the user without vital security updates to the operating system [10]. This overlooks the use of a browser plugin like WindizUpdate, that can check for and perform updates without using Windows Update.

When removing Internet Explorer prior to Windows installation using nLite, there is a distinction between removing Internet Explorer and Internet Explorer Core. If the latter is not removed, core components needed for displaying HTML help files and other operating system tasks are not removed, but the web browser is removed from the system.

Microsoft's position is in contrast with other operating systems and browsers. Other operating systems for desktop computers typically include at least one browser—for instance, Safari in Mac OS X. However, in these systems the web browser can be removed or replaced like any other application.

[edit] Alternative Methods

An alternative way to protect a local network is to limit Internet Explorer to Windows Update only.^[11]

[edit] See also

• Internet Explorer