It's amusing but disconcerting to me that what I write can be so widely misunderstood. In an article earlier this week about Microsoft's plans for improving the Web standards compliance in Internet Explorer (IE) 7, I repeated a recommendation I've been making to Windows users for years: Boycott IE.
This recommendation was completely misunderstood by a number of people. Some misread it as "Boycott IE 7." And some were amazed that a Windows advocate like me would take the "bold" step actually calling on Windows users to stop using a Microsoft product. And clearly, describing IE as "a cancer" was a bit strong. But allow me to explain what's really happening here.
First of all, put out those torches: I'm not leading a charge on Castle Frankenstein. Years ago, when Microsoft added the buggy and unproven IE code to the core of Windows NT 4.0, I felt that it was the worst decision the company had ever made. And since then, I've been proven right time and time again: IE has become the number one vector for malware intrusions in Windows, as shown by the vast number of security exploits this product has suffered over the years. As a result, one can make only a very weak argument about the benefits of fusing IE with Windows. But one can make a much better argument about the benefits of leaving the browser code separate from the OS.
IE's security ills were so bad for so long, in fact, that Microsoft stopped even thinking about new end user features for the product for several years. The version of IE included with Windows XP Service Pack 2 (SP2) in 2004 fixed some of the security problems, but as even Microsoft acknowledges, it was just a step down a long road towards making IE truly secure (if that's even possible).
In any event, I've been calling on Windows users to try less-often-hacked browsers such as Mozilla Firefox for years. Other browsers, like Opera 8, are probably equally acceptable, though I just don't have as much experience with that product as I do with Firefox. My Web browser recommendation applies to the here and now: Today's IE, even with XP SP2, is just not secure enough. Too, IE 6 doesn't offer the broad feature set found in most modern browsers, so IE users are likely not even aware of the incredible functionality you can get with other choices. I most thoroughly explored these differences in my Target IE series on the SuperSite for Windows last year.
As for IE 7 specifically, I've analyzed what Microsoft is planning to do with this product and would like to clear up some misconceptions. First, there are really two versions of IE 7: The standalone version that will ship for XP SP2 (and Windows XP x64 Edition, and Windows Server 2003 with SP1), and the version that will ship in Windows Vista. The Windows Vista version of IE will be a superset of the standalone version, offering security features that are impossible to implement on previous generation Windows versions.
If you simply must use IE for some reason, you would be crazy not to upgrade to IE 7 when it comes out. On both platforms, IE 7 will offer crucial anti-phishing technology and a number of end user features that look interesting, including tabbed browsing and better add-on management. However, on Windows Vista, IE 7 will be even more powerful, offering a new protected mode in which the browser runs without any add-ons, allowing you to get work done if an electronic attack does infect the system. I'll write more about this in my upcoming IE 7 Beta 1 review on the SuperSite for Windows.
That said, I still have my concerns about IE's compliance with Web standards. Many of you don't realize this, but I have a Web development background tracing back over a decade, and I developed or helped develop some of the first database-backed Web sites on the Internet 10 years ago. In fact, WinInfo was one of these sites, back when it was hosted on the Internet Nexus in the mid-1990s. Since then, I've scaled back on Web development work to focus on writing, but I've also written and contributed to a number of books focusing on database-backed Web development, Visual Basic, and databases over the years. I understand the issues Web developers face, and I watched as Microsoft exerted its dominance and pushed its proprietary technologies over true Web standards. While Microsoft can truly claim to want to deliver a good "Web experience," it's equally true that the company is working to ensure you can only get that experience with its own products. Microsoft is not interested in a level playing field where users have a choice of browsers, all of which offer equivalent user experiences.
Folks, that's OK. It's called a competitive advantage, and it's something all companies seek to get. My issue with this is that I don't personally care what's good for Microsoft. I care about what's good for the people that use its products. And sometimes what's good for Microsoft and what's good for its customers are completely at odds with each other. Windows Genuine Advantage, Product Activation, and, yes, bundling IE with Windows are three obvious examples.
Finally, I spoke with the IE team this week and while it was a somewhat tense discussion--I did, after all, refer to their product as "a cancer"--I think we reached a workable understanding. IE Lead Program Manager Chris Wilson, for example, continues to insist that the Acid2 test I mentioned previously is "not a compliance test." And technically, he's right: Passing the Acid2 test doesn't mean that you've reached compliance with any particular Web standard (such as CSS 2.0). My beef with the Acid2 test is that Microsoft, alone among the browser makers, has publicly shown no interest at all in passing the Acid2 test, which was designed to "help browser vendors make sure their products correctly support features that Web designers would like to use. These features are part of existing standards but haven't been interoperably supported by major browsers." I commend the company for seeking to fix the IE issues that Web developers say are most onerous. I'd still like to see them do more, however.
Gary Schare, the Director of Product Management for the IE team, discussed with me the security features Microsoft will be adding to IE 7, and while I've highlighted a few of them above, I'll be writing more about this in my IE 7 Beta 1 review. The long and the short of it is that IE 7 will be better than IE 6. The question is whether it will be good enough. In the meantime, I will still use and recommend Firefox today. That's because IE 7 isn't here yet, and I can't possibly make a recommendation about an uncompleted product one way or the other.