Internet Explorer 6

Microsoft Internet Explorer 6 (IE6) is a web browser developed by Microsoft for Windows operating systems. Released on August 24, 2001, it is the sixth, and by now discontinued, version of Internet Explorer and the successor to Internet Explorer 5. It does not support earlier versions.

Despite dominating market share (attaining a peak of 90% in mid-2004), this version of Internet Explorer has been widely criticized for its security issues and lack of support for modern web standards, making frequent appearances in "worst tech products of all time" lists, with PC World labeling it "the least secure software on the planet." In 2004, Mozilla finalized Firefox to rival IE6, and it became highly popular and acclaimed for its security, add-ons, speed and other modern features such as tabbed browsing. Microsoft planned to fix these issues in Internet Explorer 7 by June–August 2005, but it was delayed until an October 2006 release, over 5 years after IE6 debuted.

Because a substantial percentage of the web audience still used the outdated browser (especially in China), campaigns were established in the late 2000s to encourage users to upgrade to newer versions of Internet Explorer or switch to different browsers. Some websites dropped support for IE6 entirely, most notable of which was Google dropping support in some of its services in March 2010. According to Microsoft's modern.ie website,, 3.1% of users in China and less than 1% in other countries were using IE6.

Internet Explorer 6 was the last version to be called Microsoft Internet Explorer. The software was rebranded as Windows Internet Explorer starting with the release of Internet Explorer 7.

Internet Explorer 6 is no longer supported, and is not available for download from Microsoft.

It is the last version of Internet Explorer to support Windows NT 4.0 SP6a, Windows 98, Windows 2000 and Windows ME, though it is only available as pre-installed in Windows XP RTM—SP1 and Windows Server 2003 RTM.

Overview
When IE6 was released, it included a number of enhancements over its predecessor, Internet Explorer 5. It and its browser engine MSHTML (Trident) are required for many programs including Microsoft Encarta. IE6 improved support for Cascading Style Sheets, adding a number of properties that previously had not been implemented and fixing bugs such as the Internet Explorer box model bug. IE6 introduced a redesigned interface based on the operating system's default theme, Luna.

In addition, IE6 added DHTML enhancements, content restricted inline frames, and partial support of DOM level 1 and SMIL 2.0. The MSXML engine was also updated to version 3.0. Other new features included a new version of the Internet Explorer Administration Kit (IEAK) which introduced IExpress, a utility to create self-extracting INF-based installation packages, Media bar, Windows Messenger integration, fault collection, automatic image resizing, and P3P. Meanwhile, in 2002, the Gopher protocol was disabled. XBM support was dropped.

IE6 was the most widely used web browser during its tenure, surpassing Internet Explorer 5.x. At its peak in 2002 and 2003, IE6 attained a total market share of nearly 90%, with all versions of IE combined reaching 95%. There was little change in IE's market share for several years until Mozilla Firefox was released and gradually began to gain popularity. Microsoft subsequently resumed development of Internet Explorer and released Internet Explorer 7, further reducing the number of IE6 users.

On May 7, 2003 Microsoft online chat, Brian Countryman, Internet Explorer Program Manager, declared that Internet Explorer would cease to be distributed separately from Windows (IE6 would be the last standalone version); it would, however, be continued as a part of the evolution of Windows, with updates coming only bundled in Windows upgrades. Thus, Internet Explorer and Windows itself would be kept more in sync. However, after one release in this fashion. Microsoft Internet Explorer 6 was the last version of Internet Explorer to have "Microsoft" in the title: later versions changed branding to "Windows Internet Explorer", as a reaction to the findings of anti-competitive tying of Internet Explorer and Windows raised in United States v. Microsoft and the European Union Microsoft competition case.

On March 4, 2011, Microsoft urged web users to stop using IE6 in favor of newer versions of Internet Explorer. They launched a website called IE6 Countdown, which would show how much percentage of the world uses IE6 and aim to get people to upgrade.

Since 2015, all of the older sample questions offered by IE6 Search Companion on other unique functions have been replaced with "Windows Upgrade".

Security problems
The security advisory site Secunia reported 24 unpatched vulnerabilities in Internet Explorer 6 as of February 9, 2010. These vulnerabilities, which include several "moderately critical" ratings, amount to 17% of the total 144 security risks listed on the website as of February 11, 2010.

As of June 23, 2006, Secunia counted 20 unpatched security flaws for Internet Explorer 6, many more and older than for any other browser, even in each individual criticality-level, although some of these flaws only affect Internet Explorer when running on certain versions of Windows or when running in conjunction with certain other applications.

On June 23, 2004, an attacker used two previously undiscovered security holes in Internet Explorer to insert spam-sending software on an unknown number of end-user computers. This malware became known as Download.ject and caused users to infect their computers with a back door and key logger merely by viewing a web page. Infected sites included several financial sites.

Probably the biggest generic security failing of Internet Explorer (and other web browsers too) is the fact that it runs with the same level of access as the logged in user, rather than adopting the principle of least user access. Consequently, any malware executing in the Internet Explorer process via a security vulnerability (e.g. Download.ject in the example above) has the same level of access as the user, something that has particular relevance when that user is an Administrator. Tools such as DropMyRights are able to address this issue by restricting the security token of the Internet Explorer process to that of a limited user. However this added level of security is not installed or available by default, and does not offer a simple way to elevate privileges ad hoc when required (for example to access Microsoft Update).

Art Manion, a representative of the United States Computer Emergency Readiness Team (US-CERT) noted in a vulnerability report that the design of Internet Explorer 6 Service Pack 1 made it difficult to secure. He stated that: There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. … IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.

Manion later clarified that most of these concerns were addressed, and other browsers had begun to suffer the same vulnerabilities he identified in the above CERT report.

In response to a belief that Internet Explorer's frequency of exploitation is due in part to its ubiquity, since its market dominance made it the most obvious target, David Wheeler argues that this is not the full story. He notes that Apache HTTP Server had a much larger market share than Microsoft IIS, yet Apache traditionally had fewer security vulnerabilities at the time.

As a result of its issues, some security experts, including Bruce Schneier in 2004, recommended that users stop using Internet Explorer for normal browsing, and switch to a different browser instead. Several notable technology columnists suggested the same idea, including The Wall Street Journal's Walt Mossberg and eWeek's Steven Vaughan-Nichols. On July 6, 2004, US-CERT released an exploit report in which the last of seven workarounds was to use a different browser, especially when visiting untrusted sites.

Market share
Internet Explorer 6 was the most widely used web browser during its tenure (surpassing Internet Explorer 5.x), attaining a peak percentage in usage share during 2002 and 2003 in the high 80s, and together with other versions up to 95%. It only slowly declined up to 2007, when it lost about half its market share to Internet Explorer 7 and Mozilla Firefox between late 2006 to 2008.

IE6 remained more popular than its successor in business use for more than a year after IE7 came out. A 2008 DailyTech article noted, "A Survey found 55.2% of companies still use IE 6 as of December 2007", while "IE 7 only has a 23.4 percent adoption rate".

Net Applications estimated IE6 market share at almost 39% for September 2008. According to the same source, IE7 users migrate faster to IE8 than users of its predecessor IE6 did, leading to IE6 once again becoming the most widely used browser during the summer and fall of 2009, eight years after its introduction.

As of February 2010, estimates of IE6's global market share ranged from 10 to 20%. Nonetheless, IE6 continued to maintain a plurality or even majority presence in the browser market of certain countries, notably China and South Korea.

Google Apps and YouTube dropped support for IE6 in March 2010, followed by Facebook chat in September.

On January 3, 2012, Microsoft announced that usage of IE6 in the United States had dropped below 1%.

In August 2012, IE6 was still the most popular IE web browser in China. It was also the second most used browser overall with a total market share of 22.41%, just behind the Chinese-made 360 Secure Browser at 26.96%.

In July 2013, Net Applications reported the global market share of IE6 amongst all Internet Explorer browsers to be 10.9%.

As of August 2015, IE6 was being used by <1% users in most countries, with the only exception being China (3.1%). Usage in China fell below 1% by the end of the year.

Criticism
A common criticism of Internet Explorer is the speed at which fixes are released after the discovery of security problems.

Microsoft attributes the perceived delays to rigorous testing. A posting to the Internet Explorer team blog on August 17, 2004 explained that there are, at minimum, 234 distinct releases of Internet Explorer that Microsoft supports (covering more than two dozen languages, and several different revisions of the operating system and browser level for each language), and that every combination is tested before a patch is released.

In May 2006, PC World rated Internet Explorer 6 the eighth worst tech product of all time. A certain degree of complacency has been alleged against Microsoft over IE6. With near 90% of the browser market, the motive for innovation was not strongly present, resulting in the 5-year time between IE6's introduction and its replacement with IE7. This was a contributing factor for the rapid rise of the free software alternative Mozilla Firefox.

Programming interface
Unlike most other modern browsers, IE6 does not fully nor properly support CSS version 2, which made it difficult for web developers to ensure compatibility with the browser without degrading the experience for users of more advanced browsers. Developers often resorted to strategies such as CSS hacks, conditional comments, or other forms of browser sniffing to make their websites work in IE6.

Additionally, IE6 lacks support for alpha transparency in PNG images, replacing transparent pixels with a solid colour background (grey unless defined in a PNG bKGD chunk). There is a workaround by way of Microsoft's proprietary AlphaImageLoader, but it is more complicated and not wholly comparable in function.

Due to the long-lasting popularity of Internet Explorer 6, web developers had to work around its lack of interfaces. For example, due to the lack of the  parameter in CSS for elements such as top bars that should remain on screen when the user scrolls, JavaScript code had to be used to determine the user's scrolling position and then push down an element positioned with   by the same distance to have it remain on screen, or by dividing the page's hypertext into subframes using the   tag. With media queries unavailable, responsive widths could be implemented to a limited extent by wrapping elements inside tables.

Bugs
Internet Explorer 6 has also been criticized due to its instability. For example, the following code on a website would cause a program crash in IE6:

or

The user could crash the browser with a single line of code in the address bar, causing a pointer overflow.

Deprecation of support


Several campaigns were later aimed at ridding Internet Explorer 6 from the browser market:


 * In July 2008, 37signals announced it would phase out support for IE6 beginning in October 2008.
 * In February 2009, some Norwegian sites began hosting campaigns with the same aim.
 * In March 2009, a Danish anti-IE6 campaign was launched.
 * In July 2009, developers of YouTube placed a site notice that warned about the impending deprecation of support for Internet Explorer 6, prompting its users to upgrade their browser. It is claimed that they represented 18% of the site traffic at that time.
 * In January 2010, the German Government, and subsequently the French Government each advised their citizens to move away from IE6.
 * Also in January 2010, Google announced it would no longer support IE6.
 * In February 2010, British citizens began to petition their government to stop using IE6, though this was rejected in July 2010.
 * In March 2010, in agreement with the EU, Microsoft began prompting users of Internet Explorer 6 in the EU with a ballot screen in which they are presented with a list of browsers in random order to select and upgrade to. The website is located at BrowserChoice.eu.
 * In May 2010, Microsoft's Australian division launched a campaign which compared IE6 to 9-year-old milk and urged users to upgrade to IE8.

With the increasing lack of compatibility with modern web standards, popular websites began removing support for IE6 in 2010, including YouTube and their parent company Google; however large IT company support teams and other employers forcing staff to use IE6 for compatibility reasons slowed upgrades. Microsoft themselves eventually began their own campaign to encourage users to stop using IE6, though stating that they would support IE6 until SP3 (including embedded versions) support is removed. However, on January 12, 2016 when the new Microsoft Lifecycle Support policy for Internet Explorer went into effect, IE6 support on all Windows versions ended, more than 14 years after its original release, making the January 2016 security update for multiple versions of XP Embedded the last that Microsoft publicly issued for IE6.

Security framework
Internet Explorer uses a zone-based security framework, which means that sites are grouped based upon certain conditions. IE allows the restriction of broad areas of functionality, and also allows specific functions to be restricted. The administration of Internet Explorer is accomplished through the Internet Properties control panel. This utility also administers the Internet Explorer framework as it is implemented by other applications.

Patches and updates to the browser are released periodically and made available through Windows Update web site. Service Pack 2 adds several important security features to Internet Explorer, including a popup blocker and additional security for ActiveX controls. ActiveX support remains in Internet Explorer although access to the "Local Machine Zone" is denied by default since Service Pack 2. However, once an ActiveX control runs and is authorized by the user, it can gain all the privileges of the user, instead of being granted limited privileges as Java or JavaScript do. This was later solved in IE 7, which supported running the browser in a low-permission mode, making malware unable to run unless expressly granted permission by the user.

Quirks mode
Internet Explorer 6 dropped Compatibility Mode, which allowed Internet Explorer 4 to be run side by side with 5.x. Instead, IE6 introduced quirks mode, which causes it to emulate many behaviors of IE 5.5. Rather than being activated by the user, quirks mode is automatically and silently activated when viewing web pages that contain an old, invalid or no DOCTYPE. This feature was later added to all other major browsers to maximize compatibility with old or poorly-coded web pages.

Supported platforms
The Service Pack 1 update supports all of these versions, but Security Version 1 is only available as part of SP2 and later service packs for those versions.

System requirements
IE6 requires at least:


 * 486/66 MHz processor
 * Windows 98/NT 4.0 SP6a
 * Super VGA (800 × 600) monitor with 256 colors
 * Mouse or compatible pointing device
 * RAM: 16-32 MB
 * Free disk space: 8.7–12.7 MB