Lucene search

threatpostPaul RobertsTHREATPOST:797E6F9A1F43801EFFCD0ACDC9FAB4A0
HistoryJan 04, 2012 - 4:57 p.m.

Updated: IE6 Market Share Dips Below 1% in US. Microsoft Celebrates

Paul Roberts

IE6Recent data shows that the share of Web traffic in the U.S. that’s being viewed on the troubled Internet Explorer Version 6 browser has finally dropped beneath 1%, and nobody is happier about it than parent company, Microsoft, which launched a program to eradicate IE6 back in March, 2011.

In a blog post on Tuesday, Roger Capriotti, the director of Internet Explorer Marketing, celebrated the milestone, which was derived from data on browser use by the firm Net Applications and country-by-country data compiled by the U.S. Central Intelligence Agency on the number of Internet users. Just .9 percent of the 245 million Internet users in the U.S – or just over 2.2 million people. Microsoft announced.

First released in 2001, IE6 was the sixth version of Microsoft’s Web browser and was the default browser that shipped with the popular Windows XP operating system. Though popular with users and Web application developers, IE6 was plagued by security vulnerabilities. Among the many problems with IE6 that became clear after its release was the browser’s tendency to run with the same level of privileges as the current user. IE6’s ubiquity (it owned more than 80% of the Web browser market within two years of its release) combined with its many software vulnerabilities and the tendency of many organizations to give Windows users administrative rights over their own machine in a toxic brew that gave malicious hackers administrative access to many machines running vulnerable instances of IE6. Famously, hackers targeting Google, Adobe and other firms used a zero day exploit against a Windows XP machine running Internet Explorer 6 in the so-called “Aurora” attacks.

The IE6 browser share in the U.S. dropped to one percent from around 4% in 2011, according to Microsoft, citing the same data sources. Other surveys have found the legacy browser to still be common within organizations. A report by Web security firm zScaler in August, 2010, found that 23% of the company’s corporate customers were using IE6 to browse the Web. A poll of readers by the anti malware industry publication Virus Bulletin in February, 2010 found that 19 percent of respondents continued to use IE6.

A chorus of security experts advised users to abandon IE6 for more recent, more secure alternatives. Microsoft joined that chorus in March, 2011, launching an official IE6 countdown Web site and adapting the AdCouncil’s now famous anti-drunk driving slogan to its own ends, warning that “friends don’t let friends use Internet Explorer 6,” and providing tools that Web site administrators can use to warn visitors who are using an outdated version of IE.

“It’s the end of life in the US for IE6, and it’s a welcome end,” said Kurt Baumgartner, a senior security researcher at Kaspersky Lab.

Twelve countries now have fewer than 1% of users on Internet Explorer 6. Most are in Western Europe. They include Norway, Finland, Denmark, Sweden, Austria and Poland, as well as Mexico and The Philippines, according to Microsoft.

Despite declining use in the West, IE6 is still common, worldwide. NetApplications data put the overall share of the browser market at 7.33% in December, down from 11.8% at the beginning of the year – just behind the market share of Google’s Chrome 15 browser. In China, IE6 is still used by 25% of that country’s estimated 389 million Internet users – or 98 million people.

Internet Explorer once commanded more than 90 percent of the Web browser market, after killing off early rivals like Netscape’s Navigator. That market share has been declining in recent years, as competitors such as Mozilla’s Firefox, the Google Chrome browser and Apple’s Safari have become the choice of more users. In the meantime, Microsoft has made great strides to correct the mistakes of the past with subsequent versions of IE, says Kaspersky’s Baumgartner.

“The focus on security and the changes from IE6 to IE9 represent how much Microsoft’s efforts have shifted and how they’ve begun to take security seriously, building out security research teams and baking it into their development process,” he wrote. “As Internet Explorer 10 comes up, we see (Microsoft) playing better with Web standards partly because of the increased competition from other browser vendors,” he said.

The good old days in which IE was the default gateway to the Web are gone for good, especially as Web surfers increasingly shift to mobile devices such as Android and iOS that don’t run on Windows.

Baumgartner thinks that glaring headlines about IE zero day vulnerabilities will be less common in the years ahead. “User privacy, instead of buffer overflows and use-after-free vulnerabilities, will start to grab more attention,” he said. “In a way, that’s real progress.”