Time to dump Internet Explorer

The recent disclosure of a security hole in Internet Explorer that enables hackers to steal passwords and credit-card numbers seemed to cross a threshold in Windows' error-marred legacy.

First, Microsoft said it had no immediate fix. The company suggested that users change IE's security setting to "high." Only after an international uproar did Microsoft say it would address the problem in an impending update.

Rather than fiddle with settings, US-CERT (Computer Emergency Readiness Team) suggested users switch to an alternative browser.

"It is time for national leaders to get their heads out of the sand and recognize this threat to their [our] national and economic security, [and to begin] cooperating on a global basis to deny access and havens to anyone mounting Net attacks," noted Mark Anderson, publisher of the Strategic News Service electronic newsletter.

The "Red Alert" response of the IT community attested to the gravity of the flaw itself. Gaining access to a Windows PC, a hacker literally could record keystrokes entered in supposedly "secure" mode by Internet Explorer users. That means passwords and credit-card numbers could be plucked wholesale from a user.

As dramatic as all this sounds, IE's flaws are nothing new to longtime software watchers. In 1997 Fred McLain, an Eastside programmer, demonstrated IE's vulnerabilities in a sensational "Internet Exploder" demo before 10,000 programmers at a JavaOne conference in San Francisco. Microsoft, comparing McLain's demo to a workshop on how to crash airplanes, suggested users switch security settings to "high."

McLain, noting that Microsoft has made little improvement to IE over the past eight years, observed that "most people don't even drive cars as old as this browser."

As troublesome as the situation seems, a simple solution exists. Microsoft could announce that it is discontinuing development on Internet Explorer and encourage users to switch to alternative browsers.

Such a step would hold manifold benefits to Microsoft and PC users. Microsoft spends money (albeit not much) on IE development and support but gives the program away free. The "free forever" strategy, announced in 1995 by Bill Gates, was meant to undermine Netscape Communications and lock users into Windows-Internet synergies.

Netscape is pretty much a goner, and Windows will continue to dominate desktops without IE. Microsoft could remove a line item from its loss column and give the makers of some perfectly good alternatives a way to make some money from their products.

Opera, a Norwegian program, is not only a superior browser but a powerful Internet-management system. Safari, from Apple, and Mozilla — a descendant of the original Netscape browser — hold advantages over IE as well.

I've long argued that giving away IE was one of Gates' biggest mistakes. Charging the $30 or so that Netscape sold its browser for would have given Microsoft a nice cash cow, and IE would still have dominated Netscape on its own merits. Instead, the "free" strategy contributed to the ongoing antitrust debacle that hamstrings the company.

IE seems somewhat adrift at Microsoft. Versions 5 and 6 for Windows were token upgrades, and the company appears to have let IE languish on the Macintosh.

Perhaps the latest security debacle will fade like McLain's demo and Internet life will continue with its ever more tenuous pattern of dousing multiplying wildfires with stopgap patches.

But Microsoft could do everyone a favor, from the IT and security communities to the end user like you and me, by simply dumping the albatross of IE and focusing on bucking up Windows security elsewhere.

Paul Andrews is a freelance technology writer and co-author of "Gates." He can be reached at pandrews@seattletimes.com.