After years of decline and a final wind-down over the past 13 months, Microsoft confirmed the retirement of Internet Explorer. When it was time for users to upgrade and move on, they often didn't because Internet Explorer was a mainstay. Security researchers say that IE and its many security vulnerabilities are far from gone, despite last week's milestone pushing even more users off the historic browser.
The IE app on Windows 10 devices will be disabled by Microsoft in the coming months. Edge incorporates a service called "IE mode" to preserve access to old websites built for Internet Explorer. IE mode will be supported by Microsoft through 2029. IE will continue to work on all supported versions of Windows 8.1, Windows 7 with Microsoft's Extended Security Update, and Windows server, though the company says it will eventually phase IE out in these, too.
Internet Explorer may still hold more than half a percent of the total global browser market share, seven years after the debut of Edge. In the US, that share could be as little as 2%.
"I think we've made progress, and we probably won't see as many exploits against IE in the future, but we will still have remnants of Internet Explorer for a long time that scam artists can take advantage of" There are still pieces of the internet explorer that exist.
It is hard to balance the desire for a clean slate with the need for backward compatibility. "We haven't forgotten that some parts of the web still rely on Internet Explorer's specific behaviors and features," wrote the general manager of Microsoft Edge.
He said that there was a need to start over with Edge. He wrote last week that the internet has evolved. We started fresh becauseIncremental improvements to Internet Explorer couldn't match the general improvements to the web.
The underlying browser engine of IE will still be supported by Microsoft, as well as versions of Windows still used in critical environments. According to a researcher for Project Zero, IE vulnerabilities are still being exploited in real-world attacks.
Internet Explorer has had a consistent number of 0 days each year since we began tracking them. She wrote in April that 2016 was tied for the most in-the-wild Internet Explorer 0-days we've ever tracked. Even if the user doesn't use internet explorer as their internet browser, it's still a ripe attack surface.
While the number of new IE vulnerabilities Project Zero has detected has remained fairly constant, attackers have shifted over the years to increasingly target theMSHTML browser engine through malicious files. It is possible that neutering the IE application won't immediately change attack trends.
Microsoft and IE users around the world have come a long way since it was difficult to rein in the browser. IE still loads with the living even though it's supposed to be dead.