(this article includes parts adapted from my wiki)

A lot of people (not as many as some years ago, but still too many) have no idea what a “browser” is, yet they browse the Internet (or, more precisely, the World Wide Web) regularly.

How can that be? Well, due to some clever marketing (such as putting “Internet” in the application’s name), typical user ignorance and dislike of learning (people typically learn the bare minimum to do something, and then do everything in their power, including heavy effort if necessary, not to have to learn an iota more) and the fact that most users tend to stick to “whatever came with the computer” (in fact, with the operating system), those people use Internet Explorer (IE) without thinking, without realizing that

1. there exists a kind of program called “a web browser”,
2. IE is one, and
3. IE is not the only one, there are others.

What are the consequences of this? There are several, and all are bad ones:

• Microsoft hates the idea of open standards, because that means less control for them. Due to that, IE doesn’t support many modern standards, like CSS2, or supports them badly and/or partially, and – paradoxically, until you think about the reasons for it – is extremely permissive about what standards it does support, like HTML, XHTML and such. In other words, you can’t use many modern (but standard) features (and since so many people use IE, you can’t simply disregard them), but you can also write bad, incorrect code, and only IE will “eat it up” – browsers which respect standards will detect the numerous serious errors. Some HTML editors like Microsoft’s own FrontPage intentionally do this – create code with many errors, but which it “knows” IE will work around, with the result that only IE will show it properly, and less knowledgeable people with alternative browsers will believe it is their browsers which are to blame.
• Internet Explorer is extremely insecure – there have been literally dozens of updates for it, but they just patch particular holes, nothing is done about the fundamental insecurity of it; the browser was developed when computer security was not yet a concern, and it shows. A “bad” site can take control of your computer and install stuff (usually spyware) on it, just because you opened it in IE
• IE has a monstrosity called ActiveX technology, which allows a site to read and write on your system; while it theoretically has some security (and could be used for something useful), in fact there have been many holes in it, and besides many users are used to just clicking “OK” or “Yes”.
• IE (as of IE 6.0 Service Pack 1) doesn’t support any modern features, like tabs or selective image blocking, and only very recently (and only on Windows XP), with XP’s Service Pack 2, did it get a pop-up blocker. “I go to a site and get lots of pop-up windows, and when I try to close them, it opens even more windows!” is strictly a MSIE problem.
• Explorer is “integrated” into the operating system, which Microsoft touts as an advantage, but, instead:
  • makes it so that a browser crash can bring down the entire operating system;
  • cannot be updated without a reboot;
  • cannot be uninstalled;
  • allows Microsoft to only update IE for the latest version of Windows, forcing people to upgrade – this happened recently to Windows 2000 users, for instance, as IE 7.0 will only be available for Windows XP and newer.
• As mentioned above, IE encourages bad code, and lazy, incompetent web designers. Instead of learning enough and working enough to create a properly designed and coded web site which works on all browsers, it is much easier (and requires much less competence) to patch up something, and then say “it only works in exactly the same browser I use, on exactly the same operating system / version I use, with the same screen resolution I use.”
• Web standards are important for other reasons. Quoting a comment by Brian: “I’m talking about blind people, mobile phones, automated spidering scripts, Google, and so on. When you write standards-compliant web pages, you make it easier for all of these people to use your site. When you write IE-only tag soup you are just breaking the web and the philosophy of which it was conceived.”

In short, by using IE (or developing for it) you only harm yourself in the long run. Firefox or Opera may not be exactly like the browser you’re used to (though they’re as easy to use, if not easier)… but everything you currently know, you learned at some time, didn’t you? So don’t be afraid to learn one thing more, which will only benefit you. You’ll say goodbye to spyware and other malware (they can no longer be installed without your knowledge or permission), you’ll have a browser which gives control back to the user (instead of the site), you can block advertisements (especially those that seem to take over your browser and refuse to be closed)…

And there’s something else (you may think that this one is “idealistic crap” that you don’t care about, but, again, in the long run you’ll be benefiting yourself). Statistics. By not using IE, but using other browsers instead, you’ll be adding to the statistics of every site you visit – adding to the reality that web designers and, more importantly, “pointy-haired bosses” are only now beginning to understand: that not everyone uses IE, and that, by making a site that only works in it, they are instantly sending away 15% (as of now – that number is growing) of potential visitors. 15% of billions is a lot. And companies should learn that non-IE users are probably people who are more informed, who don’t sheepily use what they’re fed, but are more discerning. In other words, unless the site is trying to sell “generic viagra”, “genuine snake oil” or some other garbage , non-IE users are more likely to be better potential customers.

As everyone should know, Internet Explorer is a very insecure browser, and daily use can quickly turn a Microsoft Windows PC into a spyware-ridden, spam-sending slow, unstable abomination.

I don’t use IE at home, because Mozilla Firefox is infinitely better and more secure, but I’ve found that many people, even those otherwise educated and intelligent, think of “the Internet” as “the blue E”, and, when wanting to open a site, open IE without thinking.

So I had to do something about it.

Now, while I think that (as of mid-2005) it is still to early to implement this as official policy in a company (many bad sites or incompetently-designed intranet applications only work with IE – and sometimes only with a particular version), it can be useful in many home / small office networks.

Requirements

• a Unix-like machine (e.g. GNU/Linux or OpenBSD), possibly with 2 network cards, already running as a gateway for your network (this part is beyond the scope of this article)
• a firewall running on that machine (I use OpenBSD’s pf, but Linux’s iptables would also work) (again, firewall instructions go beyond the scope of this article)
• a Squid proxy server installation on the same machine, with the desired access configuration (including, possibly, authentication and such).

Steps

1. configure your firewall not to allow direct HTTP (ports 80 and 443) and FTP (port 21) from the internal network (otherwise, users could just disable the proxy in the browser)
2. change your Squid configuration like this:

   Before the “allow” for your home network, insert the following:

   acl msie browser MSIE
   acl getmozilla dstdomain .spreadfirefox.com
   acl getmozilla dstdomain .getfirefox.com
   # firefox download places always have "mozilla" in the URL
   acl getmozilla2 url_regex mozilla
   
   # the following use IE's engine
   # magic online
   acl exceptions_ie dstdomain .wizards.com
   # jre updates
   acl exceptions_ie dstdomain .java.sun.com
   acl exceptions_ie dstdomain .jdl.sun.com
   # stardock central
   acl exceptions_ie dstdomain .stardock.com
   # city of heroes
   acl exceptions_ie dstdomain .coh.com
   acl exceptions_ie dstdomain .cityofheroes.com
   acl windowsupdate dstdomain .windowsupdate.microsoft.com
   
   deny_info ERR_BAD_BROWSER msie
   
   http_access allow msie windowsupdate
   http_access allow msie getmozilla
   http_access allow msie getmozilla2
   http_access allow msie exceptions_ie
   http_access deny msie
   

   The exceptions are for some applications which (foolishly) use IE’s engine and identify themselves as it. You may not need these, and require different ones.

You should also create an ERR_BAD_BROWSER file (on the share/errors/English directory) for telling users that they’re using an insecure browser, and that IE is only for Windows Update, and for downloading Firefox. For example, here is mine:


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
<STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana, sans-serif}PRE{font-family:sans-serif}-->
</STYLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The requested URL could not be retrieved</H2>
<HR noshade size="1px">
<P>
While trying to retrieve the URL:
<A HREF="%U">%U</A>
<P>
The following error was encountered:
<UL>
<LI>
<STRONG>
Insecure browser detected.
</STRONG>
<P>
Microsoft Internet Explorer (MSIE) is an insecure browser, and I don't like it
being used in
my home. :) MSIE, and MSIE-based browsers such as AvantBrowser or NetCaptor,
can only be used for <a href="http://windowsupdate.microsoft.com">Windows
Update</a>, or for downloading <a
href="http://www.spreadfirefox.com/?q=affiliates&id=2703&t=49">Mozilla
Firefox</a>.</p>
<p>Please use a more secure browser such as <a
href="http://www.spreadfirefox.com/?q=affiliates&id=2703&t=49">Firefox</a> or Opera.
</UL>
<P>Your cache administrator is <A HREF="mailto:%w">%w</A>.


Addendum

Yes, the user agent string can be changed. But I’m counting on the fact that most IE users don’t even know what a “browser” is – they think that “the Internet is the blue E”, and that clicking on it is “opening the Internet” as mentioned before. I’m also counting on the fact that anyone who is technically knowledgeable enough to change IE’s user agent is also knowledgeable enough not to want to use IE.

Addendum #2

“Why not simply download Firefox and tell people to use it?”, you may ask.

It’s not that easy – even at MY place, guests tend to “click on the blue E” without thinking, even after I’ve told them about Firefox. It’s a difficult habit to break for many people. And I don’t believe in “fooling” them by disguising Firefox with a IE theme and switching the icon.

Besides, a lot of software uses the IE engine “under the hood”. You can fall victim to an IE hole even if you never open IE yourself.

Spyware is a big problem these days. Most Windows PCs have a lot of it, without the user’s knowledge; many crashes, slowdown, popups and browser hijacking (for instance, changing the home page without your consent, and you can’t set it back to what you want) are symptoms of a spyware infestation.

Avoiding spyware

1. Do not, I repeat, do not use Internet Explorer. Really. This is the most important part. Use Mozilla Firefox (my personal favorite), Mozilla, Opera or Konqueror. Explorer is unsafe, and malicious sites can use it to install dangerous software on your PC without your knowledge. It also (as of version 6.0) lacks many modern features such as browser tabs. In fact, you should not use IE even if spyware didn’t exist – but spyware by itself is also enough reason to use a decent browser instead of Explorer.
2. Do not use Outlook Express. Much like IE, it’s insecure. Use something like Mozilla Thunderbird, or a webmail like Gmail or Yahoo! Mail.
3. Avoid Microsoft Outlook, unless it is forced upon you at your workplace. And if so, see below for Office Update.
4. Turn Windows’ automatic updates on (go to Windows Update if you need assistance), and make sure they are working (you should be warned about critical updates from time to time). Install all of them.
5. If you have Microsoft Office installed, go to Office Update from time to time, and keep Office updated.
6. Have a decent anti-virus installed.
7. If you’re not behind a firewall, install a decent one on your PC, or, even better, keep it behind one (preferably not a Windows machine)
8. Beware of what you install. Many programs advertised as “free” install spyware along with them. Avoid the following above all:
   • Browser toolbars (they’re for Internet Explorer, anyway, so you won’t need them, right?)
   • Mouse cursors
   • Anything related to a purple monkey
   • Anything, in a web page, that pretends to be a Windows error message (e.g. “Warning: your PC is unoptimized!!!”)
9. Install Ad-Aware, keep it updated and run it from time to time, deleting any spyware it finds.

Note: a non-firewalled, non-updated Windows PC connected to the Internet gets infected by worms (*) in minutes – far less than the time it takes to update it. If you have such a PC in your hands, think hard before connecting it to the internet – if you can’t install a firewall software on it (from a CD, you can’t connect to the net before you are protected, remember?), take it to a friend with a NATted LAN (your geek friend will know what that means), and update it there.

(*) worms are not spyware, but they can, among other things, install spyware on your computer (and, besides, do even more harm than spyware)

Removing spyware

1. Install Ad-Aware
   • run it
   • check for updates
   • check for spyware
   • remove any it finds
2. Install Spybot Search & Destroy
   • run it
   • check for updates
   • check for spyware
   • remove any it finds
3. Reboot
4. Do the first 2 steps again.

• if neither program finds any spyware this time, you are clean. Come on, breathe in relief.
• if, however, any of them still finds spyware, repeat everything one more time. If there is still spyware, then removing it is beyond the scope of this page… Look around in Google, or ask a geek friend, or format and reinstall everything.

Note

Spyware is strictly a Microsoft Windows problem; you can forget about all of this if you use another operating system, such as Linux or MacOS.

Another Note

Contrarily to what most people think, it is not “normal” for a PC to become slower and slower as it’s used, until you have to format and reinstall to get it back to a “sane” speed. If that happens, your PC is simply probably full of spyware (and possibly viruses, worms and such).

Yet Another Note

If you are currently “weaning” yourself from Internet Explorer, it’s likely that you’ll open it from time to time, due to force of habit. As any such use is a potential doorway for spyware to enter your computer, a possible solution, for slightly more advanced users (again, asking a friend should not be out of the question), is to use a proxy server to limit Internet Explorer to Windows Update.