Sofware in Review
Tech news
at TheJemReport.com
Software reviews
at SoftwareinReview.com
Hardware reviews
at HardwareinReview.com
Discuss technology
at TJRForum.com
Sofware in Review → Tutorials → Windows optimizations →

How to replace and disable Internet Explorer

By Jem Matzan

You've probably heard about a particularly nasty trojan horse attack recently which exploited several vulnerabilities in Microsoft Internet Explorer and Internet Information Services. While viruses and trojans have been taking advantage of known vulnerabilities for years, this particular attack is new because it uses several vulnerabilities at once, one of them being unpatched by Microsoft at the time of infection, and it doesn't require the user to download or install any programs or visit any malicious websites. Even if you have the latest patches from Microsoft and only visit trusted websites your system is still vulnerable and you're risking your credit card numbers, bank account information, passwords and other sensitive data if you use Internet Explorer. Due to ongoing security concerns, it's time to say goodbye to Internet Explorer forever -- here's how to do it along with a brief explanation of why Internet Explorer is such an abomination before all mankind.

The replacements

Before you go removing your only web browser, you need to have something to replace it with. There are two primary alternatives to Internet Explorer: Mozilla and Opera. Mozilla has two derivatives: Netscape, which is a proprietary version of the Mozilla suite and Firefox, which is a stripped-down version of Mozilla. Mozilla is actually a suite of programs; it's a web browser, email client, address book, and calendar all rolled into the same basic framework. Those with slow machines may have a better experience with Firefox, since it is only the bare browser component of Mozilla with some modifications. All Mozilla derivatives offer popup ad blocking, tabbed browsing (which allows you to have several web pages open in one single window, as opposed to opening them all in separate instances of the program), and superior security and stability. Firefox and Mozilla are both free software, meaning you are not restricted in their use, modification or distribution.

Opera is a proprietary web browser with lots of excellent features. Like Mozilla, Opera has popup ad blocking and tabbed browsing capabilities, and it also has a built-in email client and address book. Despite the similarities in its key features, Opera is a somewhat different experience from Mozilla and Mozilla-based web browsers, and a drastically different experience from Internet Explorer. Some may enjoy that, others will find it irritating. Opera also has built-in ads near the top of its browser window; if you want them to go away you have to pay almost $40. If you're looking for the most IE-like web browser (in terms of interface), Firefox is your best bet.

There is no harm in installing more than one of these programs -- in fact you can install them all if you like. Try several of them before making a decision, and be sure to give yourself at least a week's time to adjust to the different features and interface.

No matter what you choose to install, the new program will at some point ask you if you'd like to make this your default browser. You should say yes here, although if you're installing multiple browsers each one will want to check if it's the default every time you start it unless you tell it to stop asking. As long as IE is no longer the default and you have a different program to browse the web, your mission has basically been accomplished. Now all you have to do is remove and disable Internet Explorer.

How to remove IE

First, you must have Internet Explorer version 6 or later for this process to work. Ironically the easiest way to remove Internet Explorer prior to version 6.0 is to first upgrade to 6.0 -- a process best done through Windows Update. If you're using Windows 95 and want to remove IE, Microsoft has instructions at this address.

In Windows NT 4.0, 98, 98SE, ME, 2000, and Advanced Server Limited Edition, open up your Control Panel, which is found in the Start Menu under Settings. Then double-click on Add/Remove Programs; a new window will appear with this same title. Select Add/Remove Windows Components from the left-hand icon column and then uncheck the box next to Internet Explorer. Click Next and IE will disappear from your system; click Finish to complete the process. All IE icons will be removed from your quick launch, desktop, and Start menu. Depending on which operating system you're using and how it has been updated and configured, the option for removing Internet Explorer may alternately be in the Add/Remove Installed Programs section instead of the Add/Remove Windows Components section, but the basic process remains the same.

In Windows XP the process is exactly the same, except you have some further options to limit Internet Explorer. In the same Add or Remove Programs window, Windows XP has an additional option for those with Administrator rights: Set Program Access and Defaults, which is the last icon down on the left-hand icon bar. Click on it and you'll see some different profiles to choose from. Click on Custom; this will list some program defaults and access controls that you can change manually. The first group in the list is for your web browser. Uncheck the box labeled "Enable access to this program" next to Internet Explorer. You'll notice there is a button for the system default -- you'll want to click the dot next to your new browser to make it the default if it isn't already set.

Internet Explorer is, unfortunately, built into Windows in all versions after 98 and can't be fully removed. No matter what you do, IE will still be available in a limited capacity for the purpose of running Windows Update, which requires Internet Explorer to run. It will not be generally available to users, however, and since you set your default browser to whatever you installed earlier, IE will never open on its own when you click a link offline. This is the best you can do; Windows security is all about reducing risk rather than eliminating it. If you start Windows Update, an IE window will open and you can use it for browsing sites other than Windows Update despite the fact that it's been "removed" and "disabled." This is one of the main problems with Windows -- there are always loopholes like this one that compromise your system's security. A more agreeable long-term solution might be to switch to GNU/Linux.

Extend and exploit: why IE is a security disaster

There's only so much you can do with HTML and cascading style sheets (CSS). You can do more with high-level web languages like PHP, ASP, Perl, and Python, but you still need HTML to display web programs. A more powerful solution is to create an applet -- a separate program that is downloaded and run through your web browser upon request. Sun Microsystems created the Java language for this purpose, and Microsoft responded by introducing the ActiveX control subsystem. The difference is, Sun designed Java with security in mind whereas Microsoft didn't seem to understand that the monster they were creating with ActiveX could possibly ever be used for nefarious purposes. Microsoft's idea of ActiveX security is to require that publishers digitally sign their programs and to require that the end-user assent to the installation of ActiveX applets. There is no way to know what an ActiveX applet will do until you've run it, at which point it is too late to stop any damage it has done. Digital signatures do nothing to stop any malicious code.

No matter how many security patches Microsoft releases, ActiveX can still destroy your system or steal your data. The only way to prevent it from potentially harming you is to disable ActiveX, thereby limiting IE's functionality.

The second disastrous extension that Microsoft added to IE is the Browser Helper Object. Basically this is a DLL file that loads with Internet Explorer and has unrestricted freedom to download, run, and install programs or applets without your permission or knowledge. The security risk here is obvious and self-explanatory; coincidentally this is one of the tools used in the above-mentioned recent trojan horse attack.

BHO exploits will not be detected or stopped by antivirus software. Some kinds of spyware detection programs can detect these kinds of attacks, some can't. Rather than downloading and installing more software to fix problems in IE, it's best to just use a different browser.

Other than these self-destruct buttons that Microsoft built into IE, there is also the issue that, as a program, it was simply was not designed to be secure. SecurityTracker.com keeps a list of IE's security alerts -- see for yourself how serious the threats are to Internet Explorer and how often they occur. Compare that list with the list for Mozilla. Which one would you rather use?