Trustworthy browsing
Preventing advertisers and analytics firms from tracking one's progress around the Web has become something of a hot-button issue. Microsoft's approach to this is two-fold. Tracking Protection Lists (TPL) allow users to opt into lists published by privacy organizations to block such tracking mechanisms. The company has also slipped in a new mechanism just in time for release, too; if any TPL is in use, the browser will also send the Do Not Track header, also being sent by Firefox 4.
This serves as a belt-and-braces approach to privacy protection. TPLs are active protection; they prevent the browser from downloading various tracking devices (mainly JavaScripts and single-pixel images) completely. What isn't downloaded can't be used to track. The Do Not Track header is passive. It relies on trust—the Web server the browser is visiting must notice that the header is there, and then respect it—and currently has essentially no real-world value. There is, however, the possibility that it will gain Federal Trade Commission or legislative support, at which point it might start to gain some meaning.
The approach of sending the header while using a TPL does not seem ideal; different TPLs might block different kinds of tracking (for example, one might block advertisers, another might block analytics), but the Do Not Track header will be sent to everyone, regardless of the intent of any installed TPLs. That's not an issue now, as the header doesn't have any real meaning, but it could become an issue in the future.
Beyond that, the inclusion of ActiveX blocking will be welcome to those who dislike Flash but have to keep it installed for compatibility. It's simple, but effective.
Some new trust features will only come into their own now that the browser has been released. In particular, the browser now attempts to warn about unsafe downloads. Any application that is downloaded has a reputation. If lots of people download the same program, it's probably safe, so it has a good reputation; if you're the only one to ever download it, it has a much higher chance of being something nasty, so its reputation is bad. Or at least, that's the thinking. Attempts to download programs with bad reputations will earn an additional warning. The true value and efficacy of this system will only really become clear once the browser is in wide use.
A new development process
With these goals came a new way of developing the browser. Instead of producing a beta or two and then perhaps a release candidate, in March 2010 Microsoft said that it was going to release what it called "Platform Previews" every eight weeks or so. These previews would have the underlying improvements to the browser's core, giving Web developers the opportunity to experience both the greater performance and greater standards compliance that each new preview provided, but didn't come with any real browser interface.
This site has long criticized Microsoft's browser development approach. The combination of infrequent releases and relative lack of access during beta periods made it difficult for developers to gauge the direction that the company was headed in, and so it was hard to provide timely, relevant feedback. Nor were we confident that the preview releases would do enough to redress this issue. Now that IE9 has shipped, it's fair to say that the previews did the job admirably. Microsoft showed steady progress, introducing substantial new features such as support for the HTML5 video and audio tags, canvas graphics, and WOFF fonts. Each new release made great strides in performance, too.
Many thousands of bugs were filed against the browser, and they were all examined and addressed (though not necessarily fixed). Microsoft says that the bugs that were filed were high quality, too, with something like 50 percent of issues raised proving to be legitimate. In previous Internet Explorer development periods, the beta release would be the first opportunity to actually test the browser's rendering engine. With IE9, we already knew that the engine would be high quality thanks to the preview program. With the previews, Microsoft has shown that not only can it develop a high quality browser; it can also do so in a way that effectively engages with the community.
The company has also provided a solution of sorts to the desire to test and experiment with more unstable specifications. Prototype implementations of features that are still in flux can be installed, giving developers the access they need to provide the experimentation they need to do, without running any risk of real sites actually depending on these features. These prototypes have been updated regularly, and their update schedule is governed by the frequency with which new drafts of their specifications are developed, rather than any fixed eight-week interval.
And now the bad bits
The biggest problem, and the biggest risk, faced by Internet Explorer 9 is that of compatibility. Not with websites—it does a great job there—but with operating systems. Because of its use of Direct2D and DirectWrite, which are only available on Windows Vista and Windows 7, it does not run, at all, on Windows XP. Though Windows XP's market share is declining on the back of strong corporate uptake of Windows 7, it's still the most common version of Windows. And it can't be used with Internet Explorer 9.
This wasn't a bad decision. The performance improvements made by the use of DirectWrite and Direct2D allow a new class of Web application to be developed. They greatly extend the range of what is possible and practical to do on a website. Platform security features that Internet Explorer 9 leverages also make the switch to more modern operating systems desirable. Some of the things that make IE9 a better browser are things that simply do not exist on Windows XP.
Nonetheless, it's plain that this will hamper adoption of the new browser. Firefox 4 includes Direct2D (and, optionally, DirectWrite) on platforms that support it, but it will still run on Windows XP; on that operating system it falls back to software rendering. This makes it slower, certainly, on that operating system. But it will still work. Windows XP is declining, and it's understandable that Microsoft has chosen not to target a system that will be a decade old this October. But it does mean that Microsoft may struggle to win over users.
It's also a little disappointing that the 64-bit version is less polished than the 32-bit version. It can't be made the default browser, and it doesn't include the new, high-performance scripting engine. Microsoft has long argued that 64-bit browsing isn't necessary; most plug-ins are only 32-bit, and so, the argument goes, browsing must be a 32-bit activity. This is unfortunate. One, it leads to a certain chicken-and-egg problem: there's little incentive to develop 64-bit plug-ins since nobody uses a 64-bit browser due to the lack of plug-ins (though Adobe Flash 11 is likely to include first-class 64-bit support, resolving one of the big stumbling blocks). Making the 64-bit version first-class—the same features and performance as the 32-bit version—and ensuring that, at least, Microsoft's own plug-ins (such as Silverlight) were supported would go a long way towards making 64-bit browsing viable. This is, after all, much the same route as the company took with Office.
The reason that 64-bit is desirable is particularly because it offers the potential to strengthen certain anti-hacking mechanisms. Address Space Layout Randomization (ASLR) depends on the ability to change the in-memory layout of things like DLLs. In a 32-bit process there are only a limited number of random locations that can be chosen. 32-bit processes are also more vulnerable to anti-ASLR measures such as "heap spraying" (wherein a large proportion of the browser's memory is filled with malicious code to make it easier for an attacker to trick the browser into executing it). 64-bit is by no means a panacea, but it does strengthen these protection systems. For something that is as frequently attacked as a Web browser, this kind of defense in depth is desirable.
This is especially true as the 32-bit plug-in issue is not insurmountable. Safari on Mac OS X is a 64-bit process on suitable systems. It gets around the plug-in problem by running plug-ins in separate 32-bit processes. This is an approach that Microsoft could, and should, take.
I suspect that IE9 will also struggle to win over the geek demographic. It's a very solid, effective browser, but the lack of "power" features (such as the richer tab handling, automatic session restoration, and extensive extension support) means that this community will likely be better-served by something like Firefox. Though such users are themselves a minority, they are nonetheless influential—they spearheaded Firefox's adoption, acting as advocates for that browser, and are doing the same for Chrome (though in the latter case, Google's substantial advertising budget is also a big help). In the Internet Explorer 5 days, these were the same people encouraging the abandonment of Netscape Navigator. As good as Internet Explorer 9 is, I don't think it's going to be enough to win them back.
There are also lingering questions surrounding the question of what happens next. The new development process was successful, and has built up a lot of momentum, but the company is still, for the moment, keeping quiet about the next move. If there will be no browser version for another two years, then in spite of all IE9's remarkable progress, the game is lost. There's already a good chance that Firefox 4 will leapfrog it in most regards when it is released in the next week or two; its time at the top will be short-lived. The world of browser development is fast-paced.
In an ideal world, the platform preview program will continue, aiming towards the release of, say, IE9.5 or IE10 in six to eight months from now, certainly no longer than a year. This would allow Redmond to keep pace with the Mozilla and Google developers, and one might even say that it would herald the welcome start of the third browser war. Certainly, the company doesn't want to let the momentum flag; it knows it's onto a good thing with the previews. But as of right now, all that exists is rumor and conjecture. Internet Explorer Vice President Dean Hachamovitch is giving a keynote presentation at next month's MIX conference in Las Vegas, and while this is expected to focus on IE9 for Windows Phone 7 (due later this year), it's hoped that he will also give a look forward at the future of the desktop browser.
Internet Explorer 9 is a triumph. Not perfect, but still a first-rate product. Microsoft really has built a better browser here. It's arguably the most modern browser on the market—for a few weeks, at any rate. If you use Internet Explorer, and you're not stuck on Windows XP, you should switch. Even if you don't use Internet Explorer, you should try it out. Internet Explorer 6 and 7 are embarrassments that you should be ashamed to use. Internet Explorer 8 is acceptable, but no more than that. Internet Explorer 9 is the anti-IE6. It is an excellent browser that can be used with confidence and pride.
reader comments
362