Thursday, March 29, 2012

How Browsers Behave....The Good, The Bad & The Ugly

This article is intended as a primer for those who think that all web browsers are alike.
Read In New Wide Format (or Internet Explorer Users)

The Big Four
The four major browsers are, Internet Explorer, Firefox, Google Chrome and Safari.  The general wisdom on these browsers has been that Google Chrome is the fastest of them, and Firefox is the most full featured.  The current market share of these browsers can be seen from the most recent update on wikipedia and the chart below.  Firefox has the most fast paced upgrades easily surpassing the others with upgrades planned every six weeks.
via: wikipedia

Firefox has the distinguishing feature that it is the only open sourced browser on the market. This is one of the reasons why the upgrades can come online so quickly, comparing to the slower upgrades coming from the other closed  source, commercial browsers on the market.

"As anyone who's written a webpage will attest to, the normal approach to Web development is: write the page once, check it out in a bunch of browsers, then tweak it endlessly so that it actually looks the same—or at least, passably similar—in every browser you care about. Standards compliance is the best weapon Web developers have against this kind of proliferation." Peter Bright
The Disaster That Was Internet Explorer
It is shocking to hear that the now 11 year old operating system Windows XP released on August 24, 2001, still has a 47% market share on installed machines.  If this does not show the sad state affairs in the Windows world (pre Windows 8) we do not know what does.  Internet Explorer is not fairing much better, despite all of its recent upgrades.  Internet Explorer 6 introduced with Windows XP in 2001, still has an 8.38% of Windows users.  This despite the substantial security problems associated with it.
via: wikipedia (click to enlarge)

Internet Explorer 7 released in on October 18, 2006.  This upgrade was intended to "...fix the most significant bugs and areas which caused the most trouble for developers, however, full compatibility with standards was posponed."  Another classic and well known security breach with Internet Explorer 7 was its phishing filter which could be easily be overcome.  Again we quote wikipedia,
One successful method of bypassing Internet Explorer's Phishing Filter has been reported by redirecting a blacklisted web page to another, non-blacklisted page, using a server-side redirect. Until the new page is blocked as well, the attack can remain active. This flaw means that phishers can keep links from previous emails functioning by simply moving to a new server when their original web page is blacklisted and adding a redirect. This has been criticised as doubly serious as the presence of a phishing filter may lull users into a false sense of security when the filter can be bypassed.
As Anup Shah stated back in 2007 about Internet Explorer 6 & 7,
Since IE won the browser wars and came out with IE6 with Windows XP in 2001, that also seemed to mark the end of their innovation. To be fair, for its time, IE6 was the best browser around. The problem is, given the speed at which things change on the Internet, it is now the worst mainstream web browser for developers to deal with; web technology has moved on, but Microsoft barely has (on this front). It wasn’t until the start of the Web Standards Project that this began to change as people started coming together pressuring web browsers to improve, asking things like Why should developers have to waste so much time? Why can’t standards such as CSS be used across all browsers without coding for each browser (that you know of)? Why prevent people using your site?
"For years, Internet Explorer's page rendering has caused major headaches for Web developers and users alike. Some pages that look and function as designers intended in Firefox, Opera, and other third-party browsers have their layouts broken when rendered by Internet Explorer. IE 8 makes an effort to improve compatibility but ultimately falls short." Mark Edwards
Next came Internet Explorer 8, the last browser update compatible with Windows XP.  As of February 2012, it has a 14.71% market share. It was released in a wide scale on May 27, 2010. Microsoft was still playing catchup with other browsers.  While it added more standard features when compared to other browsers (for instance, automatic tab crash recovery), it eliminated useful features that had been implemented in Internet Explorer 7, such as the automatic restoration of a previous session, the autoComplete feature in the address bar inline, the elimination of CSS expressions and the ability to drag web page links and images to other programs.  This last feature was limited to the desktop or an open explorer window. Because it still supported the insecure ActiveX protocol, it was still able to be fairly easily hacked.  In a review of Internet Explorer 8, Mark Edwards stated,
Microsoft touts Internet Explorer 8 as a big improvement over previous versions of the browser in terms of security, speed, and compatibility. [...] Even though IE 8 adds some useful security features, its continued reliance on ActiveX makes the browser vulnerable in its very foundation. This lack of security is a primary reason many people have stopped using IE. Security isn't the only factor causing Web denizens to flock to alternative browsers. For years, Internet Explorer's page rendering has caused major headaches for Web developers and users alike. Some pages that look and function as designers intended in Firefox, Opera, and other third-party browsers have their layouts broken when rendered by Internet Explorer. IE 8 makes an effort to improve compatibility but ultimately falls short. Performance is another area where IE has trailed the competition. Just as IE 7 runs faster than IE 6, the new version 8 is quicker than its predecessor. However, early tests indicate that IE 8 is still much slower than other browsers. [...] There's no doubt that IE 8 is a much better browser than IE 7. Nevertheless, it's still inferior to Firefox and other alternatives. As to whether you should upgrade to IE 8 now or later, my advice is to use Firefox instead of either version.
A light At The End Of The Tunnel: Internet Explorer 9
Internet Explorer 9 was released in February 14, 2012.  This was the first version of Internet Explorer not compatible with Windows XP.  Again while Microsoft touted this along with others as finishing the catchup game with other browsers, Mark Kaelin from TechRepublic was not as impressed when he stated,
Microsoft Internet Explorer 9 is a good browser with some nice features that certainly deserve your consideration; however, it is not a revolutionary jump in browser technology that will forever change the way we interact with the Internet.
But the general consensus is better.  For instance, the ActiveX security feature has been potentially solved by giving the user the ability to turn it off completely, thus closing off the possible avenue for malware.  The downside to turning ActiveX off is that you have reduced access to certain websites and their features, at least so says the United States Computer Emergency Readiness Team,
Disabling Active scripting and ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this vulnerability. Disabling Active scripting and ActiveX controls in the Local Machine Zone will prevent widely used payload delivery techniques from functioning.
Also, Internet Explorer 9 is the only browser (at the time of its release) that supports hardware acceleration to speed up the display speed of images.  This can be seen in an article wherein Facebook designed a test engine to measure a browsers performance specifically targeting "...HTML5's game performance limits..."
click to enlarge
Some have explained that this dramatic difference is due to the hardware graphic acceleration support IE 9 now has.  Chrome, Firefox nor Safari have such a feature yet.  In the end, it does not really matter that IE9 is the only one to have this feature - the feature is there and very useful in the browser speed wars.

While all of this may be good improvements for the latest version of Internet Explorer, some of the same issues are still haunting IE as before.  One headache which has pursued programmers for years is the odd way that Internet Explorer renders web pages.  Now with a newly designed rendering engine, IE9 suffers from the success of its previous versions when it cannot render a page properly, due to the page being designed for older versions of the browser.

The "solution" for this problem is to use "compatibility mode" in the new version which will fix this problem, but place us back into the problem of newer and more friendly HTML5 pages again rendered wrong.  What is even more amazing is that the biggest speed advantage that IE9 may have may also be its undoing in this rendering problem with some recommending that the hardware acceleration feature be disabled to as to insure proper page rendering!  ComputerWeekly stated in an article titled, IT managers find Internet Explorer 9 fails to render websites and web applications, that
...Microsoft has identified a list of over 1,100 public websites that do not behave as expected under IE9. These include popular sites such as Youtube, the Wall Street Journal, UPS, the National Lottery, the AA, British Airways and the BBC in the UK. According to its support page for IE8 and IE9 compatibility, menus, images or text may appear in the wrong positions on incompatible sites; some websites features may not work; visitors to the site may see scripting error messages; and Internet Explorer could stop working or crash on some websites.
In the speed area Internet Explorer is slower than Google Chrome in every test used by ZDNet.  There is of course a great debate about the validity of the different tests used to gauge browser performance in things, like Javascript, HTML5 and other facets.  Some of the most popular tests like Kraken, Peacekeeper, Acid 3, and HTML5.

Steven J. Vaughn-Nichols' article Five Reasons not to 'Upgrade" to Windows 'Internet Explorer 9 created a large controversy in the comment section.  One who is interested in all the fine points of ActiveX, security, speed, 32/64 bit browsing would be do well to read the 11 pages of comments.  Insults abounded against the article, from accusations of the authors fabrication of test results to being in the payroll of Google (despite the fact that he complimented Mozilla at several places).  Certainly the author is not "bashing" IE9 as can be seen from this critique of some of the new security features of IE9,
For example, these days when attacking Web-plug ins, such as Adobe Flash is every hacker’s favorite new trick, IE 9 doesn’t alert you if you’re not running the latest plug-in, which Firefox does with Plug-in Check or automatically update them ala Chrome with its built-in PDF and Flash software. Better still, in Chrome, even if your plug-in gets hit by zero day attack, the most frequently attacked plug-ins, Adobe Flash Player and Reader, run in a sandbox so the attack can’t get to your PC’s operating system.
In another comment he commented on IE9's tracking implementation for privacy concerned users,
I also found one oddity in IE 9’s Tracking Protection feature. This idea first proposed by Mozilla is that users should be able to set their browsers so advertisers can’t track them as they go from site to site. It’s a good idea and to Microsoft’s credit they were the first to get it out the door, but… it seemed to me that if I was using two or more Tracking Protection Lists (TPLs)–Microsoft offers users five different TPLs-that when one list allowed a Web content or activity and another didn’t, IE 9 would default to allowing the tracking activity to happen. 
It turns out I was right. According to research by Which? Computing, and later confirmed by researchers at Stanford University and Microsoft, IE 9 does indeed defaults to allowing tracking behavior when there’s a rules conflict. In an interview, Hachamovitch said “The primary consumer role here is choosing a list author they trust. Auditing any such list requires privacy expertise as well as technical acumen. Propping up more check-boxes is unlikely to actually help consumers.’” In short, even though you can try to combine lists for added security, Microsoft would rather you stick with one and, at this time, they don’t plan on changing this.
All in all there is no doubt that Microsoft is heading in the right direction with Internet Explorer 9, but still has a long way to go.  The rendering problem mentioned earlier in this article will seemingly still shadow Internet Explorer 10 (not yet released but scheduled for October?).  We read in a Microsoft document the following amusing statement under "Interoperable Quirks Mode,"
Windows Internet Explorer 10 Consumer Preview provides an interoperable quirks mode that supports many features of standards mode. This allows Windows Internet Explorer to match the behavior of other leading browsers while retaining the compatibility support expected by many customers.
So it seems that for IE10 to survive it will have to at times pretend to be what it is not.  This reminds of the equally amusing Vista commercials which attempted to convince the customers to like the Vista operating system by telling them it was something else.  The sins of the fathers visit the children. 

No comments: