46
1
I have disabled Internet Explorer in the "Windows Features" dialog. Nonetheless Windows Update alerts me that there are security updates for IE.
I am aware that I cannot uninstall IE and it remains on my system. Are there any security issues if I do not install the available updates or can I discard all the updates for IE?
Stefan Surkamp
Posted 2014-05-02T18:44:46.550
Reputation: 591
38
An operating system is like a table.
A browser or other application is like an item on top of the table.
Internet Explorer is an application, but it's PHYSICALLY part of the table because of how Microsoft bundled it with the OS.
Even if you don't use IE you really need to install updates. If a hacker gains entry to your system, they may attempt to abuse a known vulnerability that you could have patched but didn't and then your problem is compounded. Additionally, since IE is a shell used by some other browsers (and other applications), if you're using one of those tertiary browsers (such as Maxathon) you would be stuck with an older version of IE that renders the pages (even though the interface is something else).
When dealing with vulnerabilities, you need to do a cost/benefit analysis; does the cost of the downtime to install, and any compatibility problems it produces, outweigh the risk or loss incurred from an attack?
John
Posted 2014-05-02T18:44:46.550
Reputation: 1 490
15First off, saying Microsoft's integration of IE is an anti-competitive practice is a bit much without a reference. There are some very good reasons to include a browser with the OS - at minimum, it provides a known browser/HTML reader that can be referenced by other programs (with certain minimum features, too). This culminates in companies writing applications as plugins for (older) versions of IE, as it was a common deployment environment (hopefully, this practice is on its way out). ALL applications have known "ignored" vulnerabilities, including Chrome, Firefox, etc. – Clockwork-Muse – 2014-05-02T23:41:44.237
5
@Clockwork-Muse References: United States v. Microsoft Corp, European Commission Statement of Objections.
– David Richerby – 2014-05-03T13:00:50.4001@DavidRicherby - At least some of the anti-competitive part was due to marketing and related non-technical tactics. It's possible that the initial integrating bundling was performed for purely technical reasons, or at least altruistic ones; among other things, it did add what was becoming an essential feature to the OS, for people who may not have the technical expertise to install/download one. – Clockwork-Muse – 2014-05-03T13:30:35.037
1If a hacker has access to your system out-of-date IE patches are the least of your problems. Why bother exploiting IE bugs when I can just run any program I like? – Casey – 2014-05-04T05:55:54.950
The only scenario I can see if an escalation of privilege issue, but that really needs to get patched at the OS level or else what's stopping me from running my own program that has the same "flaw" as IE (not a flaw to me in this scenario)? – Casey – 2014-05-04T05:59:33.337
@emodenrocket: when an insecure browser connects to the internet, it opens up avenues for compromising the OS, which may have been previously not accessible to hackers. – mc0e – 2014-05-04T13:28:29.997
@mc0e Sure, but if I have control of your machine and want to do something nefarious why wouldn't I just install a purpose-built RAT instead of trying to putz around with IE? – Casey – 2014-05-06T13:26:19.273
@emodenrocket. Agreed, but irrelevant to whether you should act to prevent people gaining that control in the first place, so update your browser. – mc0e – 2014-05-08T14:34:25.683
20
Other things use Internet Explorer that you may not be aware of, so if there are security updates for IE you should install them.
Other applications use scripts and pieces of the IE application.
I don't know exactly how it works, but yes you should install the IE updates.
Malachi
Posted 2014-05-02T18:44:46.550
Reputation: 1 069
15
You should always install updates for Internet Explorer, even if you're using a different browser.
Internet Explorer is very tightly woven into the fabric of Windows. For example, Internet Explorer's proxy settings, the hosts file and Windows Firewall are examples of parts of Windows that are intertwined with Internet Explorer. A vulnerability here puts your whole system at risk.
Additionally, as you can't uninstall Internet Explorer, it can run and make your system vulnerable. You don't know when it will run. For example, if you're viewing a Help file (.chm), Internet Explorer is rendering the page for you. Some browsers and other applications use Internet Explorer under the covers to render rich content. Again, a vulnerability here puts your whole system at risk.
Daniel A.A. Pelsmaeker
Posted 2014-05-02T18:44:46.550
Reputation: 1 193
11
I would absolutely suggest installing the update. IE is rather tightly coupled with the operating system and parts and pieces can be used by a surprising variety of applications. Even if you're not browsing with it on a daily basis, it's still on your system and is still a security hole.
More importantly, what's the risk/return on not doing it? The value of not doing it is not having to restart the machine. Meanwhile, if IE accidentally gets launched or is used without you being aware, it puts you at risk.
Just because you don't plan to use one of the pockets in your pants, if they have a hole, you should still patch them!
user24313
Posted 2014-05-02T18:44:46.550
Reputation: 211
22Yes; You should update IE even if its been disabled. Yes; There are security concerns if you don't. – Ramhound – 2014-05-02T18:50:00.373
5The real question is why SHOULDN'T you install the update? Does it interfere with an application you need to use? Otherwise, if it makes your computer safer... – WernerCD – 2014-05-02T22:15:25.753
7Some games/applications may use the system browser engine (IE on Win) for background tasks, or as a "skinned" browser. Steam formerly, for example. For this reason, updates to the browser are always a good idea. Just to add, you can delete IE, but it's hacky :) – Jongosi – 2014-05-02T22:44:58.120
8Internet Explorer is not a standalone piece of software like FireFox or Chrome. It is a part of the Windows OS. Which is why it is a massive headache as well as a security nightmare. You are right to not use it, but you cannot predict when Windows will decide a part of it must run whether you know it or not. – JakeGould – 2014-05-03T05:41:49.433
1Be aware that disabling IE may affect other software. I've learned that the hard way after wasting a couple of hours trying to install Corel Draw. The installer uses IE to display the EULA. – Dennis – 2014-05-04T16:42:03.407