November 14, 2002
I am sending this to you as I believe it is important that you know about these issues.
On Windows 98 or ME, IE5.5 still has the "security zone spoof" vulnerability even with all of the service packs, updates, and patches applied.
One of Microsoft's problems, over the years, has been that the right hand doesn't know what the left hand is doing, anymore, meaning, they have regularly released software that raised problems in their other products.
IE6, of any flavor, is incompatible with windows 98 or ME as shipped and messes up the Windows shell by installing a version of SHLWAPI only intended for Windows/XP! Last night I also ran into someone on the Adobe forum who is having the same issues in Windows 2000, though MSDN says it ought to be OK on that O/S.
In my search to find a solution I have found hundreds, if not thousands, of other users that are having what I believe to be the same problem; but, nobody seems to have nailed the true source and, ironically, all of the manufacturer's knowledgebase articles point them to very old problems.
Please read what I have written below and, if you don't care to pursue it personally, please forward to someone at Cnet that might.
If you a running Windows 98 or ME,
Internet Explorer 6, Service Pack 1 (IE6SP1) or the first release, will mess up your Windows 98 or ME system such that it may be impossible to repair. They both install a version of SHLWAPI.DLL that is only supposed to run on Windows XP, per Microsoft's website, and your system will not even boot if you attempt to replace it.
The SHLWAPI.DLL file, versions 6.00.2800.1106 or 6.00.2800.0000, installed by IE6 includes new functions for SHELL32.DLL, OLE32.DLL, and links to two external files, APPHELP.DLL and USERENV.DLL. Some of the functions are not supported on Windows 98 or ME and neither of the files exists.
After IE6 is installed, you will encounter oddly timed and mysterious crashes in products such as Quicken, Photoshop, Golive,CorelDraw, WinZip, Winamp, and many others; most often with a failure at a very high codepage, such as 157:xxxx, 17F:xxxx, or 187:xxxx. Your display may become corrupted with parts of closed windows not being refreshed. You may experience 16 bit crashes, characterized by the old Windows 3.1 message box.
When the crashes occur, you may also have your files corrupted. I have had my Quicken data damaged, Word documents corrupted (even though Word did not crash), Golive site and page files damaged, and, on one occasion, even had Winamp corrupt an MP3 file which was playing when it crashed.
There is one other factor in this which needs mention; no other browser but IE6SP1 is secure. Even with all of the updates and patches applied, despite what Microsoft claims, IE5.5 is still vulnerable to the 'security zone spoof" which allows an intruder to spawn a window in the "My Computer" zone, giving him free access to anything on your system.
So, the real choice is between security or random system crashes.
I, for one, think it is high time that we take Microsoft to serious task for releasing defective products in exactly the same way we have held Ford and many other manufacturers liable. The cost to American's in lost work and productivity due to Microsoft's flawed and defective products is in the trillions of dollars and we would not stand for it in any other product in the marketplace; think about it.
The release of a major product without even checking its compatability on Windows 98 or ME, both of which are still on store shelves across the country, is sloppy and negligent.
They might attempt to hide behind their EULA, which we have all agreed to; but, we did that in good faith and Microsoft broke that agreement in failing to perform its obligation to test their product prior to release, especially with other products they produce. Additionally, I simply cannot believe they are not aware of this issue more than a year later, yet there is not even a whisper to be found in their support database.
IE6SP1 is a part of MSN8 and is currently being shipped to more than ten million subscribers as I write this. Most of them will be running Windows 98 or ME and will be completely unaware of the consequences of popping the CD into their computer. Isn't it convenient that most of Microsoft's own products don't crash with IE6?
I have laid out the facts as succinctly and accurately as I know how. The errors I have listed are clearly visible with "Dependancy Walker" and are easily verifiable if you have access to several versions of SHLWAPI.DLL. I tried five while testing and the system will at least boot as long as they are put on a machine with an older version of IE.
If you have any comment on this, I invite your response. If you believe what I say and agree that Microsoft needs to fix their products, please Email me.
If any of your friends or colleagues are running Windows 98 or ME, I would suggest that they need to know, so pass it on.