May 12th, 2011
One of our guiding principles in Internet Explorer is to keep users in control of their browser. This applies to settings like the home page, enabled add-ons, and the default search provider. Sometimes, 3rd party software changes the consumer’s default search provider without their consent. Consumers may be surprised to see search results from an unfamiliar Web site and may not know how to change back to their previous default search provider. As we work with developers to ensure that they use the proper method to change the default provider, IE protects consumer’s choice with User Preference Protection.
We’ve made several enhancements to User Preference Protection in IE9 so it stays out of the way while you browse. In this post, we revisit the motivations for this feature and walk you through the changes that we’ve made in IE9. We also reiterate the guidelines and best practices for 3rd party developers to follow to change the default search provider properly in IE.
Search Provider Extensibility in Internet Explorer
The default search provider is an integral part of the browsing experience. IE9 displays search results from the default provider when you enter a search query in the One Box for the IE or pinned site window. The default provider is also your default search accelerator.
IE promotes user choice with search providers. In IE7 and later, Web sites can create and advertise their own search providers via APIs that support the OpenSearch Web standard. You can also find search providers through the IE Gallery and switch providers as they search in the One Box. You can change your default search provider in Manage Add-ons.
IE also provides APIs for 3rd party software to install new providers and to change the default provider. These APIs change the default provider only after confirming the user’s consent for the change. Using the APIs ensures that the software is following the Guidelines and Requirements for IE add-ons.
For example, when you install a 3rd party software application you will see the following dialog if you choose to change the default provider in the installer. IE does not need to be running for this dialog to appear.
This dialog shows you the name and publisher of the software that wants to change your default provider. The information is obtained from the software module calling the API. We designed the dialog to ensure user choice is respected. You must make a deliberate choice and to prevent you from inadvertently changing to the new provider if you skip through the dialog quickly. IE changes the default provider only if you make an explicit choice to do so on the dialog.
Some 3rd parties choose to change the default provider through modifying the registry value that stores the default. This is not a supported mechanism, does not follow recommended guidelines, and can lead to stability issues in the future. Most importantly, it doesn’t keep users in control of their search settings like the above API method. Users may end up having their search queries sent to an unknown Web site.
Furthermore, we’ve seen cases where multiple 3rd parties repeatedly modify the registry value to their own provider. This puts users even further out of control. This can lead to users uninstalling the 3rd party applications to prevent the applications from playing search provider roulette. This isn’t good for consumers or 3rd party application developers.
Protecting Search Provider Preferences in IE9
The User Preference Protection feature provides protection against 3rd party modification of the default search provider registry value. It informs you of changes to the value and lets you decide whether to accept the change or keep the current search provider. IE9 has several enhancements to this feature to further minimize interruptions when you browse.
Staying out of your way
Consider the following scenario where a 3rd party program tries to change your default provider to “Contoso Search” by modifying the default provider registry value. Once IE9 detects a change in the registry value, it respects your previous choice and reverts back to the original default provider immediately. In the picture below, notice how your default provider remains as Fabrikam even though the Contoso Search provider is installed (third icon in the list).
Instead of displaying a modal dialog requiring you to make a decision, IE9 displays the following notification.
If you didn’t intend to change your default provider you can also ignore the notification. The URL that IE displays in the notification is the top level domain of the search results page that the provider will navigate to when you use it. Displaying this information protects you from spoofing attacks. Finally, since IE is unable to tell which program changed your default, the notification makes it clear that the change is from an “unknown program.”
One opportunity to be the default
We addressed the search provider roulette problem in IE9 by minimize the number of notifications you’ll see about changing the default. When you choose not to change the default search provider through the above notification, IE will never ask you about changing the default to that provider again.
This behavior only applies when default providers are changed via the registry. For example, if you select “Don’t change” in the above usage scenario, IE no longer notifies you about changing the default to Contoso Search if it continues to be modified in the registry. But if the 3rd party program uses the API to set the default to Contoso Search, you will see the above dialog properly. You’ll also be able to change the default provider yourself through Manage Add-ons as described earlier.
The User Preference Protection feature in IE9 continues to prevent 3rd party programs from changing the default search provider without users’ explicit approval. The improvements introduced in IE9 ensure that IE stays out of the way and minimizes repeated interruptions during browsing while protecting user’s choice. For example, if users don’t act on the notifications, IE will never change their default provider.
In general, we discourage developers from setting the default provider through modifying the registry. It’s against our stated guidelines and is an example of unsupported extensibility that may lead to compatibility issues with IE in the future. If developers follow the add-on Guidelines and Requirements, users should never see User Preference Protection in action.
Developers should use the supported APIs that we introduced in IE8 to set the default. This ensures that users stay in control of their search provider setting. You can consult this article to review the best practices in detail.
—Herman Ng, Program Manager, Internet Explorer