6 Replies Latest reply on Oct 28, 2016 2:01 PM by haxtbh

    I just received some disturbing news

    WolfShade Level 4



      I just received some news that has me, quite frankly, concerned.


      I was told that our intrusion detection guys started noticing a user agent string that is presenting itself as almost everything.. IE, FireFox, Chrome, Safari, Opera.  These user agent strings were coming from inside, not outside, our network.


      After some thorough investigating, it was determined that the culprit was the Internet Explorer 11 on Windows 10.  Apparently, Micro$oft is a little annoyed that developers have been setting different code for different browsers, so they (apparently) are presenting IE11 under Win10 as "everything".


      I find this more than just a little disturbing.


      I do know that you should write code based upon available elements instead of using browser detection, and that browser detection is generally frowned upon.  However, there are some things, especially some CSS, that are entirely browser dependent - not all browsers parse 100% of CSS exactly the same.  Some consider borders when calculating width/height, etc., some don't.


      I think Micro$oft has, again, made our job just a little bit more of a pain.





        • 1. Re: I just received some disturbing news
          haxtbh Level 4

          Where is the evidence to back this claim up?


          Looking at our visits and internet explorer 11 users, we see nothing like this at all. I have not seen any rumblings on the internet to say such a thing is happening either.


          If this is something coming from inside your network then I would say that something inside your network is also changing these user agents, not the OS or the browser.


          I cannot see MS doing this on Windows 10 either as the flag ship browser is Edge, which is compatible with the webkit and blink engines, further reducing the need to write different code for different browsers.

          • 2. Re: I just received some disturbing news
            Steve Sommers Level 4

            I have not seen what you are describing and we have thousands of IE11 users - both internal and external. Also if MS really did do something like this it would be self-defeating as it would highlight IE inconsistencies more that solve whatever they were trying to fix (and for the life of me I cannot figure out anything beneficial for something like this).

            • 3. Re: I just received some disturbing news
              WolfShade Level 4

              First, I would like to apologize for one thing: the person who told me of this was not distinguishing between IE11 and Edge.  It's Edge that is doing this, not IE11.  Also, the person who told me of this included Opera in the list of browsers; Opera isn't, after all.


              I did reach out to our guys in intrusion detection (who corrected me on the IE11/Edge bit), and was provided a link to an FAQ page for Micro$oft.  If you scroll down to the question "What is the Microsoft Edge user agent string?", they have provided two examples (Edge, and Win10 Phone), plus their explanation of why.


              For Edge:  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/13.<OS Build #>


              So, Edge is presenting itself as Edge, Mozilla (FireFox), Apple, Konqueror, Chrome, and Safari, all in the same UA.





              • 4. Re: I just received some disturbing news
                haxtbh Level 4

                i don't see the problem with this. This is a standard. The user agent string tells you what the browser can support as well. Edge is compatible with blink and WebKit which is why it supports the browsers in its UA.


                Chrome and Safari have the same UAs with minor changes.


                for example


                Windows 10-based PC using Edge browser
                Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246
                Chrome OS-based laptop using Chrome browser (Chromebook)
                Mozilla/5.0 (X11; CrOS x86_64 8172.45.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.64 Safari/537.36
                Mac OS X-based computer using a Safari browser
                Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
                Windows 7-based PC using a Chrome browser
                Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36


                They all support the same web content so it shouldn't make a difference if they are the same.

                • 5. Re: I just received some disturbing news
                  WolfShade Level 4

                  Are you stating, then, that Mozilla, Edge, IE, Apple, Konqueror, and Chrome all parse CSS and JavaScript exactly the same?  All of them take everything into consideration, precisely the same, when determining the width or height of an element?  No difference, whatsoever?





                  • 6. Re: I just received some disturbing news
                    haxtbh Level 4

                    Pretty much. Im sure there are some very minor differences, and these engines are still being developed so some support different things sooner then others.


                    The Mozilla tag in the UA has been there for years, it was even in IE 8.


                    The difference between the browsers is the engines it supports and not the browser itself. All modern browsers pretty much support the main engines.


                    Each element in the UA is the engine that it supports i.e. WebKit, Gecko, Tridant, KHTML, edgeHTML, Blink.


                    Of these engines, a few are forks of other ones. EdgeHTML is the fork of Tridant and Blink is a fork of Webkit. This means they are pretty much the same adding better features or in Edges case leaving all the crappy IE ones behind.


                    The biggest difference now in the modern browsers is between Firefox and Chome, Safari, Edge & Opera


                    Alot of the time now if there is an issue its more likely to be a bug that needs fixing in the browser / engine then working around with UA detection.