Michael Howard passes along a pointer to this excellent article by Art Manion, an Internet security analyst at US-CERT, a public-private partnership that focuses on protecting against cyberattacks under the auspices of the Department of Homeland Security:
In November 2003, the CERT Coordination Center first advised Web users to consider using a Web browser other than Microsoft Internet Explorer.
IE’s problems at the time were pervasive, and many of them were rooted in its complicated architecture. Vulnerabilities in IE were being reported almost monthly, and users faced risk until Microsoft released updates. …
Since then, there have been two developments. First, Microsoft released security enhancements in its Windows XP Service Pack 2. Second, attackers have begun to exploit vulnerabilities similar to IE’s in alternative browsers. …
All Web browsers face similar threats, and some share similar design features. … There is no silver bullet, no such thing as 100 percent secure. Security requires a balance between functionality and cost, and relies on concepts of trust and risk tolerance.
For some people, switching browsers is a reasonable step in a comprehensive security program. But it’s only one step, and you can achieve the same level of security using Internet Explorer by changing a handful of default settings. Understanding the nature of the threat and changing behavior accordingly is far more important than relying on a single program – or even a suite of them – for protection.
Ed Bott 