Cert Says Stop Using IE


A recent CERT advisory has recommended that users stop using IE as their browser.

Use a different web browser

There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites. Such a decision may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML).
From US-CERT Vulnerability Note VU#713878
Referenced Fri Jul 16 2004 09:01:05 GMT-0600

If you're a Mac user, of course, you've already done that since IE on the Mac is far behind Safari or Firefox. If you're a Windows user, you can try Mozilla if you want a full featured browser with built-in email and address book, or Firefox for a fast browser-only solution.

Oliver Rist at InfoWorld has a column on the pros and cons or switching at the enterprise level. The summary is that you have to give up ActiveX, but you gain in security without giving up anything in general usability or user productivity.

If you haven't stopped using IE in your enterprise, now might be a very good time to give it serious consideration.