Today (December 23, 2010) at Computerworld, Gregg Keizer writes
Microsoft late Wednesday confirmed that all versions of Internet Explorer (IE) contain a critical vulnerability that attackers can exploit by persuading users to visit a rigged Web site.
Windows users shouldn't care about this bug. I don't.
Anyone at all interested in Defensive Computing walked away from Internet Explorer long ago. For ages, I've been a dedicated Firefox user, now I find that I use Chrome more and more. Reasonable people can disagree as to Firefox vs. Chrome; some may even like Opera. But no reasonable Windows user can make a case for Internet Explorer.
I will spare you my opinions. I will spare you all but one technical argument.
Internet Explorer is patched on a fixed schedule, Chrome and Firefox are patched when necessary.
To me, that's all the analysis needed.
In the same article Keizer says
Although the company said it would patch the problem, it is not planning to rush out an emergency update.
Or, put another way, given a choice between keeping to their schedule and keeping Internet Explorer users safe, Microsoft chose their schedule.
Keizer goes on to say that
The next regularly scheduled Patch Tuesday is Jan. 11, but because Microsoft usually updates the browser every other month, and just did so last week, it's possible the vulnerability won't be addressed until February.
Yikes. No wonder the market share for Internet Explorer keeps falling.
For a good, technical explanation of the current problem see Internet Explorer zero-day exploit - explanation and mitigation by Paul Ducklin of Sophos. Then again, use another browser and get on with your life.
And, speaking of software to avoid, let me suggest Seven reasons to use an alternate PDF viewer in Windows.
Finally, a confession.
Like many techies, I help friends and family with their computers. For a whole host of reasons, I find Chrome the safest browser for non-techies. But, I have done more than install Chrome and nudge people to use it.
I confess to having changed its icon.
Yes, I have removed the Internet Explorer icon from the Windows desktop and changed the Chrome icon to IE's blue E. I know it's lying, but I'm confident that everyone is better off this way.