Quote from the above article:
"To protect against the flaw, IE users are urged to disable Active
scripting and ActiveX controls in the Internet Zone (or any zone used by
an attacker). Other temporary workarounds include the application of the
Outlook e-mail security update; the use of plain-text e-mails and the use
of anti-virus software.
Surfers must also get into the habit of not clicking on unsolicited URLs
from e-mail, instant messages, Web forums or internet relay chat (IRC)
sessions"
As I said you need to properly configure IE and avoid questionable
sites/practices.
Here's a site that supports that figure, at least to some
degree:
http://www.greymagic.com/security/advisories/
I'm not sure what figure it supports?
You might believe that IE can be "patched and hardened" into a
safe browser. You might also believe in the easter bunny.
The fact is that IE is not safe "out of the box", and once
patched, you're only on a countdown to when the next flaw is
revealed. And THEN you're on a longer countdown to when that
flaw is patched.
Ditto for any other browser. It may 'appear' to be safe but I can
guarantee flaws will be found after it's release. For example:
http://news.com.com/2102-1002_3-5368397.html?tag=st.util.print
I don't wish to start a 'my browser is better than your browser war'. Just
the opposite. I want to emphasize that security is a process not a
particular piece of software. Regardless of the browser you use it WILL
have vulnerabilities and it's up to the person sitting at the keyboard to
ensure it's properly configured, updated and that they avoid questionable
sites/practices.
Something to ponder:
http://www.humanfirewall.org/rhfwm.htm
Another quote that empasizes this:
"Yet simply switching is not an effective security solution. Only if you
use the proper security tools and remain vigilant about staying up to date
and cautious about what you do online should you start to feel some sense
of comfort."
Source:
http://www.pcmag.com/print_article/0,1761,a=130479,00.asp
Christopher Jahn