Is IE still a security risk, even if you're using another browser?

I have read about how Firefox or Opera users got their computer infected with malware, but through Internet Explorer. If Firefox or Opera is open, and IE is closed and not used, how could a drive-by trojan get onto someone's system? In other words, how does it get around Firefox or Opera?

Thanks for any input.

 

well if you use instant messager and click on a link then it opens in the default browser.
so if internet explorer is the default browser then any links from instant messenger and your email client will open in the internet explorer.
so my best advice is to set firefox or opera as your default browser to avoid any drive by downloads.
lodore

 

Uninstall I.E ? Put the IE executable in a protected state ?

 

Thanks. A thread here on the Yahoo Messenger worm confirms that. Would this mean that only other applications act as the conduit for malware? That if only Firefox or Opera is connected to the internet that a drive-by is not possible?

 

Have heard varying theories on not using IE but still being susceptible to infection due to its` integration with Windows. Have never heard a definitive answer. Other then to keep your system fully patched.
As far as "drive-bys", a good properly configured FW be it a router or PC based should pretty much take care of that.

 

IMO, because IE is such a big target, it's always at risk. Beyond the web itself, things like CHM help files usually open with IE. HTA files too. And clickable links can be structured so they open in IE, even if it's not the default browser.

My feeling is to lock IE down. Consider changing it's default security setting in the Internet Zone to HIGH. Place the sites you need and trust in the Trusted Zone. This at least gives you some control over file/ActiveX actions.

Of course, some might say I'm paranoid...

**EDIT**
Based on my understanding, I don't advise removing (or trying to remove) IE. If for no other reason, it's our only link to automatic Windows Updates. Most users don't want to track down updates manually...

 

Actually fine suggestions. The only time I use IE is for updates and the .01% of the time I run across a site not viewable with FF.

Paranoid? Just because you think they are after you does not mean they are`t.

Updates can also always be gotten using Belarc Advisor. They usually run a few days to a week behind the actual release date....but still an option. Also very handy if you are wanting to do a "slip stream" install CD.

 

Thanks. That makes alot of sense. I found this website which goes into some detail about the benefits of removing IE and why it's a security risk even if not used, but I haven't been able to understand the terminology completely to know if what is being said is accurate or not:

Does this mean using an alternative browser (behind a firewall with XP, IE fully patched) and with no other software open still leaves you somehow vulnerable with IE on your system? Or are the problems related only to a combination of unpatched systems and third-party software like internet messenging, etc?

Wikipedia's article for IE mentions several consequences that seem to outweigh the benefits of removing it, if I understand them correctly:

 

I agree that the Local Zone could be a concern. But, that said, I would hazard a guess that if one's Local Zone is entry point of a direct malware infection, your PC might already be compromised elsewhere. IMO, the biggest risk is still the Internet Zone...

 

Lockdown IE:
IE-SPYAD
XML-MENU
IE running as Normal User
Noaccess.rat
SpywareBlaster