Yet another reason Internet Explorer sucks

A study of 2004 browser security data shows that Internet Explorer is the least secure of the three major browser platforms: IE, Mozilla and Opera.

To conduct the study, the Browser Security Test people simply looked at how many days of 2004 each major browser had an unpatched remote code execution bug, that is, a problem which would let an attacker do whatever he wanted with your computer.

Internet Explorer had such a bug for all but seven days of 2004.

Actually there was only one period in 2004 when there were no publicly known remote code execution bugs — between the 12th and the 19th of October — 7 days in total. That means that a fully patched Internet Explorer installation was known to be unsafe for 98% of 2004. And for 200 days (that is 54% of the time) in 2004 there was a worm or virus in the wild exploiting one of those unpatched vulnerabilities. . . .

Mozilla and the family (including Firefox, Netscape Navigator and Camino browsers) display a much shorter window of opportunity for a prospective attacker. There were 56 days (15%) in 2004 when there was a publicly known remote code execution in Mozilla and no patched release. . . .

In 2004 Mozilla was not targeted by malware writers . . .

In total, in 2004 Opera had publicly known unpatched remote code execution vulnerabilities for 65 days (17%) – the two “unpatched periods” happened to intersect. There was no malware exploiting Opera bugs in the wild. — Browser Security Test

If you’re still using Windows, you need to stop using Internet Explorer immediately — well, after you’ve installed an alternative such as Firefox or Opera — and then disable access to it. Otherwise you’re just contributing to the security problem.

(Props to Schneier on Security.)