While I take the original point of this thread on board I see no good reason to use an inherently insecure Browser like IE rather than Opera,which according to Secunia rarely exhibits an unpatched vulnerability.
As of 20-12-2008:
Internet Explorer 7… 9 Unpatched (most severe moderately critical)
Firefox 3.x…1 Unpatched (not critical)
Opera 9.x…0 Unpatched
I think one has to accept that the wider used browsers will be attacked more and more vulnerabilities will be found simply because more people use it. No browser can guarantee 100% from this vulnerability and just because secunia hasn’t found it doesn’t mean that the vulnerabilities doesn’t exist, all it means is that: Noone has discovered them yet.
I think people should you use their choice mainly based on usability of the browser and use Prevention based security product like CIS to do the protection for them. I mean this BO vulnerability is already covered by us so anyone using our product would have been safe anyway.
However: I do take on board the speed of patching which is important.
Melih
I agree.
Also, we can use IE7 in protected mode, which will lower IE7 rights. This will also help mitigate vulnerabilities, I think.
I agree with you Melih, the point here is, does a vulnerability inside a browser gets patched fast when this vulnerability gets widely known? Do browser developers use security through obscurity methods (this means the philosophy that a when men doesn’t know a vulnerability, men can not exploit this vulnerability…) to make a browser safe (Microsoft uses this method very often…) and do browser makers have a wide range of distribution infrastructure to get browser massively patched real fast… (Mirosoft is a superb example). So indeed using different browsers reduces risks, but it is not a solution. The root of the problem still exists and one way to protect yourself fast, without updating or patching is to use technology like in CIS. This is a long term solution, but does not solve the problem. Solving the problem, is making software without vulnerabilities… But I think this an utopia, cause we are humans, are we not? and the more comprehensive, connected software gets, the more holes get visible… So security through obscurity is not a real good solution… Prevention technologies like HIPS systems helps making systems safer and even open source do help developers to get closer to software that has less vulnerabilities, which also makes systems safer…
I find myself strongly adversed to any claim that encourage a passive approach to security in the same way I disagree on any claim that overstate security risks whereas I find reasonable to encourage my friends and acquaintances to pursue a participatory approach to security to eventually reach a point where they will be able to autonomously score the risks and take an educated guess on security related aspects. :-La
Encouraging people to learn and understand, starting with precooked recipes (baseline security policies) can potentially spring a constructive chain effect and decrease the number of users that neglect even the most baseline security related aspects. 
How many users still don’t update their installed software/component/OS out there? 
IMHO There is no need to fear undisclosed vulnerabilities when many exploits are unleashed soon after a legitimate patch is released. :-X
I wonder how many readers will drive a car whose brakes have broken many times confiding the airbag will counter any reasonable risk. ???
I really hope that those who don’t have any other alternative will at least consider safe driving. :-\
I certainly agree that the pro-active defensive strategy of both CMF and CIS is highly desirable,I use both myself.However I feel that it’s best to mitigate as many threats as possible before relying upon security apps. and minimize the target for malware.
I agree partially that I.E. is the subject of more vulnerabilities due to market share,but I feel that the architecture of Opera is far more secure as a baseline (Haute Secure integrated,separation from kernel,etc.).Of course vulnerabilities don’t always come to light immediately but historically any that are discovered are quickly patched by Opera.
I’d rather that the combined powers of CIS and CMF are there as an additional line of defence rather than acting as a ‘patch’ for a broken browser.
I would say using Protection is not a patch but a necessity not matter what you use. I don’t think neither you nor me know the source code for either IE or Opera to make a judgement about whether its more secure as a baseline. The point is: these vulnerabilites can affect any browsers therefore it becomes a pre-requisite to use Prevention based technology before you start using browsers, no matter which browser as none of them can guarantee 100% from any of these vulnerabilities. Just like before you start your journey in your car you fasten your seatbelt, before you browse, you better have Prevention based protection.
Our behaviour changed when seat belts were introduced. Our behaviour for online protection must also change now that we have Prevention based protection available to us (CIS).
Melih
Again I’m just looking at the historic precedent that has shown that vulnerabliities that appear in Opera have been both fewer in number and less critical than I.E. and have been patched far quicker.I guess that the former Opera programmer that you have now at Comodo would know more about how secure the architecture is,but I.E.'s abysmal record speaks for itself.
I’m fully in agreement on the whole pro-active security element it’s just that I prefer to start from a system that’s as secure as can be against current,known threats and leave CIS to protect against the unknown zero-day stuff.I run Opera within SandboxIE on a normal basis,CIS is securing SandboxIE against attack and is there for anything out of the ordinary,i just don’t trust I.E.
Well there are 2 ways to read the historic precedent…
1)IE has lots of bugs all the time…
2)IE has benefited from people finding all these bugs and its now fixed and hence more stable/secure…
Pls don’t get me wrong…I don’t have a preference as I like and use both opera and IE. But vulnerabilities do exist almost in every software and will continue to do so going forward. There is a direct relationship between marketshare and no of vulnerabilities found and this could be a good or bad thing depending on how you look at it.
At least we both agree before Browsing we must buckle up with Prevention Based Protection (CIS)!
Melih
I’d tend to go for option 1 personally
But we are totally in agreement about the benefits of CIS no doubt.
This is just my opinion, but, I don’t think we can say Opera is more secure than IE. It may have fewer vulnerabilities known to the public, as it isn’t as much used as IE, but that won’t make it “safer”.
We could say it would be safer than IE, if both had the same market share, which in turn would make both of them, perhaps, equal targets for malware distribution and other types of malicious attacks, and Opera would provide a better protection. I think that’s the only situation we could truly say Opera is “safer”.
Is just like old Mac OS is safer than Windows. Of course, it is not as much used as Windows system is, which makes it the main target. Makes sense. Viruses and other type of attacks do exist for Mac OS and Linux, but not at the same scale as it happens with Windows, which is more than justifiable.
As Melih said, prevention is the way, either a vulnerability is known or not, and CIS with SafeSurf or CMF provide it. There are other ways to improve even further such prevention, by using tools such as Haute Secure, which in IE and Firefox case, will offer real time preventive measures, unlike Opera, since it won’t work with Opera.
There is also LinkScanner Pro, which will prevent exploits and other types of attacks. I think LinkScanner Pro would protect their users against such attack. If not all, most of them. Nothing protects 100%. Hence a layered protection is needed, IMHO.
As I also said before, people can use IE7 or IE8 in Windows Vista (Not sure about XP, as I never used it in all my life.) in Protected Mode (IEBlog | Microsoft Learn), which will lower IE7 and IE8 rights, which in turn will mitigate vulnerabilities. I know UAC is needed for that (unless I’m wrong), and most people will feel annoyed by the alerts, but it is possible to tweak UAC to show no alerts at all.
It is also possible to turn DEP for IE. Maybe one more layer for BO protection, along side SafeSurf or CMF.
The means are available. The problem is that, most people, are not aware of such defense mechanisms.
I have them implemented, and even not performing regular searches in IE7, other people do, and no single infections ever occured in this system through IE7, even with all vulnerabilities known and known to be exploited by hackers.
Will all this mean that someday, for some reason, this system won’t get hacked through IE? No idea. I hope not. But I also am not so sure about Opera and any other less used browser. Only other times would tell it, I guess.
We just need to protect ourselves the best way we can and hope to have some luck and never get hacked/infected.
Anyway, just my opinion.
Best regards
LA’s first post in the thread
It’s fantastic… this new IE vulnerability even caused news articles in the largest news papers of my country. “Panic, panic, you should consider an alternative like Firefox, Opera or Chrome.” And all the time people would have been safe if the have had Comodo BO protection.
(R)
LA
No offence but whether or not Opera’s coding is safer than I.E. the end user is far more likely to encounter malware surfing with I.E. than Opera,so in that sense it’s irrelevant since it’s that which is important.
I disagree respectfully that there’s no evidence to support my assertion,I referenced Secunia which shows 9 vulnerabilities which are known about that are unpatched,some of which are very severe and this is by no means uncommon.On the other hand any issues that are discovered to affect Opera are patched almost immediately.Nobody can predict how and where as yet unknown threats will strike,however there’s no reason to believe that the past experience isn’t a good guide to future practice.
See how lucky you are!!! You got a news paper alerting people!! Not even one here!! 
Sorry for the off-topic guys, but what LA’s mentions sure tells that some people are concerned alerting other people, even if alerting in an alarming way. Sadly, it does not happen everywhere!
I had my retired neighbour come over the other day warning me about this issue,in a right state she was.I wouldn’t mind but they don’t even have the internet there. 
It really was an extraordinary event - I’ve never seen daily general newspaper write about such a thing before.
LA
I never said otherwise. I totally agree with you. And why is that? Because Opera is the most widely used browser?
Don’t get me wrong. I’m a Opera user. One of the reasons is because is not as much used as IE, hence less vulnerable. But this doesn’t mean that, if Opera was as much targeted as IE, that it would be safer.
I once posted in a thread asking for help, after being redirected to a malware site, using Opera. After a few days of checking my system and all, I came to the conclusion that SUPERAntispyware was finding nothing but it’s own definitions as malware! The attack has been stopped by LinkScanner Pro before the malware site could do anything to my system. I just didn’t know it, because I had LinkScanner setted not to warn me about any exploits/other attacks.
Does this mean Opera is not safe? No, it doesn’t. Does it mean it is safe? No, it doesn’t.
But, Haute Secure, which partnered with Opera, didn’t do much about it.
Version IE6 and previous versions may have been way vulnerable, but with IE7 Microsoft brought a way more secure browser. I’m not saying it is 100% safe. It isn’t. Nothing is. But one cannot deny it.
Version IE8, will bring security even further. Who knows what the final release will bring to users. Who knows what other versions will bring as well.
I’m not a Microsoft fan, but, I must admit that they’re improving their system’s and applications security.
I also agree that Microsoft should be faster applying the patches for the vulnerabilities.
Haute secure was only recently integrated with Opera so I’m not sure if that was a factor with you.I think I’ve been misunderstood here though,I’m not saying that using Opera is perfect security in itself,I use CIS and SandboxIE too.
My argument is that up to now I.E. has been full of holes which Microsoft haven’t always been in a hurry to address.Call me a cynic but that cavalier attitude to people’s online safety doesn’t inspire me with confidence.Yes CIS closes up those holes pro-actively but my point is that it shouldn’t have to that’s Microsoft’s job.
Again not that I care whether its MS or not… but MS does not make security products. They make OS and now Browsers. their function is clear… browsing and providing OS functionality to other apps. Of course they should not have a cavalier attitude to issues when identified but I don’t believe we should expect them to offer security and I don’t believe we should expect them 100% bullet proof. And because we don’t expect these 2 things, what has happened (eg discovered new vulnerability) becomes a reasonable outcome.
Just like in the real world, our doors are there but we still use additional security… cos we know nothing is 100%. So expecting 100% security from MS is not going to happen, thats why CIS exists. We are the component that secure your PC.
Melih
My annoyance with Microsoft is that they are fully aware of these threats yet don’t rush to address them,that’s unforgivable considering the huge financial cost of malware worldwide.I don’t expect any pre-emptive security from their browser just that they address the problems that are evident.I don’t expect CIS to have to cover for the sloppiness of other products even though I accept you do it very well.