It’s bad enough that Internet Explorer is full of security holes, but the dependency of Windows Update on IE means your average user is hosed if IE gets hijacked by malware on his or her machine. This recently happened to my brother-in-law. Every time he launches IE, some nasty malware program that hijacked his IE install takes over and opens up 30 browser windows pointing to commercial sites owned by the writer of malware.
This particular piece of malware appears to have taken advantage of a vulnerability in Microsoft’s ancient JVM in order to implant itself. Even after I walked him through removing the JVM DLL, the problem was still there. After exploiting the JVM hole, the malware apparently inserted several other tendrils throughout the windows/system32 directory and elsewhere.
Since IE is unusable on his machine, Windows Update is effectively unavailable to him. While I can understand Microsoft wanting to simplify the user interface for Windows Update by using a familiar web browser, they could have at least provided a less functional, but more secure version of IE. Or even better, automatically install Mozilla with Windows and use it as the default UI for Windows Update. Of course, then most Windows users would realize just how bad IE really is.
Since I was having to help him out remotely, the simplest and best thing to do was to walk him through downloading Mozilla Firebird via command line FTP from ftp.mozilla.org. Obviously, he couldn’t download Firebird via a web browser and HTTP, since IE was the only browser on his PC. Fortunately, within a few minutes, I had him up and running with Firebird. Mozilla Firebird imported all his IE bookmarks and provided an immediate step-up from IE by blocking pop-up ads.
Good luck on quickly finding an anonymous FTP site where you can download the newest version of IE. I found the anonymous FTP site and download directory for Firebird in less than a minute from when I started browsing the mozilla.org site. After about five minutes of searching the Microsoft site unsuccessfully for an FTP site for IE, I gave up. IE, you are the weakest link.