Diversifying the software we use could reduce this risk. As you note, many good browser alternatives exist; using one can help you avoid IE-based attacks. For example, this Web Informant essay written by Bob Matsuoka, President of Runtime Technologies, makes a strong case for Mozilla Firefox. In addition to Firefox, a few other commercial and free web browsers include Deepnet Explorer, Konqueror, Lynx, Mozilla, Netscape, OffByOne, Opera, Safari, and SecureIE.
As Matsuoka notes, compatibility is an important consideration when choosing a browser. Many Web sites today are developed for IE viewing, making extensive use of Microsoft proprietary features like ActiveX. You may have trouble using those sites with any alternative browser -- or even with IE when configured to reduce risk. One possibility is to use non-IE-software as your primary browser, launching IE only when required to use cranky sites that you absolutely must be able to access.
I wouldn't stop with Internet Explorer -- a very large number of exploits are written for Outlook, so I use an alternative e-mail client. You can find a long list of e-mail clients here, including several from companies that also develop web browsers. But keep in mind: many users are required to access corporate e-mail through their company's standard desktop client, whatever that might be. Even so, you might reduce risk by using something other than Outlook to access personal e-mail account(s).
This was first published in October 2004