Kat -

If you try to remove IE in any of the early versions of Windows, it will merely set you back to the "default" version that came with that Windows version. I believe that with WinXP that was IE ver 5 or something thereabout.

With the WinXP default version, Windows update won't give you security patches, so you need to allow an update to a currently supported version.

Through WinXP, and for the most part Vista, IE can't be separated from Windows Explorer, and some Office programs appear to need "common files" that would have to disappear for a "removal" of IE. There are claims that the newest Win7 will allow removal; but it's not clear whether that means the files are removed or you just delete the shortcut and hide the .exe.

As long as you have a supported version of IE your Microsoft Updates will install security patches to IE.

Malware that might get on your computer (via IE or any other path) could be crafted to open IE and use it, even if you don't. Since you can't remove IE without disabling other things you probably want, you need to have it up to date, and should permit "critical" patches as they come along. If you don't use it, you probably want to disable macros and other "applets" and set IE for a high security level.

Microsoft products get attacked more frequently that others, simply because there are more of them out there and it's more profitable to attack the largest target. Microsoft patches on a regular schedule, every week, and IE vulnerabilities are patched as quickly as possible when they are found. Other browsers are not invulnerable, but are (so far) safe from the vulnerabilities that no one has bothered to find - yet.

Malware operators thus far have concentrated mostly on IE because they can get lots of hits quickly, but the opportunity disappears as people apply the patches. (Unfortunately a lot of people don't.) Other browsers issue patches much less frequently, and often don't tell you when one is needed. For some, patches come only when the version number gets rolled over.

Other browsers will get more hits, and will be seen as less safe, when the "survival time" for an exploit against 20% of the browsers (recent Firefox?) exceeds four times as long as the survival time for 80% of the browsers (recent IE?) - other factors being comparable.

It all depends on where the crackers can make the most buck$.

But YES, with WinXP you should update to at least IE6 now, and should keep it patched, even if you don't use it. Windows update should take care of it for you, but can't do a complet job of it unless you first upgrade to a currently fully supported version of IE.

John