People who plan to run Windows XP after Microsoft pulls the patch plug should dump Internet Explorer (IE) and replace it with a different browser, the U.S. Computer Emergency Readiness Team (US-CERT) said Monday.

US-CERT is part of the U.S. Department of Homeland Security, and regularly issues security warnings and threat alerts.

"Users who choose to continue using Windows XP after the end of support may mitigate some risks by using a Web browser other than Internet Explorer," US-CERT said in a Monday bulletin. "The Windows XP versions of some alternative browsers will continue to receive support temporarily. Users should consult the support pages of their chosen alternative browser for more details."

US-CERT's advice was not new: Security companies and experts have said the same before.

Because Microsoft ties support for Internet Explorer (IE) to the underlying operating system's end date, people running Windows XP will also not receive patches for IE7 or IE8, although others, including customers running the same browsers on Windows Vista and Windows 7, will continue to receive fixes.

IE6, which debuted several months before XP in 2001, will be retired from all support next month.

With IE patches ending, security professionals have urged people sticking with XP to run a browser that will receive bug fixes, like Google's Chrome, Mozilla's Firefox and Opera Software's Opera.

That anything-but-IE advice stems from on the fact that Windows malware often enters a PC by exploiting a browser vulnerability. Exploits of unpatched bugs, described as "drive-by attacks," only require the user to browse to a malicious or compromised website, where attack code has been pre-planted.

Computerworld