All software has bugs, some of which can be exploited in some way by a third party. This is a fact of life.
I could walk into the path of a passing car. This is a fact of life.
Both are risks which I face every day, and survive!
I am not a big fan of open souce / "free" software for anything other than very specific servers/services, and even then I have to judge every case on its merits.
I used to use ICQ, but got sick of someone removing a copy of the user database and selling it to (what were usually poor quality, or imoral) porn sites. I stoped using it, well aware of the issues there.
The MSN bug or exploit you refered to, is not actualy a messenger bug, but a bit of sloppy code in the IE framework.....no great surprises there!!! Every time i fire up a browser, or outlook, or most MS apps I would potentialy be opening my self up to attack, even in posting this!
But guess what, ran the sample script, and it did not work on my system. :bannana:
Why? - because I keep on top of my patches using (amongst other things) that old chestnut Activeupdate.
Microsoft come under fire more than most software vendors beacuse of there marked presence, especialy in the desktop environment.
As a result, does that make me a high risk user here at home? No!!! There is enough fodder of poorley configured systems out there to mean that I can feel quite safe sitting in my own home using my laptop over a wireless network meaning anyone with an ounce of knowledge sat within say 50M of my house can decrypt every packet sent over my network !!! (lets not even get into the insecuritys in WEP etc!)
Microsoft being so big make easy targets for the press, and as such are getting there act together in terms of patching and security. Keep on top of it and your system may be vunerable for a day, week or maybe a month after the vunerability is discovered. Maybe you will be affected, restore a backup and get on with your life!
Chances are tho that as the script kiddies will not know much about the vunerability until it is patched, and there will be no GUI fronted tools for them to use anyway, there will be very little activity related to this vunerability in this time. There is always a small chance that you will be one of the unlucky, out of the billions of computers out there you will get RANDOMLY targeted......
Nobody wants your CV, or you letters to your pen friend..... they want to use your resources, ie you PC, bandwidth or often you credit/bank details.
PGP encrypt everything that is slightly sensitive (including the pictures you took of your girlfriend on your digicam
) and take regular backups.
What have you got to loose???