Two ways to replace your browser

...to your Internet settings won't affect Automatic Windows Update from connecting and updating your operating system.

You can also restrict Internet settings via Group Policy. Follow these steps:

1. On your domain controller, right-click the organisational unit that contains your domain users, and select Properties.
2. On the Group Policy tab, click Edit.
3. Expand User Configuration to set restrictions on a per-user basis.
4. Expand Windows Settings, and expand Internet Explorer Maintenance.
5. Select Connection, and double-click Proxy Settings.
6. Select the Enable Proxy Settings check box, add 0.0.0.0 to the HTTP entry, and click OK.
7. Expand Administrative Templates, and expand Windows Components.
8. Select Internet Explorer, and double-click Disable Changing Proxy Settings.
9. Select Enabled, and click OK.

Remember that Enabled sets a restriction, Disabled prevents a restriction from applying to a group of users (even if you enable it for a broader category of users), and Not Configured doesn't set the restriction.

Before you take any of these steps, download another browser, and test it on your current configuration. I highly recommend Mozilla's Firefox. After you install a new browser, answer Yes when it asks whether to make it your default browser.

Final thoughts
No matter how many patches Microsoft releases, ActiveX and the Browser Helper Object (a file loaded with Internet Explorer) are all an attacker needs to control your system and steal your data. Microsoft designed IE for functionality — not security. And antivirus software can't defend your network against IE exploits.

Windows security isn't about eliminating security holes — it's about managing risk and user functionality. All operating systems have vulnerabilities, but Windows' popularity makes it the target of choice for most black hats.