Hanu - 12:27 pm on Jul 14, 2004 (gmt 0)

Don't get me wrong, I love Firefox and I now use it for almost all browsing, except at microsoft.com ;-).

However, because IE is tighty integrated into the Operating System, not only are more exploits possible, more devastating and intrusive exploits are possible.

That's true. Brett also mentioned ActiveX. On the other hand, both, FF and IE support plugins - I believe FF uses the same interface as IE - as well as JavaScript.

Mozilla benefits from thousands of eyes on the code. It also benefits from open source.

The thousand eyes might be those of 450 hackers and 50 developers. Just because something is open source, doesn't mean it's quality software. Any complex piece of software, open or closed source, has bugs and most of the time only the developers understand their code. Also it's a lot easier to scan source code for certain types of bugs like buffer overflows than to fully understand the code and become a contributing developer. Take for example this FF vulnerability [kb.cert.org]. Although IE has far more vulnerabilities in the past 12 months it is also used 20 times more often, so I assume it is a 20 times more attractive target, hence hackers will invest 20 times more energy into finding and exploiting new vulnerabilities.

Am I starting to sound like a MS representative?