I agree that apps should be seperate from OS. IE is not a tightly integrated as MS or others would have you believe. Windows' problem is that most users run as admin - thats asking for trouble. Unix has same fundamental flaws if running as root.
Still too tightly integrated for my liking, there should be no integration at all! The problem with Windows users running as admin is twofold - first, Windows creates users as admin by default, so non-savvy users don't know any different. Second is that many apps have migrated from Win9x which is single-user. Meaning they're not properly written for multi-user systems based on NT, so can't be installed or often even just run without admin priviledges. Even now there are apps with this problem that have no real reason to need admin. So even those who do realise the consequences may choose to run as admin as it's less hassle. Secondary login helps but it's still hassle for something that's usually down to poor design on behalf of third-party software vendors.
IE is going to be a bigger target for script kiddies, purely due to its popularity.
However, I do not think my post was misleading. FF has had more critical security patches applied that ie6 in the last 18 months.
The belief that FF (and the same goes for Linux) is secure is its biggest insecurity. People do not update their systems, as they think they are secure. How many Linux users do not run AV software because they think their OS is secure.
Anyone who thinks Unix/FF/Mac etc are more secure than Windows - something put about by vocal Linux enthusiasts, and picked up by popularist computer mags - are mistaken; some of the most secure systems out there run on Windows.
Secunia appears to disagree re. extremely critical vulnerabilities:
As I said before, I believe flaws are inevitable, what's important is how quickly they're patched. Firefox's update system is pretty seamless these days too.
*nix certainly isn't immune to risks, and needs to be administered properly to prevent remote exploits. But I strongly believe Windows has more than its fair share of holes, added to the fact it's a much jucier target due to popularity. I also find it to be more difficult to lock down, shutting off all the crap that increases risks and shouldn't be running.
Windows is getting better, especially since SP2, but a lot of MS's policies were at best bizarre, and at worst just plain silly. Perfect example - they used to have loads of services running by default sitting listening on various ports. Great idea, so when a vulnerability was discovered suddenly loads of PCs were being remotely infected without the user ever doing anything - just being connected to the internet was enough.
Personally if I were running a system for security it'd probably be one of the BSD based systems. Far fewer bells 'n' whistles than Linux but this simplicity allows them to spot holes much more easily. Windows is too bloated IMO, and that's half the problem that it must be a nightmare to audit for the classic buffer overflows etc.
WinXP Pro -
http://secunia.com/product/22/FreeBSD -
http://secunia.com/product/6778/BTW I use Windows on a daily basis so I'm anything but a Linux/Unix/Mac zealot!
It's