This is Myth. IE’s integration has nothing to do with it’s security.

http://blogs.msdn.com/dmassy/archive/2005/03/22/400689.aspx

The issue of not being part of the Operating System is an interesting one though that is frequently the subject of misunderstanding. IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present. IE in turn relies on Operating System functionality to do it's job. To be clear there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows. The security of any browser is irrelevant to if it is part of the operating system. If we are to debate security of browsers then let's bring in relevant arguments and accurate details about different possible attacks rather than rely on the irrational fear that because IE is part of the operating system it must be exposing OS functionality to the web. This is not the case as any software has access to the same set of OS APIs and can therefore expose the same set of OS functionality as IE.

I don’t believe it’s a myth.

Dave Massy is a Microsoft employee (Senior Program Manager for Internet Explorer). What else would you expect he’d say?

Edit:

By the way, I just read the entire thread on his blog, that you drew your quote from. He got ripped pretty good, by a whole bunch of people.

That said, I think Microsoft has come a long way with security, and I look forward to seeing what they will have accomplished overall with Vista.

However, for me personally, I think once my old box finally gives up, I’ll probably look seriously at one of the Linux desktop distributions.

You don’t believe it is a Myth? : Of course you don’t, you want it to be true like all the other Myths. What he states is very clear, using IE does not expose OS functionality to the web. This is one of many irrational fears about IE spread on the Web. Why do you think the IE vulnerabilities that allow an attacker to gain “system access” can only access system functionality based on the security account level?

[b]The Truth About a Claimed Firefox Exploit[/b]

A colorful duo of young hackers at the Toorcon security conference presented evidence Saturday that suggested a previously undocumented flaw in Mozilla’s Firefox Web browser is actively being exploited to compromise machines of users cruising the Web with the browser. This story has been pretty widely reported over the past few days, but a few key facts have been absent from most of the coverage I’ve seen, and I wanted to try to help set the record straight on this.

http://blog.washingtonpost.com/securityfix/2006/10/zeroday_firefox_exploit_claime.html

EDIT: The original story from c|net has been updated, and now includes this comment:

"Apparently, these guys just wanted to troll the media and the people at ToorCon."

http://news.com.com/Hacker+backpedals+on+Firefox+zero-day/2100-7349_3-6122317.html?part=rss&tag=6122317&subj=news&tag=sc.th

I guess this story is now dead. One of the comments aptly sums it up:

[b]15 minutes....[/b]

Reader post by: Sboston
Posted on: October 3, 2006, 3:00 PM PDT
Story: Hacker backpedals on Firefox zero-day

And your time is up!

However, the fallout continues:

Two of the presenters at the ToorCon 8 event embarrassed themselves by pulling a prank on the media and Mozilla.

http://blogs.zdnet.com/Ou/?p=338

Looks like they also embarrassed not only themselves but also the blog author George Ou, who was quick to run the story:

http://blogs.zdnet.com/Ou/?p=333

yay for the noscript extension heh heh