What does it being open source have anything to do with it? People didn't like it when MS did it because it introduced additional unwanted bloat in the OS that was annoying to decouple.
You're incorrect. And technically speaking the browser wasn't integrated with the OS (and never was), it was the rendering engine (shdocvw.dll and mshtml.dll). The Windows UI featured HTML elements that the OS rendered via this. The rendering engine is not itself connected to any TCP/IP stack, so remote exploits are impossible. But ofcource if you went to web sites with malicious HTML you could get ownzored because of bugs in the rendering engine.
Also you could delete the browser (iexplore.exe) but not the engine as the OS relied on certain UI elements that used this engine. Ofcource if you went ahead and deleted the DLLs anyway, you could make the OS work without the added HTML UI layer (as the judge in the MS antitrust case demonstrated). One could argue that this wasn't the "full" Windows experience but hey.. all that is water under the bridge now. The case is resolved and MS got slapped with a hefty fine.
I doubt it had anything to do with the source leak. Most security bugs these days are found via automated means - fuzzing, fault injection, etc.
But OTOH these bugs become useful in other ways. I believe there was an ios jailbreak method where you simply visit a website on your iphone (jailbreak.me? .com?) and your device is rooted/jailbroken due to a bug in Safari's PDF renderer.
Actually IE6 and older tied the IE user interface to the Explorer user interface which shared the same SHDOCVW. IE7 created IEFRAME to separate the Explorer user interface from the IE user interface, but it is still in system32, and so are all the other core IE components like MSHTML, WININET, etc...
Are you talking about the UI controls or the browser?iexplore.exe could be deleted at any time. Ofcource because explorer.exe also could handle URLs you could technically still browse via it. (Though I'm pretty sure that by default only URLs in the local/trusted zone were allowed)
And then I believe the help component also relied on the rendering engine. Although the hcp:// vulnerabilities were in the protocol handler (helpctr.exe) and the ms-help:// vulnerabilities were also in the protocol handler which allowed the attacker to bypass ASLR/DEP.
People had/have more than one reason for disliking it. One was that they were forcing their proprietary webbrowser product deeply into the OS for no reason other than to disadvantage any possible competition. If IE had been open, people could have competed by modifying and extending IE.
>If IE had been open, people could have competed by modifying and extending IE.
But who would have been ready to put in $100M in ~1995 on a browser besides Microsoft? Remember there was no money to make in the market. Whats interesting is MS actually made an offer to Netscape to bundle their browser with the OS before they started work on IE. Netscape was barely surviving by selling server software. Not to mention that they too broke standards much like IE - adding several non-standard CSS elements, tags, proprietary DOM, etc. Ofcource some of these Netscape specific tags later got introduced into the official spec, but they weren't at the time.
If you look at webkit which recently got forked - without Apple and Google, Webkit would immediately die. No amount of volunteers or the fact that it was open source would be able to keep it alive while being a realistic competitor to other browsers. New operating systems, new Web standards, new JS engine improvements would all pose immense challenges that require an organized commercial effort to tackle.
