Re: What is it with browsers
Not that I'm making excuses for the authors of browser code (I'm not one btw), but AFAIK a browser is a significantly complex beastie. For one thing, the bulk of your browser data content is coming from external data source(s) which must immediately be untrusted. Unlike a typical Office app, which is most likely to be reading/writing a file on a local disk (obviously Google Apps and the like are steadily changing this notion) which is going to be a trusted source unless your PC has malware/globally accessible network shares/etc.
Secondly, this external data is rich in content. The zealots will insist that we should just be looking at text-only data. Yeah right. So this rich content offers numerous attack vectors, be it maliciously constructed JPEGs, movies, javascript, ActiveX, etc. Your browser code also has to interpret the CSS, HTML, Java/VB script streams it receives in both a safe manner and a manner which provides all the rich goodies that we want out of our frequently visited web sites these days. (not to mention all the plugin software modules)
Thirdly, and most arguably, browser software is probably the most run software on the planet by the most users and probably the most non computer literate people at that. So you get this weird mix where all the visual indicators and warnings in the world won't stop someone clicking 'Yes' to the question 'Do you want to install Spyware now?'. Of course this is a software problem, but how do you continue to offer the rich user experience whilst trying to get the balance of what is permitted and what is suspect right automatically? As a mostly UI developer, I find there is always the trade off between ease of use and system integrity. Ideally you want both but time and money will not allow for the gold plated solution.