Moved the off-topic posts to the off-topic forum where they belong.

As a side note -- imho, if you're using Flash, installing DirectX plugins, Java and you're not concerned with "undocumented security vulnerabilities", then you're biased, and throwing one specific baby out with the bathwater.

You're welcome to be paranoid -- nobody is going to stop you. But to ignore the risk of other not-so-well-supported and not-so-highly-critized software (which leaves more "holes" left to the unknown), that's bias.


Some things to ponder...

Microsoft, as a whole, is a vast company. The team who developed silverlight probably never touched Windows. I should know. I work on Visual Studio and have little to no experience in Windows. I worked in Windows Live and had little to know experience with Office. I'd imagine the team who works on, say, Communicator has vastly different opinions on software security models compared to... say... Excel. I'd think the team who works on Windows Live probably has totally different development priorities and schedules as say... Windows. Do you think the people working on Xbox have the same security issues to face as the people in Word, or Silverlight, or Messenger? Things might overlap here and there, but I laugh when people cry "Microsoft is evil!" because they lack 1) perspective, 2) open-mindedness (after all, it's the cool thing to do to mock Windows -- see the Mojave campaign?), and 3) even criticism of competing products.

http://en.wikipedia.org/wiki/Mojave_experiment
The Mojave Experiment is a technological opposite of a blind taste test, in which rather than removing a product's branding, it instead changed the product's branding to sway the outcome. The point of the campaign is to see what people liked based on the merit of the product "Mojave" alone, misleading the participants by removing the original name; "Vista" from the product. This would prevent the participants from creating bias about the product before using it. The participants were guided through the experiment, allowing them to "test" the new product.
Why do you think it is that an open-source product (such as Linux) gets far fewer targeted viruses? Because the target is so small, the effort of delving in and finding those vulnerabilities doesn't result in much gain (mass hysteria). Linux is open-source, and as a programmer I'd feel much better about trying to find a vulnerability in open-source code rather than try and reverse engineer the inner workings of Windows. But, if I honestly wanted to write a virus -- I'd do it the hard way and target Windows. Why? Not because windows is any less secure -- even if both operating systems were completely identical in security -- more users (especially the "dumb" ma and pa home pc user who will click on any link and download/install whatever gets e-mailed to them) use Windows. I'd have a larger "market" for my virus. So yes, more hubbub happens around Windows. But, like I said -- the devs who wrote Windows are probably not the devs who wrote Silverlight, or Office, or Messenger, or Xbox.

If you can say "Don't install Silverlight! It has VULNERABILITIES that were fixed which means there are MORE!!!" and honestly feel good about installing flash, then your bias has clouded your better judgement. Flash had past vulnerabilities that were fixed. Wouldn't it logically follow that flash would, therefore, be dangerous to install? I mean, flash is far more prevalent than silverlight at the moment -- so if I were to write a virus targeted at media websites, I'd target it towards the larger market.

And if Flash is good, Silverlight is bad -- but both had (and fixed) vulnerabilities... Are you honestly judging the security of a product by its merits, or by its brand name?

Nobody is saying Silverlight is perfect. Just like nobody is saying that Flash is perfect. But, we also don't see people hijacking the multiboxing video threads screaming about flash vulnerabilities whenever someone links youtube -- but we see people screaming the moment Silverlight is mentioned.... Coinkydink?