Analyst Pete Lindstrom, of Spire Security in Malvern, Pa., said the arguments over the number of vulnerabilities in the competing products is overrated.

"The whole game we play about counting vulnerabilities is kind of silly to begin with," Lindstrom said. "The entire security industry ought to be slapped on the wrist for saying Firefox was more secure than IE about a year ago" because Firefox wasn't out long enough to prove its stealth and hackers hadn't yet had enough time to attack it.

"Firefox and every application that receives some sets of information can also be attacked" successfully by hackers, Lindstrom said. Users need to take the approach that every single application must be properly configured for defense. "If someone wants to, they can protect their applications," he said, though it costs money and takes time to do it properly.

Symantec's semiannual Internet Security Threat Report covers Internet threat data from Jan. 1 to June 30, 2005, according to the Cupertino, Calif.-based security and maintenance software vendor. The report provides analysis of network-based attacks, a review of known vulnerabilities and highlights of malicious code and additional security risks.