A recent Google-funded study conducted by Accuvant determined that Google Chrome, followed by IE9, were the safest browsers available. The study specifically singled out Firefox for lagging behind Chrome and IE9 in terms of security features, particularly JIT hardening. However, the validity of the study has come into question. What’s your reaction to the study, and should enterprises have legitimate concerns regarding Firefox security issues?
Ask a question
SearchSecurity.com expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email: email@example.com.
Browser studies have to be read carefully to fully appreciate the claims made within them, particularly if they are funded by one of the browser vendors. Not surprisingly, Chrome came out on top of Google’s funded research. Both the above-mentioned Web browser security comparison by Accuvant, and an NSS Labs report carried out in August 2011 (which incidentally ranked IE9 as the safest browser when it came to socially engineered malware protection) looked at how well browsers protect the user, not vulnerabilities within the browsers themselves.
But a Web browser has two roles to play when it comes to secure browsing. First, it must protect the user from malicious sites and software, and second, it must be able to protect itself from malicious attacks. The Secunia Security Factsheets assess which browser is most prone to vulnerabilities. These not only show the number of reported vulnerabilities and their severity, but also the number of advisories. This is an approximation for the number of security events or administrative actions required to keep a program secure.
If privacy is a concern, then Firefox may still be your browser of choice. Firefox 5 is the first browser to support Do Not Track privacy on multiple platforms. With the Do Not Track feature turned on, an HTTP header is sent every time a user requests data from the Web, telling the site the user wants to opt out of any online behavioral tracking. Firefox is certainly no longer the undisputed “secure” browser, but the battle for the title of safest browser means all vendors are working to add more security features to their latest releases.
This was first published in April 2012