The numerous features in both Opera and Firefox browsers highlight how Internet Explorer has aged in recent years, and with IE's reputation for being vulnerable to attack, many organizations are looking at the alternatives. When compared to IE, Opera and Firefox have a reduced attack surface. They support fewer Microsoft related features, such as ActiveX. That's not to say you can't get spyware or other malicious code when using Firefox or Opera, but the risks are greatly reduced. Also, neither is as tightly integrated with the operating system as IE, so there is less chance for an exploit to use the browser as an interface into the underlying OS.
Commercial vs. open source
Opera is a commercial product with a large feature set. It is well designed and has an intuitive interface. On the security front it includes anti-phishing technology, support for security protocols, visual feedback on security levels and automatic checks for security updates.
Firefox is an open-source product from the Mozilla Foundation. Nearly 700 extensions have been written to extend the capabilities of the browser. However, this extension framework is regarded by some as a potential threat and has led to some criticism after it was discovered that hackers could potentially take control of a user's computer through a particular extension. Opera, on the other hand, has no extension framework. While this could be considered a security advantage, it limits the extensibility of the product.
Both Firefox and Opera have good reputations for releasing fixes quickly. It is a personal choice whether you prefer software from a commercial company or a community of volunteer coders who actively review and develop the product. Probably the best way of gauging a product's security is by seeing how newly discovered vulnerabilities are dealt with by the vendor. Secunia is an IT-security company that monitors vulnerabilities, and you can see their vulnerability reports for Firefox and Opera.
IE is the most widely deployed browser so most exploits have targeted it, but this may change as other browsers gain in popularity and use. Microsoft has made significant security improvements to IE with the release of Service Pack 2 for Windows XP, but many of these improvements aren't available for earlier Windows systems.
Opera and Firefox's perceived edge in security comes with the drawback of fewer features and a possible inability to access some Windows-based Web applications. In larger organizations it may be unrealistic to not use IE at all, especially if users must access servers that employ the features it supports over an internal network. One possible solution could be to reserve IE for internal sites only.
Remember, no browser is foolproof. Regardless of which one you choose you still need to put in place network security such as firewalls, antivirus and anti-spyware to detect and block malicious code that arrives through the browser.
This was first published in November 2005