SOLVED Browsers
- Thread starter mr.magoo
- Start date
Capt.Jack Sparrow
Microsoft MVP
- Joined
- Jul 8, 2011
- Messages
- 48
- Reaction score
- 12
Hello there!
I have noticed Chrome is faster to load but I never felt it very stable when it comes to Java based website. I still prefer Firefox and IE9
I have noticed Chrome is faster to load but I never felt it very stable when it comes to Java based website. I still prefer Firefox and IE9
- Joined
- Apr 7, 2010
- Messages
- 1,094
- Reaction score
- 277
Since the requirement to practice safe computing to keep your computer safe and secure is the same, regardless the browser of choice, your choice of browsers is just that, your choice. Pick the most current version of the one that has the "look and feel" you prefer. I prefer IE9.
- Joined
- Apr 2, 2009
- Messages
- 925
- Reaction score
- 362
Chrome is legitimately the fastest and most secure, but Firefox easily wins on the quantity and versatility of its addons. IE9 has made great strides, but it still lags behind both of its competitors in speed/security.
This is fact, not opinion.
This is fact, not opinion.
- Joined
- Apr 7, 2010
- Messages
- 1,094
- Reaction score
- 277
Ummm, no! Not even close! Got links? I do. Big ones.
In terms of security, IE 8 and IE 9 whomp all over Chrome and the other alternatives. MS does not play around with security anymore, and will not get blamed for the actions of badguys like it endured for 10+ years with XP and IE6. Microsoft continues to lead the way, not just in browsers either. Windows 7 is much more secure than all earlier versions. MSE equals or beats the competition (and its free!). Microsoft for the first time ever, hired a major independent security firm to rip, or try to rip Windows 7 apart all through development.
Chrome may be faster in some areas, but not all, and not for all users either. Many people with ample hardware horsepower and a good Internet connection may notice no difference. But security trumps all and not worth sacrificing for differences typically in fractions of seconds. IE8 and IE9 are clearly much more secure, by a long shot. And since security trumps all, it certainly trumps speed any day for overall ratings - at least if you have family or a personal identity you want to protect.
The facts are, Chrome has consistently performed poorly at detecting malware distributed via "social engineering", a leading malware distribution method. And Chrome continues to have more new vulnerabilities discovered than IE 8 and IE 9 too, though still less than Firefox.
Sorry, but I can't and don't expect people to automatically take my word just because I say so, so here are the facts with links to reliable sources with evidence to corroborate these claims:
New Report - NSS Labs Q3 2011 Report, note where it says,
Same time last year, NSS Labs Q3 2010
NSS Labs Q1 2009
Note this April 2011 Ed Bott Report. He provides an excellent explanation of social engineering. Note these excerpts:
Of special interest to me was his closing comment about the commitment Microsoft has made (in terms of money and people resources),
Ed Bott said:
I recommend anyone interested in security to sign up for the US Government's CERTS Vulnerability Bulletins. I note in this Aug 1, 2011, US-CERTS Report Chrome had 14 High (the highest rating) vulnerabilities reported that one week! If you go back through the archive, you will see Firefox leads (in a bad way), by far. Chrome is much better than FF, but IE 8 and 9 have had much fewer than Chrome.
So, (1) an independent lab, (2) a distinguished author and IT journalist for ZDNet - a company never noted for their love of Microsoft, and (3) the Department of Homeland Security, United States Computer Emergency Readiness Team's official report and summary of new vulnerabilities recorded by the National Institute of Standards and Technology (NIST) all clearly find IE, in particular, IE 9 is tops in security, with Chrome a distant second.
Last edited:
- Joined
- Dec 17, 2010
- Messages
- 189
- Reaction score
- 43
I use 4 different browsers, I primarily use FF 6 but I use IE9 for certain things, I also use Pale Moon which is really FF 3.6.18 and I use the stable version of Chrome.
If I really want to surf safely, I boot up in the Zorin Version of Linux and use Chrome or FF
If I really want to surf safely, I boot up in the Zorin Version of Linux and use Chrome or FF
- Joined
- Apr 2, 2009
- Messages
- 925
- Reaction score
- 362
I'll tell you why all your links are invalid: NSS labs tested IE9 against Chrome 6 in some of its reports. Chrome 6 is so unbelievably old that it boggles the mind. Even in its most recent reports, the tested version was behind what any user can download (currently v14), which certainly makes me question the validity of any data that I'm reading.
I'm sure you're not actually insisting that an old, unpatched, out of date version of a browser is in any way a fair comparison against a brand new browser. Are you?
Let me continue on by saying that I respect NSS Labs' "social engineering" argument, but it is a complete disingenuous and limited view of the picture. Social engineering does not account for real security flaws: the ones that can be exploited without you clicking, launching or accepting anything. These are far, far more dangerous than social engineering protection, because there's nothing you can do to see or stop them if someone chooses to take advantage of them. At least with socially engineered attacks, smart users can see that something is funny and go to another page/delete the email/whatever.
Again, let me be very clear: an attack that uses social engineering is not a real attack, because it relies on the user doing something ignorant or stupid to activate it. A real security flaw requires no user intervention at all.
I hope we can agree on which flaws are more serious, and that NSS Labs' decision to include only social engineering in its analysis to be an egregiously narrow view of the actual landscape. It's not that the results are invalid, just that they don't paint the complete picture.
When it comes to actual exploits that can get me even when I'm cautious, I will always take the pwn2own contest as a bellwether. The conference is a collection of some of the biggest, brightest minds in compsec coming together to see what they can exploit, and how quickly they can do it. Chrome has survived the conference unscathed for three straight years, this year because nobody signed up--a strong indication that nobody has a working hack they could take to the conference.
You can have your social engineering protection. I'll take protection from the exploits that I can never see, and never hope to stop.
- Joined
- Apr 7, 2010
- Messages
- 1,094
- Reaction score
- 277
Thrax said:
OMG! Did you research this? I did! Pwn2own is a contest! A game! An exhibition! A prepared competition using one specially prepared exploit in a controlled environment! A game to test hacker skills. It is NOT, in ANY way, designed to test and evaluate browser security.
PLEASE! Do NOT base your security decisions on the results of a game! And do not base your security decisions on the results of just one source either. I provided links to 3 "reliable", independent sources. Note NSS Labs state in their report (their bold italics)
Ed Bott has a long established career of unbiased reporting, and the US Government does not take advertisement, promotion, or hush (I hope!
) money from the vendors. These actions are to avoid even the "appearance" of impropriety. The promoters of pwn2own, TippingPoint DVLabs, on the other hand, may have good intentions, but by their own admission, have "partnered with Google"! And that, "certainly makes me question the validity of any data" out of that contest. The "contest" is cool! But it's like watching a basketball dunking contest - fun to watch the pros "play", but that's not the same as after the buzzer and there's defenders in your face, and ribs and knees blocking your every move.
To learn about pwn2own, the results, as well as the unwelcomed (which gives me hope for the organizers) fanboy journalism/sensationalizing, and "meme" reporting over this contest, read this: Pwn2own considered (somewhat) harmful. Make sure you also scroll down through the comments and note what the game organizers responding have to say too. I note the following key points:
Michal Zalewski said:
dragosr - contest organizer said:
Aaron Portnoy - contest organizer said:
I find it scary ignoring not 1, but 3 reliable, independent sources, including genuine testing labs and a government agency assigned to keep the public informed of cyberthreats, and instead, using the results of a contrived, narrowly focused game as a "bellwether" for security?
That's certainly your choice, but I would ask you reconsider your position in lieu of what I have presented here. And please don't announce and advise others, "This is fact, not opinion." Because it's not fact - it is opinion. After the pwn2own contest organizer states it, "doesn't actually help draw any high-level conclusions about browser security", I have to ask, "is it wise to use this contest as the "leading indicator", the "bellwether" of browser security?" Not for me.
**********
Thrax said:
Please, Thrax, that's very misleading!
I don't trust ME, why should I trust you? I am researching and validating as I type. I suggest you do the same. Your link references the Q3 2010 report and with a quick look here you can see that V6 was the current version at that time! My first link was to their Q3 2011 report and they tested with Chrome 12, the current version at the time of testing. 13 just came out this month! 14 is still in beta! They do 4 reports a year to keep up with version changes - not an easy thing to do with Chrome having 7 in one year!I NEVER said it did. I noted, as Ed Bott noted, and as NSS Labs noted, it is a "distribution method" for malware, and a very popular one, growing in popularity.
Also invalid. The vast majority of all malware relies on human failings. AS NOTED BEFORE - if the user practices safe computing, then it does not matter the browser of choice! It is the exposed vulnerabilities that get exploited. How are they exposed? By not updating Windows. By not using a firewall. By not using a good anti-malware solution. By participating in illegal on-line activities. By opening the door and letting the badguys in. Not by your browser of choice.
I provided references to 3 reliable sources. You incorrectly dismissed one with inaccurate claims it used outdated Chrome versions, and you dismissed Ed Bott's Report and social engineering in general, and apparently totally ignored US-CERT's Vulnerability Reports, then declared you are right - based on a "contest" that was NOT designed to evaluate browser security.
There are organizations that do that. One is US-CERT, the ignored source that ranks those that are more serious.
For the record, I don't object to your opinion - I spent 24 years in the military defending your Right to express it. I object to how it was slammed down on us, as fact, with zero supporting evidence, then expected to be taken as the Gospel.
Not going to happen - at least not in a technical discussion. Not when there is no one "best", "most secure" across the entire security spectrum. It matters not if a mod, MVP, admin, or 1st time poster. Experts are a dime a dozen. You cannot step into the middle of them and make "claims of fact" on what IS an opinion - with no supporting evidence and expect everyone to just accept it.
THERE IS NO PERFECT BROWSER. So I say again,
There's no need to dump them. None of the major browsers, on a properly secured computer, are "unsafe". While I prefer IE9, and it is the default on all my systems, I have Chrome installed on this machine and FF on my other main machine to use as an "alternative browser". If I have trouble connecting to a site, or a site does not render right in IE9, I will call up my alternative browser to see if it is IE9 or the site.mr.magoo said:
Last edited: