Most secure Browser, the moving target.

[Shintaro]

I know some people here are rolling their eye's saying "OMG that old chestnut.".

It seems that each time I see a report it appears to be something different, depending on the date and version of browsers used to test.

http://www.accuvant.com/capability/...ser-security-comparison-quantitative-approach

This report used the following versions:

Google Chrome versions 12 (12.0.724.122) and 13 (13.0.782.218)
Internet Explorer 9 (9.0.8112.16421)
Firefox 5 (5.0.1)
**If you are concerned that Fire Fox is Version 5 when now it is like Version 13, have a look here:
https://wiki.mozilla.org/Releases/Firefox_3.6_MU
https://wiki.mozilla.org/Releases/Old/2011

Anyway, I have heard people say that MS IE is the most targeted browser and I would have to agree. Simple reason: MS owns 85% of the desktop market:
http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=8
If I was a malware / virus writer I would be targeting the OS (Operating System) that would get me the most results.
EDIT: Meaning that the average Joe or Jane is likely to simply use IE because it is there by default.

I need to do more research in the area of how tightly coupled MS IE is with the OS. I seem to remember that it used to be, then it changed...I think. So now I am not sure. I need to find articles.

So I am an old staunch Firefox user from many, many years ago. But reading the report made me think. Time to change old man. Well at least for a bit of time anyway.
I have found some substitutes for Tree Style Tabs and no-script amongst other things.

To be honest, I'll be maintaining 3 browsers now, Chrome, IE and Firefox. Yea I know it's a lot, but that is my choice.

Anyway, my little bit of research is NOT exhaustive, it is just something that I thought I would pass on.

 

[Digerati]

Do not go by one report alone. But one I watch closely is NSS Labs, an independent lab that concentrates on socially engineered malware distribution methods - BY FAR, the most prolific method of distribution. And since IE8, IE continues to whomp on the others.

From the Accuvant Labs report,

As described in this section of this document, it is difficult to draw provably unbiased conclusions when each browser project’s datasets differ in so many ways.

I was glad to read that as that is key to understanding why this lab rates that browser 1st and that lab rates that browser.

But of course, I can find reports that says Chrome is best and FF is best. And you need to check the credits too. Not all labs or tests are "independent".

I note this report (just looking at the red X's, seems to favor Chrome, then IE, then FF seems to not be doing so well - as has been the case for a couple years now. But at the same time, it really seems to slam Chrome when Chrome is used with default settings. I think any report should review the test subject in default modes only - as this is how it is shipped. And I question a report that attempts to show how to tweak one test subject to make it better than the others (in this case, by providing a Registry tweak to change Chrome's group policies). That shows a bias that should not be there.

Also, I pay attention to the Department of Homeland Security's US-CERT Cyber Security Bulletin Vulnerability Summaries and I recommend everyone concerned with security subscribe to these as the US Government does not care which company does this or that. It only reports security issues - and Chrome, once again, does not look so good.

The CERTS Bulletins are great to keep on hand to squash the bubbles of Linux, MAC, FF, Chrome fanatics. A quick review of previous weekly bulletins clearly shows that none are perfect and for browsers, Chrome and FF lead the way - in a bad way. Of course IE has a nice share of problems too, just not as many.

********************

HOWEVER - none of that matters because computer security is MUCH MORE than browser security.

Regardless your browser of choice (and it is just a choice) you still must keep your computer updated, patched, scanned with a current anti-malware solution and blocked with a software based firewall (and hopefully a router) - all the steps necessary to remain safe anyway.

So, bottom line, chose the browser you like the "look and feel" of. Then "practice safe computing" as you normally would. Just don't discount IE or another browser because of security. It just is not a valid reason.

 

[Nibiru2012]

HOWEVER - none of that matters because computer security is MUCH MORE than browser security.

Regardless your browser of choice (and it is just a choice) you still must keep your computer updated, patched, scanned with a current anti-malware solution and blocked with a software based firewall (and hopefully a router) - all the steps necessary to remain safe anyway.

So, bottom line, chose the browser you like the "look and feel" of. Then "practice safe computing" as you normally would. Just don't discount IE or another browser because of security. It just is not a valid reason.

How true Digerati! I tire of these "browser security alerts", since they seem to change weekly. As long as the user has a good internet security program installed there should be no issues.

Any of the top three listed at AV-Comparatives.org should work well for the vast majority of PC users.