What Is the Most Secure Web Browser?
Which Web browser is the most secure? The answer to this question could easily trigger a “religious war,” something that I have no intention of doing. Yet because so many of today’s attacks target browsers, there is value in looking deeper into this issue, provided, of course, that facts, not presuppositions, are used to address this issue.
Because the most used products and tools generally tend to be the biggest targets of attacks, it is important to know how frequently each type of browsers is being used today. According to w3schools.com, in January 2009, IE7 had 25.7 percent, IE6 had 18.5 percent, and IE8 had 0.6 percent of the browser market. The total among all three versions of IE is 44.8 percent, nearly identical to Firefox’s 45.5 percent. Chrome was a distant third with 3.9 percent, and Safari had 3.0 percent. What is perhaps most striking about these data is that only a few years ago, IE was completely dominant in the Web browser arena with well of 80 percent of all browsers used at that time being IE. To say that the use of Firefox has grown substantially over the past few years is thus a gross understatement. But the bottom line is that based on usage statistics, IE and Firefox should be about equal in their attractiveness to would-be attackers, whereas Chrome and Safari should not be so attractive in this respect.
The next consideration is the number of vulnerabilities that surface in each type of browser. Because Chrome is so new, little data concerning vulnerabilities in this browser are currently available, and Safari is not used all that much. Let’s therefore just compare IE and Firefox. At first IE had far more vulnerabilities than did Firefox, and then this trend reversed itself for a while, but now the number of vulnerabilities that surface in each is approximately the same. The same is true for the potential seriousness of the vulnerabilities that have been identified.
Another important consideration concerns how secure each browser is right out of the box. The answer appears to be about the same, although obtaining data concerning this issue is complicated by the fact that vendor releases over the course of any year tend to tend to not be 100 percent identical. How about the potential for tightening security in these browsers? Among other things, both support encrypted sessions, warnings for suspicious sites, and the ability to clear sensitive and/or private data. All things considered, saying that one browser has better settings would thus be unfounded. A few things about IE make me nervous, however. One is its propensity to cache information; another is its ability to capture and save keystrokes. And although the ever dangerous ActiveX can be disabled in IE, the fact that so many IE-based Web transactions rely on ActiveX is not particularly comforting from a security perspective, either.
All things considered, therefore, I would give Firefox a slight edge over IE when it comes to security. But stopping here would be to miss the real point. Because so much of security in software depends on how the software is maintained and upgraded, no matter what browser you use, your diligence in maintaining and patching the browser will make far more difference in the browser’s security than your choice of browsers. Security is not something that you just set up once and leave alone, and browsers are no exception to this principle.