Google Chrome offers more protection against online attacks than any other mainstream browser, according to an evaluation that compares exploit mitigations, malicious link detection, and other safety features offered in Chrome, Internet Explorer, and Firefox. The 102-page report, prepared by researchers from security firm …
I didn't spot any mention of browser versions in the article and I don't want to read 20Mb of data. Can anyone more motivated help out?
According to page 4:
Chrome 12 (12.0.724.122)
Chrome 13 (13.0.782.218)
Internet Explorer 9 (9.0.8112.16421).
Firefox 5 (5.0.1)
Also interesting to note:
"As of July, 2011 a combination of Google Chrome, Microsoft Internet Explorer and Mozilla Firefox represent 93.4% of all users accessing the Internet [W3_Schools_Market_Penetration]. While other browsers would have been interesting to compare, in the interest of time they were excluded from this study."
So, test two versions of Chrome, but skip Safari and Opera, because they would take too long.
Time to change my 'fap' browser!
Surely everyone now uses Chrome in porn - I mean incognito - mode?
Opera is best for one handed browsing
Space bar goes to the next image in the gallery
It seems odd that Opera was omitted from the tests given that Opera's proponents often claim that theirs is the most secure browser.
Maybe Google wouldn't have liked Accuvant's results had Opera been included...
Opera may only have a tiny sliver of users, but leaving it out proves to me that this study wasn't really meant to test which browser is more secure, just which browsers make Chrome look better. Only mentioning FF and IE, and leaving out Safari and Opera, is just not a good study for "best". Even if those browsers didn't do as well, I'd still like to see the results...
Then again, in my recent study involving myself, my son, and two college guys, I've determined I'm the oldest man in the world!
I think they were only evaluating Mainstream Browsers.
Indeed Safari and Opera should have been included, although they each have less than 10% of the user base that still accounts for a hell of a lot of users. However maybe they were included, but were at least as secure as Chrome.
If the mainstream are sh*t that hides the sh*tness :(
Hummmm..... comparing mainstream browsers with more secure browsers might mean people use more secure browsers, which in turn would mean the more secure browsers become mainstream because they are more secure.
Simply comparing a top 3 popular browsers doesn't really do much for benchmarking in a report comparing security of browsers. It would be a sensible include browsers with claimed security credentials along with the usual top browsers to give balance of what is possible.
"Not including Opera" Wah!!
If I was a security researcher I'd be very happy getting to 93.4% coverage.
Any rational study has to do cost benefit analysis. Two versions of chrome may seem excessive, but they seem to be taking the perfectly rational approach of getting the largest shares in first. This produces the most cost effective measurement of the market.
Why bother with around 1% of the UK market (go see Opera's market share) when there's nothing wrong with the rest? From a business perspective it's simply not worth it.
Here you go. some INDEPENDANT results...
They left out Opera, which has historically had the best security track record of them all... Seems like an intentionally knobbled set of results.
How can they claim that when Google sponsored it, and they excluded a browser that sits of the tree for security, that it's impartial. Here are some results based on the real world...
Google Chrome 159 - http://secunia.com/factsheets/Chrome-2011Q2.pdf
FireFox 72 - http://secunia.com/factsheets/Firefox-2011Q3.pdf
Internet Explorer 25 - http://secunia.com/factsheets/IE-2011Q3.pdf
Opera 36 - http://secunia.com/factsheets/Opera-2011Q3.pdf
No IE6 or 7?
Not getting close to picking up 93% really are they...
Could have been really interesting to see how the main three (I agree, 5 would have been more interesting) browsers have improved over the last n years.
Don't look at the quality, feel the sandbox
I hope they've managed to program the sandbox to a higher quality than the browser itself which has over twice as many known security holes as Firefox, six times as many as IE, and four times as many as Opera.
Maybe Safari's not there in this sponsored test because if the other mainstream WebKit-based browser has fewer holes then questions start to be asked.
If a sandbox for Firebox or Opera is that important, it can be run with user privileges instead of admin privileges (which is what I do incidentally).
No Opera, epic fail.
You appear to have accidentally put the word "No" at the beginning of your post.
Can we avoid the inevitable "You didn't mention Opera!" "Only losers use Opera" flame war and stick to actually figuring out if there's any merit to this study? I mean they didn't test the browsers' Linux versions either (believe it or not there are people who actually run IE on Wine. No, I can't figure it out either unless you're a developer and then a VM would probably be easier) but hey, let's deal with what we have, OK?
IE On WINE?
IE on WINE? I'd never even thought of that. I can't wait until Monday then, I'll see if I can get it going at work - I think that there are one or two devs that I could actually make explode with a combination of confusion and indignation.
IEs 4 Linux
Because it's better than running a VM on my netbook.
Take a look at IEs4Linux - not only can you install IE, but you can install LOTS of IE! 5, 5.5, 6, and beta support for 7, 8, and 9! Concurrently!
Indeed 250m users can't be wrong...
Something this "report" seems to somehow conveniently forget.
There are builds of wine specifically for ie. It runs ie6 as well as anything else does. I haven't tried it for a while, so I don't know how well later versions of ie run.
So a report commissioned by Google finds Chrome is the most secured browser.
Well, fancy that.
Re: Mike Flex
Yes, they lost me when it said it was sponsored by Google. How is this news worthy? It would have been if it was sponsored by Microsoft, but by Google? Come on!
Study sponsered by?
Nothing against Chrome, I use it and IE a lot - but I always get suspicous with one browser having 80-odd% more ticks than the others. Of course, it could be that Google have damn fine programmers!
Perhaps that explains why there's no Opera :o)
I'm sorry, I stopped reading here "The report was commissioned by Google"
(Not a Google bash - I use Chrome, but really, want's the point of 'independent' research funded/commissioned by one of the parties)
Would you prefer that it was commissioned by $MS? I suspect the list of mainstream browsers tested would have been limited to :
IE7, IE8, IE9
The one disappointment for me was that Safari was not on the list. I believe the point was to show the most commonly used browsers. Safari IS on that list. I agree that if the point of the study was to showcase security then it would not of hurt the researchers if they added Opera. There are some pretty rabid Opera fans out there who insist that it is the most secure. Which is fine and great but it is one of those things where if no one tests it how can it be proven. To bad Opera didn't join in the party and have their browser tested.
Re: Would I prefer MS to have sponsored the survey?
My opinion of Chrome would have increased if MS had sponsored this survey and Chrome was shown to be clearly superior to IE and Firefox.
As Google sponsored the survey and the survey showed Google's Chrome was the best, I'll stick to treating this as there might possibly be security issues with other browsers but I will wait for an independent source to verify them before changing to Chrome.
They did, and strangely enough they found that IE was the most secure browser.
MS sponsored a website
Guess which browser they 'independently' assessed was the most secure?
So, MS sponsored website says IE is the most secure, Google sponsored study says Chrome is the most secure. Your move Mozilla...
Process Creation, eh?
I read that process creation was allowed by IE and Firefox. So, why don't we see loads of DOS attacks based on maliciously launching a command prompt with FORMAT C:?
There is presumably more to that comparison table than meets the eye, so presumably Chrome's long list of green ticks isn't quite as impressive as it looks.
... The drive is locked (in use), you'd need to script it to provide the confirmation "yes" and you also need to elevate to admin rights. (Assuming you're not one of the idiots that disabled UAC).
So you invest the 10 minutes or so it takes to figure out how to script it, and then send it to all your friends running XP. XP still has an appreciable fraction of the market, so it would still work.
Moreover, if *today's* browsers are still open to this attack, presumably in the years before Win7 turned up, you could have used the same attack on just about all Windows users. (Vista's market share has always been insignificant.)
History suggests that this didn't happen, so presumably Firefox and IE aren't as open to attack as this report suggests.
Since neither Chrome nor IE have a proper adblock/noscript implementation, in day to day use, I would think not allowing the scripts in the first place would actually be better.
However, if you are going to surf naked, like most people do, then this study has merit.
hosts file hack > adblock
I feel expecting an adblock function on a browser produced by a company that effectively IS web advertising is a bit of an ask!
Chrome doesn't have adblock?
What then is this? https://chrome.google.com/webstore/detail/gighmmpiobklfepjocnamgkkbiglidom
Chrome 12 and 13, IE9 and Firefox 5.
It would have been interesting to see how IE8 and Firefox 3.6 fared, as there's still a pretty decent user base for those versions.
Firefox 5 is already obsolete
so it would also be nice to know how the later versions perform in this test
Need my armor
I use Chromium for my grad school email since the university has been assimilated by Google anyway-- and it's nice and fast though I dislike the UI-- but until I have NoScript/AdBlock/BetterPrivacy/RequestPolicy on Chromium... they can have my Firefox when they pry my cold, dead, fingers away from it.
Tried out chrome when FF was having some issues with sites, ended up removing and reinstalling. What I liked about FF was when I quit the program it did not stay in memory just in case I wanted to use it.
Chrome's adblock and other mods are all seperate processes that are memory resident
No surprise that google won a google sponsored comparison that missed out opera and safari
Firefox + NoScript + BetterPrivacy + AdBlock Plus?
Why is that relevant? I'll bet a lot less than 10% of FF users have that setup. Most browser users have the default install and only geeky little nerds have anything else.
But the point is that this is a test on the default install. You can make any browser more secure without installing externsions or plugins, just by changing your settings.
You mean *third-party* ad blockers and a thing that make Websites useless (no JS!?)...
NoScript does not make websites useless
It only prevents badly programmed websites from doing things without my permission.
Oh, and it also gives me time to decide if I actually want the website I am on to run code BEFORE it runs it.
...plus Sandboxie. Then you'd be getting somewhere. Remember that one of your trusted sites can become compromised, and there goes your NoScript protection. Statistically, more than half the malicious websites out there are legit sites that got compromised.
FireFox's lack of sandboxing or Low-integrity operation is hard to excuse.
And how exactly do these plugins help vs deep brower flaws ;)
Sandboxing cripples developer tools
One reason I still prefer FF is because Chrome is so perfectly sandboxed that only a "lite" version of Firebug is supported. Perhaps this could be resolved if, when you install a Chrome plug-in, it pops up an Android-like list of permissions you can grant it.
- Product Round-up Smartwatch face off: Pebble, MetaWatch and new hi-tech timepieces
- Geek's Guide to Britain The bunker at the end of the world - in Essex
- FLABBER-JASTED: It's 'jif', NOT '.gif', says man who should know
- If you've bought DRM'd film files from Acetrax, here's the bad news
- VIDEO Herschel Space Observatory spots galaxies merging