Google Chrome offers more protection against online attacks than any other mainstream browser, according to an evaluation that compares exploit mitigations, malicious link detection, and other safety features offered in Chrome, Internet Explorer, and Firefox. The 102-page report, prepared by researchers from security firm …
Just because it's a browser, doesn't mean you need the exact same plugin to get the exact same functionality?
Chrome, like any webkit browser, comes with dev tools: hit ctrl-shift-I and there it is, doing everything for you in Chrome that dragonfly does in Opera, and firebug does in Firefox. Except you don't have to install it yourself, it doesn't slow down the browser (the current complaint by people working on firefox on the mozilla side), and doesn't require you to constantly phone home to your browser's maker (like dragonfly, which sends the page data to opera.com for analysis, unless you install it locally, at which point it becomes really slow).
Why the heck wouldn't they test the _current_ Firefox builds (8 and whatever the 3.6 series is up to now)?
Chrome is currently at 15 but they tested 12 and 13. Maybe they did the testing a while ago.
because when the study was done
they didn't exist you muppet
because they didn't exist last July when the study was done
"secured" (and really should read "sandboxed")
That says it all. There was no attempt made to assess the security/vulnerability of the browsers. Just "how strictly is the stuff sandboxed". It's nice to know, but shouldn't be mistook for actual security.
Cars with more airbags are not less likely to have accidents; a reliable braking system, good road holding, etc are more important (the consequences, however might or might not be mitigated).
Airbags, ABS, proper road hugging and all the rest are good things to have, but if you have a moron behind the wheel, they won't help all that much.
The interesting thing here is that FF is still largely funded by Google. As such if Google were showing any bias you'd expect FF to come second. The fact that it didn't might point to there being no bias, or more likely there was no way the authors could fudge the report in such a way that would put Chrome first and FF second.
Chrome supports Native
And IE supports Active X. You need sandboxes in both and there is no telling how secure those are.
The only time I ever picked up a drive by download that actually infected my system with some potent malware was when I was using Chrome.
Admittedly it was over a year ago and before Chrome went mainstream, but it reminded me never to trust the security claims of any software. I foolishly believed the claims made for Chrome's sandbox and promptly got bitten. It was around that time that I found NoScript and to this day I'd take FF+NS over anything else.
> Would you prefer that it was commissioned by $MS?
No, a report needs to be independent, or it isn't worth the electrons that have been jiggled to bring it to you. Even if the authors actually were even-handed you can't trust their report.
That would be taking prejudice to the other extreme. It's not about who funds it, it's about whether the report stands up to scrutiny. Someone paid to have the research done. Can you refute the claims derived from the data gathered? Good. Tried, but can't? Also good. Not bothered to? A failing party are you. It's easy to wave away research because a party that may benefit from the result, should it turn out in their favour, shoved some money at some people to do the research for them, but that's also demonstrating exceptionally poor critical thinking skills.
But without a motivation...
...who's going to pony up the money? Barring a government intervention, what would make a completely independent firm want to test browser security against something else? As they say in America, "Where's the money, sonny?"
You dont need to be able to refute the claims. Chrome may well be the most secure according to their criteria, but they may have looked at the browsers using many different criteria and chose the ones that gave the results they wanted. What they say may have some merit, firefox ought to ad sandboxing, but this doesnt mean ff users should switch to chrome.
"...started with the premise that buffer overflow bugs and other security vulnerabilities were inevitable..."
In this complaisance to mediocre code lies all the tragedy.
It is absolutely false.
I think you meant COMPLACENCE.
They sound similar but have different meanings.
My bad. You're right.
Even when you spell the word correctly the sentence doesn't make sense.
No browser is any more secure than its plug in modules... and yes, as per previous comments, why not include Opera, since it has some 100 million users... sheesh...
So how can this be credible without a mention of opera?
Well, it cannot
"So how can this be credible without a mention of opera?"
This was a test comparing only Chrome, Internet Explorer, and Firefox.
Enough with the opera comments
It's obvious why Opera wasn't included
There was a Gartner report that cited a man in the pub that knew someone whose brother-in-law said Opera makes you ghey.
How To Sandbox Firefox
On Linux: Create an AppArmor profile. Requires some system knowledge, but then the profile can simply be copied to any number of computers.
On Windows one could probably use Sandboxie to perform that.
But why should users go to that trouble? The authors should be doing the work.
Yes and No
I agree that a standard profile should be part of a Linux distro. On the other hand, different enterprises might have different ideas about how to lock down their firefoxes (and other programs such as OpenOffice or g++). That's why it might be best left to system administrators of an organization to define the AppArmor profile for their user base.
They tested the world's 3 most popular browsers - Windows versions of Chrome, FF and IE. They released the data meaning anyone can extend the report for other browsers on other OSes... as the article mentions.
Also - a truly secure browser would impose security on plugin-modules.
World's 3 most popular? Taking into consideration WinXP's still high market share numbers their choice to use IE9 in the testing indicates they were using some other performance metric than 'popularity'.
...and I agree with the numerous posts that Opera should have been included. This study lost some relevance to me as Opera has more than earned its status as a modern, viable web browser.
Chrome most secured and Popular Corporate Spyware ever.
It's always, always WIndows. Yawn.
But please don't think this is a smug fanboy penguin. It's not. It's a penguin that would like to be better informed Just what risks are cross-platform and what are not.
Please: won't somebody think of the penguins?
Read Up on AppArmor
..because that will allow you to sandbox FF, G++, OpenOffice, evince, whatever you want to secure.
Chrome is irritating
Im not sure wether google have done it deliberately, but Chrome is not a comfortable user experience for me despite being fast and accurate.
I use my book marks to go to the same sites and forums every day, in FF and Opera the bookmarks are always on the left of the screen, along with the close buttons.
In Chrome, the "other bookmarks" are over on the extreme right, with the close button or arrow on the left. It makes it hard work going back and forth , wereas in FF and opera its much more intuitive so quicker to browse.
Opera 3 was superb in its day, along with Netscape 3 , just as fast as the modern equivalent.
Interested in other users opinions.
Quicker without a mouse?
If you visit sites a lot then "pin" them from the tab bar context menu. The tab will move to the left hand side and only the icon will show. Pinned tabs open automatically when you open Chrome.
Here are some keyboard shortcuts:
Bookmarks: f6, then type a few letters of the site name
Close tab: ctrl+w
Close Chrome: ctrl+shift+w
Back: backspace or alt+<left arrow>
Search: ctrl+e then type
New tab: ctrl+t
New window: ctrl+n
New bookmark: ctrl+d
...and many more
That irritated me too, so I looked at the code. Curiously, although the user can move other bits of the UI, the "other bookmarks" button is treated as an exception and fixed in place.
In addition, this makes the bookmarks heirarchy always cascade to the left, which seems unnatural to me. Maybe I should learn Arabic.
A conspiracy theory explanation is that, for Google, bookmarks are BAD, because you can get to a site without using Google Search to find it.
Turd in the Sandbox
... play carefully.
Who writes shit code that does'nt check for size STILL?
After all the other buffer overflow attacks over the years.....
Just look at the source for yourself. Full of char* and other plain pointers (as opposed to much more safe smart pointers).
Then using "modern" STL containers such as vector, which feature unchecked index operators and unchecked iterators. libpoppler (the major open source PDF renderer ) even sports void* containers. You can store everything in these containers, clever ain't it ?
All that to make these programs 10% faster than using smart pointers and range checked containers/arrays/strings.
Shouldn't it be in the design of the said operating system to shield its vital parts without any additional provisions?
Safari and Chrome are both WebKit browsers. So, why do we keep talking about them like they're completely different products? They're both just differing front-ends for the same browser engine.
I've been using Chrome for years and have found it to be an excellent browser. I migrated from Firefox, as the update procedure - both for the browser and extensions - was hugely inconvenient and interfered with my browsing. Chrome has a better interface, better security, better standards support and, most importantly, better performance. Firefox used to be my go to browser but it just didn't keep up with the competition and inherited many of the problems that people criticised about Internet Explorer (problems with performance, standards support, security, etc).
Don't get me wrong, if Chrome starts to fall behind the competition then I will switch just as quickly. Afterall, it's only a web browser.
90% have never heard of opera...
.. and if they have, it's only because their geek mates say its infested with ad ware.. (they are still hanging on to the decade old news, when ads were used to sponsor development..)
go on, go to a student union near you and say "what do you think when I say 'opera' , and 'firefox' ?"
NO! YOU try.. :P
Hey, you do know that only the top 10% of people know THIS place *exists* , never mind them being able to find it???
now if Opera was not that shy to advertise aggressively, like Mozilla back then, they might now even be as 'recognizable' as FF...
100 million users???
I will raise you 270,000,000 .... and that was 2 years ago!!
If the current Internet population is about 1.5 billion and Firefox has 22.8% browser share, that works out to roughly 342 million users. Either way, impressive numbers for the open source browser.
hey I'm hopeless at math, but it looks like opera (by YOUR figures!) has less than 7% ??
I you read that opera link, you will know desktop opera only has 50 million, so much less...
you work it out... :)
Security vs Privacy
OK, Google: now tell us which is the best major browser for user privacy and resilience to tracking.
"In much the way traditional sandboxes prevent sand from mixing with grass on a playground....."
This ain't America - we call them sand-pits
Happy so far
Must admit that using Chrome for the last 2 months there is only one site it plays up on. It's super fast on page loads and I think has only crashed twice on Ubuntu.
What about SRWare Iron
SRWare Iron is even more secure than Google Chrome because the re-build cuts out all the Google spyware from Google Chrome!
You do make a good point about WinXP... maybe I should have said "3 most popular _current_ browsers".
I definitely would like to see the study extended to Mac/Linux versions of Chrome/FF, and Safari on Win/Mac... but I still think Google are fine not to pay for testing every combination, since they let us do this.
No other security software?
Surely it makes better sense for browsers to focus on being good browsers and for separate security suites to focus on security. OK that's not a license for browsers to be full of holes but as a consumer I'm not happy to if my annual "Norton tax" still leaves me vulnerable to attack.
I would be quite happy to take the results of this 'independent' study at face value except for the fact that all of the tests seems to have been chosen to favour Chrome.
For a start they tested two versions of Chrome and yet excuse not testing some other contenders due to limitations on resources - a clear bias right out of the gate.
Then, over all of the individual tests (highlighted in the article) Chrome gets a tick for every single one - scoring a golden 100%. In not a single aspect was IE or Firefox better than Chrome? I find that very hard to swallow. Usually competing products have different pros and cons!
Wait, Google doing evil ?
Researchers accuse Google of plotting to undercut Firefox
If Google want to hammer FF all they have to do is stop funding Mozilla.