Firefox is least secure browser according to Google-funded study

[win7holic]

Forbes reports that researchers at the security firm Accuvant released a new study on Friday assessing the security features of Microsoft Internet Explorer, Mozilla Firefox and Google Chrome, the three most popular web browsers. Accuvant's findings show that Google is the leader when it comes to security criteria, with Internet Explorer close behind and Firefox in last place.

There is one major reason for pause at these results, however: the independent study was commissioned and funded by Google. "Although both Google Chrome and IE are competitive, Chrome is a little better," said Ryan Smith, an Accuvant researcher. "We've tried to point out areas where Firefox can improve its code base."

Read more

 

[Tom172]

The test is funded by Google themselves, so it's hard to take any of these results seriously.

 

[MrXidus]

Even before clicking on this thread I knew it would say Google Chrome would be the best. No surprise there. Google funded study.

Grain of salt taken. Thanks.

 

[HeffeD]

It's interesting that they don't consider privacy to be a part of security.

 

[Vextor]

Hmmm. Is it me or is this funded by Google? Well of course Google is going to win. And consider Google is puttings ads into their browser. That is a big security risk.

Yeah, I'm still gonna use Firefox.

 

[illumination]

It's interesting that they don't consider privacy to be a part of security.

Have to agree with that, it should be..

 

[illumination]

As far as Google funding this, the Criteria itself speaks enough to understand what they based it off of, and for once, i do not not see it as Google having the "edge" because it funded this test..

 

[Hungry Man]

I definitely think this needs to be taken with a grain of salt. Of course there will bias towards Google, there's a focus on the criteria that Chrome excels at.

Still, I think there are facts in there that legitimately can not be argued. Basic things like "This browser supports X but this browser doesn't" can be read from the article and you can draw your own conclusions based on that.

I haven't read through it yet but there are some data points in there that simply can't be argued. It's the conclusions that are a bit bias.

 

[ranget]

Bias of course

but there are some fact's that you can't ignor

but don't forget that the most used software always is the most targeted
also don't forget that Firefox Don't have sandboxing technology
that was demonstrated at Pwn to own when Chrome was the most secure Browser because of it's sandbox

but also you can't forget the Security enhancement that you can add to Firefox such as Noscript etc....

 

[Hungry Man]

"Finally, readers should understand that, while Google funded the research for this paper, Accuvant LABSwas given a clear directive to provide readers with an objective understanding of relative browsersecurity.The views expressed throughout this document are those of Accuvant LABS, based on our independentdata collection."

NoScript is definitely beyond the scope of this particular paper. While NoScript can really bring Firefox up to speed with security there are a lot of implications to using a default deny software like noscript.

 

[Brian]

I found this an interesting read. Thanks for posting it.

 

[Ramblin]

It's interesting that they don't consider privacy to be a part of security.

Yes, I wonder why.

Even though I don't worry about privacy, privacy concerns is the reason that I have never installed Chrome on my system. unish2:

Firefox with NoScript running in a restricted sandbox is :+1: rock solid.

Bo

 

[Hungry Man]

There's no reason to believe there are privacy issues in Chrome any more than Firefox or Internet Explorer.

http://mikewest.org/2011/09/chrome-privacy

"
Given that there’s no substance here beyond tin-foil hatism and innuendo, a direct response is difficult, so let me step back a bit. Chrome founded a privacy team here in Munich back around the release of Chrome 4. I'm proud to be a small part of this clever group of developers who care about making Chrome’s use of data transparent, and giving you control over how it’s used to whatever extent possible. We build APIs that enable privacy-relevant extensions and apps to fine-tune a browser with an already good set of privacy features, and review features built by other teams for potential impact on user’s private information. I'm biased, but I think we do a decent job."

 

[HeffeD]

There's no reason to believe there are privacy issues in Chrome any more than Firefox or Internet Explorer.

Generally when people talk about privacy in Chrome they are talking about usage tracking.
Google Chrome - Usage tracking.

With default settings, Chrome tends to contact Google a bit more than some are comfortable with. (Hence all the browser spin-offs without these 'features')

 

[Hungry Man]

People aren't comfortable with those contacts because they don't understand them.

http://www.mattcutts.com/blog/google-chrome-communication/

Keep in mind that everything that "tracks" the user is able to be turned off.

The only thing not optional (for Windows, it's all optional on Linux) is the RLZ tracker, which contains some basic nonidentifying info to send to Chrome upon installation - it sends once and that's it.

The spin-offs (Iron is the one that advertises purely as being a more private Chrome) such as Iron are basically scamwares that try to scare users into using their product.

Google has privacy issues, Chrome really doesn't. (http://mikewest.org/2011/09/chrome-privacy)

 

[Jack]

This study looks more like a feature comparison than a security report :shy: ........ And yes , Firefox needs Sandboxing, JIT hardening and ways to make vulnerable plug-ins less easy to exploit and gain access to system.
Overall this is a great marketing tactic , a newbie will read the title which clearly say Firefox is less secure than Chrome, even though in the real world zero day exploits are very rare and not to mention that usually cyber criminals go after the browser plugins (like Flash and Adobe Reader) and not the browser itself , and it will most likely be tempted to switch to Chrome.....

After collecting data from over 600 million computers worldwide, Microsoft released the Microsoft Security Intelligence Report Volume 11 which "exposes the threat landscape of exploits, vulnerabilities, and malware" during the first half of 2011. While Microsoft would never directly come out and say such things, the report could be summed up as the problem is not us, it's you: Media hype blows zero-day vulnerabilities out of proportion for how much they are exploited; too many people or companies have lax security practices about patching, and last but certainly not least is PEBKAC (Problem Exists Between Keyboard And Chair). That problem is nearly as old as the first PCs, yet still it rings true today.

Read more >>

Are you looking for the most secure browser? Then stop clicking on random links or downloading shady software.....

 

[HeffeD]

People aren't comfortable with those contacts because they don't understand them.

They might not, but they also aren't going to realize that they can turn things off.

If Google doesn't want privacy concerns, such options should be opt-in, not opt-out.

 

[Hungry Man]

As the first link shows whether they're on or off they aren't a risk. Using a packet sniffer and looking at what's coming and going shows that there's no malicious intent. The fact that you can turn them off is more of an "ease you mind" kinda thing.

@Jack,

That report was actually in stark contrast to other reports that have come out. What they don't say is that exploits can be considered the fault of a user - I click on an add (user interaction) and an exploit page is loaded, according to Microsoft it's the user's fault but it's also an exploit.

Let's also keep in mind that:
1) 0-days in plugins are fairly common. This year we've seen multiple Flash and Reader plugin 0days exploited in the wild.
2) Exploits aren't limited to 0-days.

 

[HeffeD]

As the first link shows whether they're on or off they aren't a risk.

Yep.

Risk or not, some people are a bit more paranoid than others. (look at the people running multiple security suites...) If there is any communication at all, they view it as a privacy concern.

Whether it's a rational viewpoint or not, it's always going to exist until Google makes settings that 'phone home' opt-in, instead of opt-out.

 

[Hungry Man]

Yeah, I think Google finds that acceptable.