Member Avatar for happygeek

Here’s a question for you: being a clued up Internet user which browser client do you favour when it comes to being totally safe and secure on the web? The answer I know you are shouting loudly at the screen is ‘Firefox you freakin’ idiot’. But at the risk of being shot down in flames, literally, I have to say you’re sadly mistaken. There is no such thing as a totally safe and secure browser, and according to respected vulnerability statistics Firefox isn’t the closest thing you’ll find to one either.

Let’s not lose grip on reality here, nobody is suggesting that Microsoft has anything like all the answers, least of all me. I might be a freakin’ idiot, but I’m not a stupid freakin’ idiot, OK? There have been improvements made in IE7 Beta 2, and I’m not talking the huge efforts to make it more user friendly, more like Firefox in usability terms in fact. Technically it gets much closer to Firefox in the security stakes, by blocking downloads unless you opt-in to accept them; new URL parsing code can limit the danger from buffer overrun exploits; a phishing filter can automatically display a visual indication of dangerous websites as you visit them; and the user gets much greater control over ActiveX including the ability to automatically uninstall ActiveX controls. But IE remains the most popular browser, end of story. Apart from the notes on the rear cover which state that because of that market share, because it’s Microsoft we are talking about, and because it’s bound into the operating system so deeply – those who would mess with your data will be attracted to it like flies to dung.

Now I’m really sorry all of you who follow the Cult of Firefox (and I happily admit that I’m one of them before you get your dolls and stick-pins out) but the simple truth is that Firefox isn’t secure either. More secure than Internet Explorer, no doubt about that. But still not secure. Indeed, it’s turning into something of a Mini-Microsoft with the release of patches fixing multiple security holes in one hit. At least Firefox has the open source advantage of being quicker to respond to the discovery of such holes, quicker to release the filler to shore itself up. But not quick enough. A ‘zero-day’ critical security hole was discovered in Firefox 1.5.0.2 on April 18th, the patch to fix it didn’t appear until May 2nd. That’s one heck of a long opportunity to get screwed.

So if not IE, and not even Firefox, which mainstream browser client does come closest to reaching the Holy Grail of most secure status? The plain truth is that if security is your only metric, and we all know that it never will be, then you should be waiting for the fat lady to sing and choose Opera. This outperforms the PC competition by a clear and constant margin, according to the Secunia Vulnerability Reports (www.secunia.com). Secunia gather data regarding numbers of vulnerabilities reported, how many have been patched and if so by the vendor or a third party, the criticality of those vulnerabilities and impact based upon category. What’s more, these reports are cumulative, dating back to 2003 so you can see the bigger picture when it comes to vendor security response. Not only does it report on browser clients, but more than 9500 software applications and as such is well worth a visit if you care about data security at all.

And the statistics that cause me to come to my conclusions? OK, in brief: IE6 has 85 advisories, 14% extremely high criticality, with 25% remaining unpatched. Firefox is on 30 advisories, 3% extremely critical and 13% unpatched. Opera 8, rates only 13 advisories, none of which were either extremely critical or remain unpatched.

I’m not finished yet, because I’m about to state the obvious and back it up with Secunia stats. If you want almost as safe as you can get surfing right now, dump the PC and buy an Apple Mac with the Safari client. Secunia reports only 4 advisories for Safari 2, and while the 50% unpatched figure looks worrying it is mitigated by there being zero extremely critical, zero highly critical, zero moderately critical vulnerabilities amongst them. Indeed, 75% were rated as ‘not critical’ and 25% ‘less’ which kind of explains it away nicely.

‘Almost as safe as you can get’ what’s wrong with as safe as you can get then? Unfortunately that involves turning your computer off and doing something else…

  • 4 Contributors
  • 5 Replies
  • 288 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by skymap
Member Avatar for Dani

It seems that browser security is mirroring OS security in that the least popular is the most secure, probably more than not because fewer people care enough to exploit its vulnerabilities.

I have to admit, I am a long time IE fan for Windows. I haven't tried IE7 yet because I am not the glutton for punishment it takes to beta test Microsoft software on a production machine. So, for now, IE6 is fine for me, although I of course keep Firefox handy for nothing other than to make sure DaniWeb operates properly in it. I am probably something of a hypocrite because I tend to put more value on how FireFox renders DaniWeb than how IE does ... but know your audience, I guess.

I thought it might be a nice idea to see if DaniWeb visitors keep up with browser security so I checked out Google Analytics, my traffic reporting software of choice. As of right now, IE still wins out in terms of browsers used to launch DaniWeb, at 65%. FireFox loses by a landslide accounting for only 28% of DaniWeb traffic, which is actually quite surprising considering nearly every thread in our Web Browsers or Viruses and Spyware forum recommends to use Firefox over IE. Safari then brings us only 2.6% and Opera 2.2% of visitors. Additionally, nearly 4% of DaniWeb visitors are mac users, which means that there is at least a percentage of Mac users who use Firefox over Safari. Go figure.

Member Avatar for tgreer

The primary reason I use FireFox is because of the integrated Adblock add-on, and all of the integrated Web Development tools. I can easily validate a page's CSS, HTML, etc. Test it's speed. Resize it to various resolutions, and so on.

"Safety" then isn't the main factor, for me. Usability is.

Member Avatar for Dani

I, too, use the Web Dev extension. :)

Member Avatar for happygeek

There are many reasons why people use FireFox, and I doubt that safety is the main one for huge swathes of them. I favour it for flexibility, being open source and not being IE, for example.

However, the emphasis of my piece was that asked the question "which is the most secure web browser client?" the majority will almost certainly say FireFox.

And be wrong.

Member Avatar for skymap

Actually I use Opera 8 and IE7, so I am not sure about firefox.. I fell out with it because of the fanatism of its users... will to slay users of other browsers:lol: Just kidding.

We all have our preferences and thats cool, I like Opera 8 cause of it email attacthment and security. Its positive reputation to me exceeded that of firefox (sorry to those who are devout in using the browser).

But IE7 is crawing up behinf them all... the new beta version is good enough, ok, it has its glitches, which is why I often use Opera instead, I find the glitches are how the pages are occasionally not loaded properly.

Anyway enough said. The Internet is a different place to explore, and we need the right vehicle for us to travel its paths.

We can all help one another. :cheesy:

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.