This morning I read an article that listed the 10 technologies that are broken. Number six on that list was web browsers. The author highlighted the fact that the web browser is now a critical piece of business software. With so many web-based tools we must use browsers constantly. However, the problem is that the web browser developers are so buys adding new features they haven’t stopped to fix the stuff that’s broken.
That’s why I was all the more intrigued to find that security research firm Accuvant has just released the results of a study that declares Chrome the champion of security features – above Internet Explorer and Firefox. Mind you, the study was commissioned by Google.
Some of the key security features measured are things like:
- Sandboxing – this is the method used to limit access to system resouces and data beyond the browser. It was determined that Chrome was most effective, while Internet Explorer gives intruders file-reading ability. Firefox does not have sandboxing.
- Just-In-Time Hardening – keeps the browser from compiling JavaScript that cannot be run on the user’s computer, was another area where Chrome and IE were on par, but Firefox fell far behind.
- Plug-In Security – denying running plug-ins from installing additional software and from running scripts that don’t require user interaction while on a web site. Again Chrome came out on top.
How important is this really and what can you do about it? Of course you want to make sure you have the most secure browser but the feature wars will continue and at some point Microsoft will have more features than Chrome and even Firefox may come out with something compelling. Besides, browser security shouldn’t be the only layer of security you’re employing.
At the end of the day it really comes down to the user. To be a responsible user here’s few tips:
- Don’t accept, run, or even download anything if you’re not sure what it is or why you were prompted to download a file.
- Only keep the extensions and add-ons running that you need on a daily basis
If you use Firefox:
- Use extensions like HTTPS Everywhere to browse securely whenever a secure session is available and on services that allow you to turn on SSL,
- Use an extension like NoScript to stop malicious JavaScript in its tracks.
If you use Chrome, get similar functionality with add-ons like NotScript or ScriptNo, which do very similar things.