back to article Chrome is the most secured browser - new study

Google Chrome offers more protection against online attacks than any other mainstream browser, according to an evaluation that compares exploit mitigations, malicious link detection, and other safety features offered in Chrome, Internet Explorer, and Firefox. The 102-page report, prepared by researchers from security firm …

COMMENTS

This topic is closed for new posts.

Page:

  1. JDX Gold badge

    Versions

    I didn't spot any mention of browser versions in the article and I don't want to read 20Mb of data. Can anyone more motivated help out?

    1. ArmanX

      According to page 4:

      Chrome 12 (12.0.724.122)

      Chrome 13 (13.0.782.218)

      Internet Explorer 9 (9.0.8112.16421).

      Firefox 5 (5.0.1)

      Also interesting to note:

      "As of July, 2011 a combination of Google Chrome, Microsoft Internet Explorer and Mozilla Firefox represent 93.4% of all users accessing the Internet [W3_Schools_Market_Penetration]. While other browsers would have been interesting to compare, in the interest of time they were excluded from this study."

      So, test two versions of Chrome, but skip Safari and Opera, because they would take too long.

  2. Anonymous Coward
    Anonymous Coward

    Time to change my 'fap' browser!

    1. Anonymous Coward
      Anonymous Coward

      Surely everyone now uses Chrome in porn - I mean incognito - mode?

      1. Anonymous Coward
        Anonymous Coward

        Opera is best for one handed browsing

        Space bar goes to the next image in the gallery

  3. Mark Jan

    Opera?

    It seems odd that Opera was omitted from the tests given that Opera's proponents often claim that theirs is the most secure browser.

    Maybe Google wouldn't have liked Accuvant's results had Opera been included...

    1. ArmanX
      Facepalm

      Agreed.

      Opera may only have a tiny sliver of users, but leaving it out proves to me that this study wasn't really meant to test which browser is more secure, just which browsers make Chrome look better. Only mentioning FF and IE, and leaving out Safari and Opera, is just not a good study for "best". Even if those browsers didn't do as well, I'd still like to see the results...

      Then again, in my recent study involving myself, my son, and two college guys, I've determined I'm the oldest man in the world!

      1. Grease Monkey Silver badge

        Indeed Safari and Opera should have been included, although they each have less than 10% of the user base that still accounts for a hell of a lot of users. However maybe they were included, but were at least as secure as Chrome.

        1. HMB
          FAIL

          "Not including Opera" Wah!!

          If I was a security researcher I'd be very happy getting to 93.4% coverage.

          Any rational study has to do cost benefit analysis. Two versions of chrome may seem excessive, but they seem to be taking the perfectly rational approach of getting the largest shares in first. This produces the most cost effective measurement of the market.

          Why bother with around 1% of the UK market (go see Opera's market share) when there's nothing wrong with the rest? From a business perspective it's simply not worth it.

          1. John Robson Silver badge

            No IE6 or 7?

            Not getting close to picking up 93% really are they...

            Could have been really interesting to see how the main three (I agree, 5 would have been more interesting) browsers have improved over the last n years.

    2. Miek
      Trollface

      I think they were only evaluating Mainstream Browsers.

      1. Eeep !
        Thumb Down

        If the mainstream are sh*t that hides the sh*tness :(

        Hummmm..... comparing mainstream browsers with more secure browsers might mean people use more secure browsers, which in turn would mean the more secure browsers become mainstream because they are more secure.

        Simply comparing a top 3 popular browsers doesn't really do much for benchmarking in a report comparing security of browsers. It would be a sensible include browsers with claimed security credentials along with the usual top browsers to give balance of what is possible.

    3. Anonymous Coward
      Stop

      Here you go. some INDEPENDANT results...

      They left out Opera, which has historically had the best security track record of them all... Seems like an intentionally knobbled set of results.

      How can they claim that when Google sponsored it, and they excluded a browser that sits of the tree for security, that it's impartial. Here are some results based on the real world...

      Google Chrome 159 - http://secunia.com/factsheets/Chrome-2011Q2.pdf

      FireFox 72 - http://secunia.com/factsheets/Firefox-2011Q3.pdf

      Internet Explorer 25 - http://secunia.com/factsheets/IE-2011Q3.pdf

      Opera 36 - http://secunia.com/factsheets/Opera-2011Q3.pdf

      1. Dan 55 Silver badge

        Don't look at the quality, feel the sandbox

        I hope they've managed to program the sandbox to a higher quality than the browser itself which has over twice as many known security holes as Firefox, six times as many as IE, and four times as many as Opera.

        Maybe Safari's not there in this sponsored test because if the other mainstream WebKit-based browser has fewer holes then questions start to be asked.

        If a sandbox for Firebox or Opera is that important, it can be run with user privileges instead of admin privileges (which is what I do incidentally).

  4. Anonymous Coward
    FAIL

    No Opera, epic fail.

    1. Studley

      You appear to have accidentally put the word "No" at the beginning of your post.

    2. El Cid Campeador
      Stop

      Oh dear...

      Can we avoid the inevitable "You didn't mention Opera!" "Only losers use Opera" flame war and stick to actually figuring out if there's any merit to this study? I mean they didn't test the browsers' Linux versions either (believe it or not there are people who actually run IE on Wine. No, I can't figure it out either unless you're a developer and then a VM would probably be easier) but hey, let's deal with what we have, OK?

      1. Anonymous Coward
        Anonymous Coward

        IE On WINE?

        IE on WINE? I'd never even thought of that. I can't wait until Monday then, I'll see if I can get it going at work - I think that there are one or two devs that I could actually make explode with a combination of confusion and indignation.

        1. Anonymous Coward
          Anonymous Coward

          IEs 4 Linux

          http://www.tatanka.com.br/ies4linux/page/Main_Page

          Because it's better than running a VM on my netbook.

        2. ArmanX
          Trollface

          Take a look at IEs4Linux - not only can you install IE, but you can install LOTS of IE! 5, 5.5, 6, and beta support for 7, 8, and 9! Concurrently!

        3. jonathanb Silver badge

          There are builds of wine specifically for ie. It runs ie6 as well as anything else does. I haven't tried it for a while, so I don't know how well later versions of ie run.

    3. Anonymous Coward
      FAIL

      Indeed 250m users can't be wrong...

      Something this "report" seems to somehow conveniently forget.

  5. Mike Flex

    So a report commissioned by Google finds Chrome is the most secured browser.

    Well, fancy that.

    1. Raz
      FAIL

      Re: Mike Flex

      Yes, they lost me when it said it was sponsored by Google. How is this news worthy? It would have been if it was sponsored by Microsoft, but by Google? Come on!

  6. Slipgate

    Study sponsered by?

    Nothing against Chrome, I use it and IE a lot - but I always get suspicous with one browser having 80-odd% more ticks than the others. Of course, it could be that Google have damn fine programmers!

    1. Code Monkey
      Trollface

      Perhaps that explains why there's no Opera :o)

  7. Anonymous Coward
    Anonymous Coward

    Report Author

    I'm sorry, I stopped reading here "The report was commissioned by Google"

    (Not a Google bash - I use Chrome, but really, want's the point of 'independent' research funded/commissioned by one of the parties)

    1. Miek
      Trollface

      Would you prefer that it was commissioned by $MS? I suspect the list of mainstream browsers tested would have been limited to :

      IE7, IE8, IE9

      1. L1feless

        I agree...

        The one disappointment for me was that Safari was not on the list. I believe the point was to show the most commonly used browsers. Safari IS on that list. I agree that if the point of the study was to showcase security then it would not of hurt the researchers if they added Opera. There are some pretty rabid Opera fans out there who insist that it is the most secure. Which is fine and great but it is one of those things where if no one tests it how can it be proven. To bad Opera didn't join in the party and have their browser tested.

        Round 2...Fight?

      2. theblackhand

        Re: Would I prefer MS to have sponsored the survey?

        My opinion of Chrome would have increased if MS had sponsored this survey and Chrome was shown to be clearly superior to IE and Firefox.

        As Google sponsored the survey and the survey showed Google's Chrome was the best, I'll stick to treating this as there might possibly be security issues with other browsers but I will wait for an independent source to verify them before changing to Chrome.

        1. Keep Refrigerated
          Boffin

          MS sponsored a website

          Guess which browser they 'independently' assessed was the most secure?

          http://www.yourbrowsermatters.org/

          So, MS sponsored website says IE is the most secure, Google sponsored study says Chrome is the most secure. Your move Mozilla...

      3. Old Handle

        @Miek

        They did, and strangely enough they found that IE was the most secure browser.

        http://www.theregister.co.uk/2011/10/11/microsoft_browser_crituque/

  8. Ken Hagan Gold badge

    Process Creation, eh?

    I read that process creation was allowed by IE and Firefox. So, why don't we see loads of DOS attacks based on maliciously launching a command prompt with FORMAT C:?

    There is presumably more to that comparison table than meets the eye, so presumably Chrome's long list of green ticks isn't quite as impressive as it looks.

    1. The Original Steve

      Because...

      ... The drive is locked (in use), you'd need to script it to provide the confirmation "yes" and you also need to elevate to admin rights. (Assuming you're not one of the idiots that disabled UAC).

      1. Ken Hagan Gold badge

        So you invest the 10 minutes or so it takes to figure out how to script it, and then send it to all your friends running XP. XP still has an appreciable fraction of the market, so it would still work.

        Moreover, if *today's* browsers are still open to this attack, presumably in the years before Win7 turned up, you could have used the same attack on just about all Windows users. (Vista's market share has always been insignificant.)

        History suggests that this didn't happen, so presumably Firefox and IE aren't as open to attack as this report suggests.

  9. Sporkinum

    adblock/noscript

    Since neither Chrome nor IE have a proper adblock/noscript implementation, in day to day use, I would think not allowing the scripts in the first place would actually be better.

    However, if you are going to surf naked, like most people do, then this study has merit.

    1. Craigness

      hosts file hack > adblock

    2. LaeMing
      Happy

      Adblock

      I feel expecting an adblock function on a browser produced by a company that effectively IS web advertising is a bit of an ask!

    3. yoinkster
      FAIL

      Chrome doesn't have adblock?

      What then is this? https://chrome.google.com/webstore/detail/gighmmpiobklfepjocnamgkkbiglidom

  10. Barry Tabrah

    Versions compared

    Chrome 12 and 13, IE9 and Firefox 5.

    It would have been interesting to see how IE8 and Firefox 3.6 fared, as there's still a pretty decent user base for those versions.

    1. Anonymous Cowerd

      Firefox 5 is already obsolete

      so it would also be nice to know how the later versions perform in this test

  11. El Cid Campeador
    Black Helicopters

    Need my armor

    I use Chromium for my grad school email since the university has been assimilated by Google anyway-- and it's nice and fast though I dislike the UI-- but until I have NoScript/AdBlock/BetterPrivacy/RequestPolicy on Chromium... they can have my Firefox when they pry my cold, dead, fingers away from it.

  12. Jay Clericus
    FAIL

    Tried out chrome when FF was having some issues with sites, ended up removing and reinstalling. What I liked about FF was when I quit the program it did not stay in memory just in case I wanted to use it.

    Chrome's adblock and other mods are all seperate processes that are memory resident

    No surprise that google won a google sponsored comparison that missed out opera and safari

  13. Anonymous Coward
    Anonymous Coward

    What about

    Firefox + NoScript + BetterPrivacy + AdBlock Plus?

    1. Grease Monkey Silver badge

      Why is that relevant? I'll bet a lot less than 10% of FF users have that setup. Most browser users have the default install and only geeky little nerds have anything else.

      But the point is that this is a test on the default install. You can make any browser more secure without installing externsions or plugins, just by changing your settings.

    2. Rafael L
      FAIL

      You mean *third-party* ad blockers and a thing that make Websites useless (no JS!?)...

      1. Pascal Monett Silver badge

        NoScript does not make websites useless

        It only prevents badly programmed websites from doing things without my permission.

        Oh, and it also gives me time to decide if I actually want the website I am on to run code BEFORE it runs it.

    3. mechBgon

      ...plus Sandboxie. Then you'd be getting somewhere. Remember that one of your trusted sites can become compromised, and there goes your NoScript protection. Statistically, more than half the malicious websites out there are legit sites that got compromised.

      FireFox's lack of sandboxing or Low-integrity operation is hard to excuse.

    4. Anonymous Coward
      Anonymous Coward

      And how exactly do these plugins help vs deep brower flaws ;)

  14. joejack
    Megaphone

    Sandboxing cripples developer tools

    One reason I still prefer FF is because Chrome is so perfectly sandboxed that only a "lite" version of Firebug is supported. Perhaps this could be resolved if, when you install a Chrome plug-in, it pops up an Android-like list of permissions you can grant it.

Page:

This topic is closed for new posts.

Other stories you might like