There is no such thing as a “safer” web browser

By on Nov 2, 2013 in Blog

Some people take their web browser choice seriously. Other people working in a corporate environment will often bemoan their lack of choice in web browsing.

Of course your personal preferences can come down to any number of factors – but if you’re making your choice based on the idea that one browser is “safer” than the others – then we have some interesting news to report to you from NSS Labs.

NSS Labs is a research company that regularly compares the security capabilities of all the major web browsers. According to their latest research – it seems that no one browser is better than others in all areas of privacy and security.

Let’s take a look at some of the findings – starting with the phishing URL catch rate:

  1. Firefox 19 – 96%
  2. Safari 5 – 95%
  3. Chrome 25 – 92%
  4. Opera 12 – 89%
  5. Internet Explorer 10 – 83%

While Firefox and Safari are at the top of this list, and some of you are likely unsurpised to see Internet Explorer at the bottom of this list (even though 83% catch rate is still pretty good) – this does not tell you the whole story.

Let’s take a look at the same browsers, and see how well they block socially engineered malware (using built-in default settings):

  1. Internet Explorer 10 – 99.96%
  2. Chrome 25 / 26 – 83.16%
  3. Safari 5 – 10.15%
  4. Firefox 19 – 9.92%
  5. Opera 12 – 1.87%

While these numbers may appear shocking at first glance – you should take a deeper look into how these figures are calculated, how malware blocking affects usability, and how “successful malware blocking” is defined by NSS (pdf link). Ultimately however, Internet Explorer and Chrome are still far and away better than other browsers in this regard.

These discrepancies are mostly thanks to the built-in CAMP (Content Agnostic Malware Protection) technologies now offered by Google (CAMP) and Microsoft (SmartScreen Filter). You should also keep in mind that most computers should have other layers of protection to deal with malware – such as firewalls, antivirus software, and other OS protections.

Internet Explorer is also a clear winner when it comes to default privacy protections – for example while all major browsers offer a “do not track” option, only IE enables this setting by default (which has caused some industry controversy mind you). At the moment however, this feature will generally lack teeth until new proposed legislation forces advertisers to be honest about following this setting.

Since Google and Mozilla (which is subsidized by Google) are so dependent on advertising revenue, it is likely that both Chrome and Firefox will continue to lag Internet Explorer and Safari in this matter.

Safari is considered second best by NSS for default user privacy configuration, though does offer some better protections compared to Internet Explorer. For example Safari actively blocks all third-party cookies, while IE offers only partial blocking by default.

Overall these are still more victories of intent rather than effect, because it is still far too easy for companies to ignore these privacy settings. Again we will have to see what happens to the pending legislation, though clearly both Microsoft and Apple have taken bold action to prove how seriously they take user privacy.

We will just have to wait and see how it all pans out.

Post a Reply