How Secure Is Internet Explorer, Firefox, Safari, Google Chrome and Opera?

By | January 30, 2009

Infoworld inspected all the major web browsers and got some really interesting points to say about each of them.

Here are conclusions for each of the web browsers (also, links to full articles):

How Secure is Internet Explorer?
IE has no peer in enterprise deployment features. Using the Internet Explorer 8 Deployment Guide, administrators can deploy and configure more than 1,300 IE-related settings via Active Directory Group Policy or the Internet Explorer Administration Kit. It is the only browser in the review to support Kerberos authentication over the Web.

IE’s popularity makes it the most attacked Web browser by far, and its support of ActiveX controls has invited many exploits that are not possible on other browsers. But IE’s mature security granularity, security zones, and deep enterprise features backs up its acceptance in the enterprise.

How Secure is Firefox?
All in all, Firefox is a sophisticated open source browser that has earned its place as a market leader. Like Internet Explorer, Firefox enjoys widespread popularity and third-party support. And like Internet Explorer, it continues to struggle with frequently found vulnerabilities, perhaps due in part to the vendor’s commitment to SDL (Security Development Lifecycle) processes, which initially lead to more vulnerabilities being uncovered during testing. Firefox makes a good browser choice for anyone, but especially for users who want to purposefully avoid Internet Explorer (and ActiveX) or who don’t need the finest granularity (e.g., multiple security zones) in their browser’s security.

How Secure is Safari?
When Safari was first released, Apple touted the new browser as a secure alternative to Internet Explorer. As with all Internet Explorer alternatives, Safari’s lack of native support for ActiveX controls does provide users with some protection. Safari’s strong anti-phishing filters are also a plus.

But security is not Safari’s strong point. Unfortunately, 26 separate vulnerabilities have been announced since March 2008, one-third of which would allow complete system access. Plus, there simply isn’t a lot of security granularity to Safari. Security-minded users will have to decide if Safari’s poor cipher support, lack of security zones, and absence of enterprise features for mass deployment and control can be overcome by its aesthetic benefits.

How Secure is Google Chrome?
This is the security paradox of Chrome. It begins with a beautiful idea and an excellent security model but then compromises the vision with questionable decisions, a dearth of granular security controls, and the obvious failure to perform a serious code review. This may be Google’s first version of its first browser, but it has more experience with browsers and malicious content than any of its competitors. Why introduce yet another new Web browser and not blow away the competition?

Chrome’s excellent security model and newness give it a chance to quickly improve in areas where other vendors must tread more slowly because of backward-compatibility issues. The real challenge is that many of the flaws run deep and cannot be solved with fast patching. They are systematic and organizational, and they will require a serious paradigm shift within Google to achieve.

How Secure is Opera?
Opera does not have any significant enterprise features to brag about, but its configurable granularity using .ini files means that administrators should have little problem deploying and configuring it for a business environment. Although Opera has not yet gained enough market share to be considered thoroughly tested and vetted by mainstream hackers (as Firefox and Internet Explorer have), it deserves to be considered by more users. However, until Opera Software fixes the more glaring deficiencies (namely, lack of support for DEP, ASLR, and ECC), Opera cannot be highly recommended.


About (Author Profile)

Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

Comments (3)

Trackback URL | Comments RSS Feed

  1. mabdul says:

    reaLLY INTERESTING; BUT THE AUTHOR (shit caps lock was turned on) is false in many things. he consentrats on win vista and on the integration in vista/xp. that is not really good. he rates the posibilities to turn off many things, and the managment of plugins. i don’t think that this is a real godd comparison for the browsers that indicated the real security. the articles are to theoretical and don’t get the practical use of the browser…

  2. noname says:

    It’s a shame about Safari – as it looks and feels nice to use. Personally I cannot understand Apple’s stubbornness in not giving you an option to leave private browsing on all the time, also it has no native proxy support (so you can’t configure separate proxy settings from the underlying OS) and it has no full-screen/kiosk mode. All of which you would expect from any browser. Looks like it’s back to using Firefox then – and as a security consultant it is the only browser I would recommend to users.

  3. mabdul says:

    a few days after this articles opera 9.64 was released with support for aslr and dec… so two main points are gone…