The Ultimate Browser Security Face-Off
The Web is teeming with venomous exploits. And an ever-increasing quantity of that malware sneaks onto hard drives via the browser.
Which begs the question: Does your choice of browser affect your chances of being infected? Conventional wisdom says to avoid Internet Explorer, simply because it's the target of a magnitude more malware than any other browser.
That reasoning makes sense, but we couldn't settle for the easy answer. That's why we drilled deep into the security workings of the five most popular browsers: Internet Explorer, Firefox, Opera, Safari, and Chrome. Every control, checkbox, and slider was poked and prodded, as we browsed the most infected sites on the Web. In the end, we concluded that sensible user behavior and a commitment to install the latest patches had a vastly greater impact on security than which browser you choose.
Rogue Programs: Click Me!
Most malicious exploits require an accomplice: you. By now, you'd think people would know that if they're visiting a site they're unfamiliar with, and they're asked whether they want to download something, the correct answer is "No." But naiveté apparently knows no bounds. Ironically, the great majority of exploits occur when an end user falls for a bait and switch such as the fake anti-virus scam ("you've been infected; download this anti-virus program"). No browser can protect against such folly.
The good news is that smart users who don't make those mistakes and keep up with patches have little to fear, even from the worst neighborhoods on the Web. In our tests, which included exposure to more than one hundred known-malicious public Web sites, none of the fully patched browsers let through stealth infections or exploits, though browser lockups were frequent and complete system reboots sometimes necessary.
Just keep in mind that the browser is not alone in the battle. Through the browser, Web-based malware can exploit vulnerabilities in the operating system and in browser plug-ins such as Flash, Java, and QuickTime. In addition to the browser itself, these too should be kept fully patched. The good news is, the Web also mends. For most popular software these days -- including the five browsers we tested -- automated updates are available.