The Ultimate Browser Security Face-Off

Page 2 of 2

Comparing the Big Five

Browsers have many security features that help the end user avoid being bitten by malware, as well as some privacy protections.

All five browsers have pop-up blockers, anti-phishing filters, and password protection. Except for Opera, they allow for private session browsing where the browser saves nothing from the session that can be used to track your online movements -- no browsing history, no cookies, no temporary Internet files, and so on.

[ Check out the list of browser security traits. | Get an in-depth look at vital browser security features. ]

But only two, Internet Explorer and Firefox, have the coolest browser security feature of all: configurable security zones, which let end users set up different levels of security for Web sites based on their trustworthiness.

For instance, an end user can set up a "zone" where obscure, shady-looking Web sites must face the browser's most stringent security measures, such as disabled JavaScript, which often plays a role in malicious exploits. Firefox and Internet Explorer also let end users turn off add-ons, whereas Safari, Opera and Chrome do not.

These browser security features play an important role in keeping the end user safe. They also vary from browser to browser: some browsers have certain features, others do not. And some browsers are simply better at security than others. Here's a quick look at each of the five browsers.

Microsoft Internet Explorer 8 beta 2

Artwork: Chip Taylor
Pros: Internet Explorer is the powerhouse browser, boasting more than 1,300 security controls, whereas the second closest browser (Firefox) has 150. Internet Explorer has five security zones that are easily configurable, and allows you to turn off JavaScript and add-ons. It's the only browser with parental controls.

Cons: Explorer's popularity makes it the primary target of hackers. Its unique support of ActiveX (another way malicious exploits get into a computer) poses an additional security threat that other browsers don't have.

Takeaway: Internet Explorer's superior security controls should be weighed against the fact that it's the most frequently attacked browser in the world.

Mozilla Firefox 3.12

Artwork: Chip Taylor
Pros: This battle-tested veteran has security zones and a built-in add-on manager that allows you to easily turn off add-ons and JavaScript.

Cons: Setting up security zones isn't easy.

Takeaway: Firefox makes a good browser choice for PC users. In terms of security granularity and choices of controls, it's second only to Internet Explorer.

Apple Safari 3.2.1

Pros: Safari boasts the most accurate anti-phishing filter and always prompts users before downloading files. Safari (like Chrome) does a good job at blocking unwanted cookies.

Cons: Lacks security zones and the ability to turn off add-ons.

Takeaway: While Safari is a great looking browser, it's a mixed bag with respect to security. Still, Safari -- if fully patched and running on a fully patched system -- can be a secure environment.

Opera 9.63

Pros: Opera has extensive security controls and good protections against "denial-of-service" attacks.

Cons: Lacks security zones, the ability to turn off add-ons, and private-session browsing. Its lack of support for key Windows security features may put it at higher risk of buffer overflow attacks.

Takeaway: Opera is a great browser but hasn't been exposed to the crucible of constant attacks. Support for Windows' Data Execution Prevention and Address Layout Space Randomization features is needed before its use can be more highly recommended.

Google Chrome 1.0

Pros: JavaScript runs inside a virtual machine, thus providing some containment. Chrome (like Safari) does a good job at blocking unwanted cookies.

Cons: Chrome can't disable JavaScript -- a big problem considering JavaScript is involved in some of the most malicious Web exploits. Chrome allows passwords to be displayed in plain text, potentially exposing them to passersby, and has been plagued by relatively simple buffer overflow problems.

Takeaway: The security model Chrome follows is excellent, but the security choices Google has made for its browser are often abysmal. More troubling, the vulnerabilities that have been found in Chrome are simple and common ones that Google easily should have avoided.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
| 1 2 Page 2
Shop Tech Products at Amazon