Is there any difference in security between Microsoft’s Edge, Mozilla’s Firefox and Google’s Chrome browser?
This question was answered on October 26, 2016. Much of the information contained herein may have changed since posting.
Browser security should be on the top of everyone’s mind these days, as it’s one of the most likely ways you’ll be compromised.
Cyber-thieves know we spend most of our time on the Internet, so they’ve shifted their focus from just exploiting your OS (Windows, MacOS, etc.) to exploiting browsers in conjunction with operating systems and utilities.
Computer security has definitely improved over the years, so hackers have had to implement a ‘blended attack’ approach to compromise users.
Instead of exploiting one program or utility, they use a combination of attacks on various known vulnerabilities in the most commonly used programs to improve their chances of success and to gain deeper access.
Your web browser is often the first item on the list in these blended threats.
Measuring Security in Browsers
There are a number of things to consider when evaluating browser security, but none of them points to the absolute best browser for everyone to use.
Security and usability can often be at odds; the most secure options can be more difficult to use and the easiest to use can often be the least secure.
With browsers, the most secure options are generally the ones that strip features out or employ tactics that results in noticeably slower performance.
There is no such thing as a 100% secure web browser, so you need to find the balance between security and usability that best suits your needs.
One measure of security you may want to consider is how often the browser is updated, since the update interval represents the amount time hackers can exploit a known vulnerability before it’s patched.
Here are the standard update intervals for the most popular browsers:
Microsoft Internet Explorer and Edge – 30 days
Google Chrome – 15 days
Mozilla Firefox – 28 days
Apple Safari – 54 days
Opera – 48 days
Security Through Obscurity
The term ‘security through obscurity’ is often used to describe how lesser used technology can be more secure only because they’re less targeted by hackers.
The most popular browsers have the largest number of known vulnerabilities because cyber-thieves are willing to spend more time trying to exploit a tool they know hundreds of millions of people are using.
One of the reasons that Safari and Opera have longer update intervals is that they have fewer vulnerabilities (and users) than the others, which many would suggest is a great example of ‘security through obscurity’.
Vulnerability counts by themselves don’t really say much as the severity and complexity required to exploit them means a lot more.
At a recent hacking contest called Pwn2Own, Google Chrome came out as the most difficult to exploit, while Apple Safari and Microsoft Edge didn’t fare as well (Opera and Firefox were not part of this competition).
What’s Really Important
Focusing on browser security is kind of pointless if you aren’t keeping everything else in your system updated as well.
Here’s the biggest problem we regularly see - risky online behavior can negate most anything you do from a security standpoint, so surfer beware!
About the author
Posted by Ken Colburn of Data Doctors on October 26, 2016