Friday, August 31, 2012

Internet Browser Security - Biased Claims

Recently a colleague asked, Which is the most secure web browser available?

The question resulted from something the InfoTechnology side of the house had shared, that only Internet Explorer was the most secure of Chrome and Firefox, which is why the two would not be allowed in a K-12 setting. Having encountered this foolishness in other K-12 districts, I was quick to respond.

But then, I started to wonder--what research did I have to back up my claim that the IT folks were lying?

  1. A recent Accuvant study--commissioned by Google--revealed that Chrome (the second most popular browser) ranks as the most secure web browser when compared to Internet Explorer (the most popular) and Firefox. (Source)
  2. Ok, everything out there seems to refer to the Accuvant study. Sigh.
  3. Protected Mode in the beta version of IE 10 running on Windows 8 is close to gaining parity with the current Chrome sandbox.   (Source)
  4. Internet Explorer 9, Geier writes, offers the most basic password storage. Unlike the other two browsers, there is no way to view or edit passwords in the settings. (Source)
  5. Take a look at this research finding by NSS Labs from Q2 of this year:
    It tested the top browsers and actually found IE9 to be the most secure, with components such as URL reputation and Application reputation. (Source)
So, what about also loading the following on whatever browser you choose?
Ok, that info aside (all biased anyways), which browser makes you feel safest? And, what do you think of IE being touted as the most secure in K-12 settings?

Get Blog Updates via Email!
Enter your email address:
Delivered by FeedBurner

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

1 comment:

Anonymous said...

Talking with IT staff about IE always ends up ridiculous. "You say (other browser) is faster and more secure...can you prove it?" Well, actually it's their job as IT staff to provide the best solutions possible. They should be out there reading honest sources and making these decisions, but instead they're reading free subscriptions to advertiser-biased industry rags and taking everything their commission-based hardware rep says at face value.

We shouldn't have to explain that IE has a history of weak security, slow speed, an outright destructive approach to standards, etc to the point that it should take years for them to build up any trust. We shouldn't have to explain that no, web browsers aren't "all basically the same at this point".

We shouldn't feel like our IT departments are against us.

The Courage to Lead