Mozilla Firefox, Google Chrome or Microsoft Internet Explorer - Which Web Browser is Most Secured?
Accuvant LABS has just released some new research that compares the security of three of the most widely used web browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer. Google commissioned Accuvant to perform this comprehensive and independently designed security analysis to help advance the discussion of best practices in the security community. Our research findings are extremely thorough and complete, so we decided to create this blog to summarize the results.
Malware, spyware and viruses are all too familiar to those who regularly surf the web. These malicious programs can lead to system pop-ups, slowdowns, account takeovers, credit card theft, identity theft, and the theft of personally identifiable information. While antivirus and anti-malware can help prevent an infection, the first line of defense is using a secure web browser. For a person that surfs the internet, comparing and contrasting the security of different web browsers is difficult. Marketing materials are available to the average user, but they often contain direct contradictions and the reader ends up wondering which web browser is the most secure. Our research aims to fix that problem.
We compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques. Like antivirus or anti-malware software, each provides an additional layer of defense. The nice thing is, when anti-exploitation technology prevents an attack, anti-malware and antivirus aren't needed. The idea is that it’s a lot easier to keep a fortress with a moat safe than it is to protect a beach shack.
The reason that browsers haven’t been compared by these criteria before is that security architecture and anti-exploitation technologies are deeply technical. They relate to how the inner workings of a computer go about their business and understanding and comparing them is quite a task. The effort needed to analyze them is evidenced by the sheer size of our research paper.
Research that makes security comparisons can be controversial, as the data and tools are never subject to outside scrutiny. Our research strives to avoid that issue by making all the data collected, and the tools used to collect the data, available to the public. The intent in releasing this information is that all of the results and conclusions can be independently analyzed and reproduced.
The best way to judge browser security is to first look at anti-exploitation measures that each browser has in place. Accuvant looked at the internals of Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, and analyzed the anti-exploitation measures implemented by each.
The following chart shows the anti-exploitation measures used by these browsers. Each row represents a different anti-exploitation technology and each rocket represents a browser. The rocket with the highest position represents the browser with the most thorough anti-exploitation measures.
As the above chart shows, Firefox is behind when it comes to implementing anti-exploitation technologies. Internet Explorer and Chrome are close, but Chrome’s plug-in security and sandboxing architectures are more thorough and comprehensive. Therefore, Accuvant LABS has deemed Google Chrome to be the most secured against attack.
If you’d like to see more granular information regarding this conclusion, we invite you to read our white paper Browser Security Comparison -- A Quantitative Approach. The paper goes into the wonderful details of comparative web browser security.