Google Chrome Most Resilient Against Attacks, Researchers Find (helpnetsecurity.com) 98
Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.
Why even compare (Score:5, Insightful)
Re: (Score:3)
http://i0.kym-cdn.com/photos/i... [kym-cdn.com]
Re: (Score:2)
The key sentence is the last sentence in TFA:
"It’s too bad that other popular browsers (Firefox, Safari, Opera) weren’t included in the assessment."
Re: (Score:2)
Firefox has been excluded from recent hacking competitions as "too easy", sadly enough, but I'd love to see how Safari, Opera stand up.
Re: (Score:2)
Because who ever would have guessed the headline,
Something else is more secure than Microsoft
hawk
Uh, Chrome vs Firefox is all that matters (Score:5, Insightful)
Seriously, what is the point of this unless it compares Chrome to Firefox. Those are the only ones that actually matter!
Re: (Score:2)
Chrome, Safari and Edge are the only ones that matter in the real world. Even if you combine both Firefox and Opera they still have less marketshare than any of those three.
Re: (Score:1)
Not true. Firefox has more market share than Edge.
Re: (Score:2)
Re: (Score:2, Funny)
Not for long. Edge's marketshare is increasing and Firefox's marketshare is decreasing.
And unless Firefox starts listening to their users instead of doing the opposite, and starts doing that five years ago, they're doomed.
Re: (Score:3)
Not for long. Edge's marketshare is increasing and Firefox's marketshare is decreasing.
Edge's usage is one quarter to one third [wikipedia.org] of Firefox's. It's got a way to go yet.
they're doomed
Unlikely. You should try Firefox 57. It will be released to the beta channel in a week or so [mozilla.org].
Re: (Score:2, Troll)
Firefox has always sucked on OS X.
Re: (Score:2)
Moderated "troll" by some idiot who only use Firefox on Windows.
Re: (Score:2)
Firefox has always sucked on OS X.
Moderated "troll" by some idiot who only use Firefox on Windows.
More likely by someone who confuses criticism and/or contrary opinion with trolling or baiting. /.
Welcome to
Firefox 57 will likely destroy Firefox. (Score:2, Informative)
Your attitude is a perfect example of why Firefox is on its way out. If you knew anything about Firefox 57 you'd know that it could very well be the final nail in Firefox's coffin. You would not be recommending that users look forward to it!
Firefox 57 [mozilla.org] is due in November, and it's the first release that's supposed to only support WebExtensions extensions. This will very likely break many existing extensions. Due to differing capabilities between the existing extension model and WebExtensions it may not even
Re: (Score:3)
Your attitude is a perfect example of why Firefox is on its way out.
What attitude is that? Rationality?
If you knew anything about Firefox 57 you'd know that it could very well be the final nail in Firefox's coffin.
Unlikely. Use Firefox 57 first, talk second.
Re: (Score:2)
Lets put it this way. In terms of 'number of installs' , Internet Explorer and Edge win because of being bundled with Windows. The only other browser that comes relevantly close is Chrome.
Between Chrome, Edge and Internet Explorer, you have covered about 95% of the world's consumer computers. It is obvious that their criteria is only volume...which seems to be why they have also neglected Safari.
Re: (Score:3)
Chrome, Safari and Edge are the only ones that matter in the real world. Even if you combine both Firefox and Opera they still have less marketshare than any of those three.
Given the general level of ignorance and stupidity that often leads to consumers being successfully hacked and exploited, I don't know why people continue to value the metric of marketshare when it comes to mass ignorance and browser usage.
Marketshare doesn't keep me secure. A good browser does.
Re: (Score:2)
But marketshare is what determines which browsers are tested when making websites. Clients won't accept a 10% increase to their invoices if Firefox represents only 2% of their users.
Re: (Score:2)
But marketshare statistics taken from where? Web developers websites? That's why 2%. Developers use Chrome, Safari and Firefox.
On real websites that everybody uses, Edge usage is higher than Firefox.
Re: (Score:1)
If the website you create 'breaks' because of the browser that I am using, I am probably better off just not going to it ever again.
Truths like this should frighten website creators. (note that I did not call them 'developers' or 'designers.')
Re: (Score:2)
Since when does Edge matter at all? All the statistics I've seen suggest users view Edge as their Chrome download application.
Re: (Score:2)
#otherbrowsersmatter
Re:Uh, Chrome vs Firefox is all that matters (Score:4, Interesting)
The point is to say "Hi, we're so skilled and want funding". Who cares about doing proper research, we're just doing enough to make a pretty 190 page document. Slightly more useful is a document that helps instruct new programmers on information on how to harden code, as opposed to a comparison on which features browsers implement.
My opinion on the research itself: A quick scan on the document doesn't have mention of "Punycode", which was a semi-recent vulnerability which is rather important. Comparing the speed at handling that issue gives a good indicaton on the health of the browser. (For reference, Chrome, Edge and Pale Moon fix the issue. Meanwhile, Firefox fails despite an alternate version working fine. You can test you browser yourself by visitng Apple.com [xn--80ak6aa92e.com] to see the secure lock symbol.)
Re: (Score:3)
My opinion on the research itself: A quick scan on the document doesn't have mention of "Punycode", which was a semi-recent vulnerability which is rather important.
This isn't that type of security analysis. It doesn't assess known vulnerabilities, but instead analyzes organizational and architectural characteristics to determine how likely the browsers are to resist future vulnerabilities. Both sorts of analyses are useful and informative. Rapid and effective correction of vulnerabilities discovered is an important tool for security, but so is designing for defense in depth.
Re: (Score:2)
Re: (Score:2)
Just what in the Firefox market share figures makes you think it remotely matters?
Re: (Score:3)
Firefox is but one open source projet. And the failure is not in being OSS, it's in not listening to their users, i.e. the users keep saying for years that your program has memory leaks, that you should fix that instead of adding more bloated features that nobody asked for, and all you do is put your fingers in your ears and go "la-la-la-I can't-hear-you-la-la-la" then of course you're going to fail.
Re:Open Source is a failure. (Score:5, Interesting)
And the memory leaks are largely caused by an unsafe extension system that is being replaced by a new, more thread-safe extension system. And the wailing and gnashing of teeth continue.
"Firefox has memory leaks!"
"Fixed the ones in Firefox, the rest are bad extensions (probably AdBlock)"
"Firefox's Javascript is slow!"
"Fixed that [arewefastyet.com]"
"Firefox is slow"
"We'll move to a new threading model that's lots faster and requires us to fix our leaky extension model too"
"You're breaking my extensions - why don't you listen to what your users WANT???"
[sigh...]
Re: (Score:2)
Never used any extension with Firefox. Still sucked on OS X.
Re: (Score:1)
Somehow browsers like Chrome, Safari, and Edge manage to avoid these problems that Firefox suffers from. Maybe it's because their developers are smart enough to avoid the problems in the first place, and don't go blaming everybody and everything else.
Funny you should say that considering firefox is switching to the extension api that chrome uses. Maybe you're more right then you know. To spell it out for those who can't follow along maybe the extention api really is the problem.
Re: (Score:2)
And yet at the time when Firefox started getting some serious criticism it was one of the fastest and memory friendly browsers on the market. You know what we can do to improve that? Fuck with the user interface, add things no one wants, force people to write shitty extensions to make Firefox act the way it used to and .... oh look those extensions are buggy and make it all slow.
The things you listed are bug fixes, not "what the users want".
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
In your long rant, you didn't mention any software project that is actually inferior.
But keep it up, if you are bored and have time to waste.
Are you kidding me?! (Score:4, Insightful)
Re:Are you kidding me?! (Score:4, Insightful)
Yeah, without Firefox, Safari, and Opera... it's really a pointless study unless you're merely looking for documented empirical backing for common knowledge.
Of course, the study was sponsored by Google. I'm willing to concede it was likely a fair study for what it studied, but I'd bet the scope was limited to make Chrome look better.
Re: (Score:3)
This is probably how it went...
Chrome vs Safari and Firefox: Chrome is 1.27% better.
Chrome vs the retarded Duo (Internet Explorer and Edge): Chrome is 45.9% better.
"Let's use the 45.9% one."
Re: (Score:2)
This is probably how it went...
Chrome vs Safari and Firefox: Chrome is 1.27% better. Chrome vs the retarded Duo (Internet Explorer and Edge): Chrome is 45.9% better.
"Let's use the 45.9% one."
Well, if you look at vulnerabilities and hacking competitions, FF is perhaps a bit better than Edge, but Safari is far worse. I think the choice was mostly made based on what enterprises are likely to use, since enterprise security is the main focus. That means the relevant OS is Windows, and enterprises typically either (a) use what comes with the OS (IE/Edge) or (b) use Chrome. Enterprise use of FF is rare AFAICS.
Not surprisingly. (Score:3)
Chrome is a pillar of Googles strategy against Apple, Facebook and MicroSoft. They'd be stupid to let things slide with Chrome.
Re: (Score:1)
Why would Safari be included? It requires a hardware dongle that most of us don't possess.
I have the Safari for Windows installer for version 5.34.51.22 but that's a version from 10/2014 and Apple hasn't released anything newer. It's producer has made it irrelevant to 'the rest of us.'
Important paragraph from the intro (Score:4, Informative)
There's an important paragraph in the introduction:
You can read the paper [x41-dsec.de] yourself to determine whether they succeeded at avoiding biasing their results. One up-front question is why they didn't include Firefox. Based on public vulnerabilities and Pwn2Own and similar competitions, FF is less secure than Chrome, but often better than Edge. Safari tends to trail by a large margin, so its exclusion doesn't surprise me, nor does the exclusion of Opera and other browsers with very small market share.
Being as how Chrome users... (Score:1)
...surrender all there personal info to google, I can see how this can be so.
Shit comparison, shit software (Score:2)
Link to actual research (Score:3)
https://browser-security.x41-dsec.de/X41-Browser-Security-White-Paper.pdf
because Slashdot editors are lazy. More seriously, this paper appears to be a must-read if you're responsible for desktop or other end-user security. (The examples are great.)
Re: (Score:2)
Just the orher day i was on a websight ... Seems like they all still have work to do.
And you have to attain 6th grade English level.
Time to broaden the definition (Score:2)
Re: (Score:2)
My work IT dept only allows a very small whitelist of extentions to be installed on chrome. Perhaps you should implement this at your IT department ?
Pointless advert (Score:1)
Pointless advert disguised as research. Did RTFA. Lost my time. Without including other browsers and OSes this has little value.
Useless report (Score:2)
requisite snark (Score:2)
Calendar (Score:2)
makes sense (Score:1)