A recently conducted and published browser security comparison by Accuvant Labs comes to the conclusion that Google’s Chrome browser is more secure than Firefox and Internet Explorer. The researchers looked at specific browser security technologies and their implementation in web browsers. That’s an analytical what-if approach, and fundamentally different from analyzing a browser’s vulnerabilities in the past.
Only the most recent versions of Microsoft Internet Explorer (9), Google Chrome (12 and 13) and Mozilla Firefox (5) were analyzed. Other browsers, like Opera or Safari, were not included in the research.
The results and areas that have been analyzed in the study are displayed in the table below.
All three browsers have implemented industry standard data execution prevention, address space layout randomization and stack cookies anti-exploitation technologies. The researchers found Firefox’s sandboxing, plug-in security and JIT hardening to be either unimplemented or ineffective. They also concluded that Chrome had the edge over Internet Explorer as the browser’s implementation of sandboxing and plug-in security was industry standard, while Internet Explorer’s was not.
Here is the conclusion of the research paper.
The URL blacklisting services offered by all three browsers will stop fewer attacks than will go undetected. Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art anti-exploitation technologies, but Mozilla Firefox lags behind without JIT hardening. While both Google Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies,Google Chrome’s plug-in security and sandboxing architectures are implemented in a more thorough and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured against attack
Neither the fact that the research was sponsored by Google, nor the missing definition of industry standard disqualifies the research paper immediately. It is however something that needs to be addressed and looked at.
It needs to be noted that core browser security plays just a part in a user’s threat protection. Other factors include the operating system, up-do-date plugins and browser versions, browser extensions or security software.
What’s your take on the research paper?
© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: browser security, Security
0 comments:
Post a Comment