Web browser Archives - BenWoelk.com

30
Jun 11
2

Updated: Choosing the Safest Browser, Part One

Category:Information Security,Infosec Communicator,Internet Safety,Uncategorized Tags : Best practice Browser Firefox Google Chrome Internet Explorer Internet Safety LastPass Mozilla Firefox Opera Software QuickTime Safari Web browser

This post provides an update to last year’s Choosing the Safest Browser post. Let’s take a look at what’s changed since June 2010.

Browsers

Last year, we looked at the following browsers to discuss which would be the safest:

Opera
Firefox
Safari
Internet Explorer
Google Chrome

Number of Vulnerabilities

How do you decide which browser is the safest? One way is to look at the vulnerabilities that were disclosed for each one. Attackers may exploit these vulnerabilities to place malicious code onto your computer.

In Spring 2010, my Cyber Self Defense class ranked the browsers in the order below according to which ones they thought had the most vulnerabilities:

Internet Explorer
Safari
Opera
Firefox
Chrome

According to the Symantec 2008 Internet Threat Report, here’s the list of browsers ranked from most reported vulnerabilities to the least:

Firefox
Internet Explorer
Safari
Opera
Chrome

The class was really surprised by this ranking.

June 2011

Let’s see how the rankings look from the Symantec 2010 Internet Threat Report. Here’s the 2010 list of browsers and number of vulnerabilities:

Google Chrome–191 vulnerabilities
Apple Safari–119
Mozilla Firefox–100
Microsoft Internet Explorer–59
Opera–31

I was surprised by this order. Ranking browsers by vulnerabilities reported, Chrome appears to be the worst and Opera the best. (In the 2008 report, Chrome had the fewest vulnerabilities!)

Average Time to Fix a Vulnerability

Another way to look at browser safety is how long it takes for a reported vulnerability to be fixed. How would you rank these same five browsers from shortest to longest patch time?

In the 2010 report, Internet Explorer had an average patch time of 4 days. Opera, Safari, and Chrome were each one day or less. (In the 2008 report, Safari had an average “exposure” time of nine days, compared to the “best,” Firefox, which normally took only one day to patch.)

Patch time alone doesn’t appear to be a factor when choosing the worst browser.

Safe browsing is important because the majority of attacks are web-based, peaking at almost 40 million per day in September 2010.

Does Your Browser Choice Really Matter?

In my opinion, not so much. Internet Explorer vulnerabilities are targeted more because it’s the biggest target. However, all of the browsers mentioned have vulnerabilities and all are patched relatively quickly. Many attacks actually target applications such as Adobe Flash, QuickTime, and the like. Malicious PDFs have also become a huge problem in the last year. What matters are safe practices!

Gadgetwise: A Tool to Help Secure Your Browser (gadgetwise.blogs.nytimes.com)
Avoiding Phishing (benwoelk.wordpress.com)

30
Jun 11
1

Choosing the Safest Browser, Part 2

Category:Information Security,Infosec Communicator,Internet Safety Tags : Best practice Browser Information Technology Internet Explorer Internet Safety LastPass McAfee SiteAdvisor Password Phishing Security Web browser

Safe Practices

Check your Browser Security Settings

How can you tell how secure your web browser may be? Scanit’s Browser Security Test checks your browser security settings and provides a report explaining the vulnerabilities, the potential impacts, and how to correct them.

Use Security Software

Your security software should include an antivirus, anti-spyware, and a firewall.

Update Regularly

Keep your browser and applications up to date. If you’re prompted for an update, accept it.

Use Strong Passwords

Use a strong complex password or passphrase. Consider using a password vault such as LastPass to generate and store your passwords.

Install Browser Tools/Add-ons

Current browsers all provide some protection against phishing. There are also browser tools that you’ll find helpful.

The Netcraft Toolbar is a browser plug-in available for Firefox. The toolbar helps stop phishing attempts by blocking known phishing sites and providing hosting information about the sites you visit.
The McAfee Site Advisor is a browser plug-in available for Internet Explorer and Firefox. The Site Advisor warns you of websites known to have malicious downloads or links by checking them against a database at McAfee.
WoT (Web of Trust) provides color-coded ratings of the safety and reputation of websites.

Limited Account Privileges

Limiting account privileges (WindowsXP) provides simple but effective protection when working online. Limited accounts allow you to do most daily activities but do not allow you to install software (only accounts with administrative privileges can install software on the computer).

Many attacks take advantage of administrative privileges to install malware on your computer. If you’re using a limited account, attackers and malicious websites will not be able to install malware. (This is less of an issue with Windows 7 and Mac OS X because they ask you to confirm software changes.)

Threats have doubled since 2009 and the threat vectors have increased. Vigilance is even more important.

One thing hasn’t changed. The key to safe browsing is not which browser you choose. It’s following safe practices.

Please comment on the post and let us know some safe practices you recommend.

McAfee announces Internet Security, Family Protection for Mac(macworld.com)
Gadgetwise: A Tool to Help Secure Your Browser (gadgetwise.blogs.nytimes.com)
Avoiding Phishing (benwoelk.wordpress.com)
The weakest link in computer hacking? (deurainfosec.com)

Tag Archives: Web browser

Jun 11

2

Updated: Choosing the Safest Browser, Part One