This post provides an update to last year’s Choosing the Safest Browser post. Let’s take a look at what’s changed since June 2010.
Last year, we looked at the following browsers to discuss which would be the safest:
Number of Vulnerabilities
How do you decide which browser is the safest? One way is to look at the vulnerabilities that were disclosed for each one. Attackers may exploit these vulnerabilities to place malicious code onto your computer.
In Spring 2010, my Cyber Self Defense class ranked the browsers in the order below according to which ones they thought had the most vulnerabilities:
- Internet Explorer
According to the Symantec 2008 Internet Threat Report, here’s the list of browsers ranked from most reported vulnerabilities to the least:
- Internet Explorer
The class was really surprised by this ranking.
Let’s see how the rankings look from the Symantec 2010 Internet Threat Report. Here’s the 2010 list of browsers and number of vulnerabilities:
- Google Chrome–191 vulnerabilities
- Apple Safari–119
- Mozilla Firefox–100
- Microsoft Internet Explorer–59
I was surprised by this order. Ranking browsers by vulnerabilities reported, Chrome appears to be the worst and Opera the best. (In the 2008 report, Chrome had the fewest vulnerabilities!)
Average Time to Fix a Vulnerability
Another way to look at browser safety is how long it takes for a reported vulnerability to be fixed. How would you rank these same five browsers from shortest to longest patch time?
In the 2010 report, Internet Explorer had an average patch time of 4 days. Opera, Safari, and Chrome were each one day or less. (In the 2008 report, Safari had an average “exposure” time of nine days, compared to the “best,” Firefox, which normally took only one day to patch.)
Patch time alone doesn’t appear to be a factor when choosing the worst browser.
Safe browsing is important because the majority of attacks are web-based, peaking at almost 40 million per day in September 2010.
Does Your Browser Choice Really Matter?
In my opinion, not so much. Internet Explorer vulnerabilities are targeted more because it’s the biggest target. However, all of the browsers mentioned have vulnerabilities and all are patched relatively quickly. Many attacks actually target applications such as Adobe Flash, QuickTime, and the like. Malicious PDFs have also become a huge problem in the last year. What matters are safe practices!