HOW SECURE IS YOUR BROWSER?
It is difficult to find out ...
Posted by Andrew Spencer on 27/07/2012
I thought I would take a look at how secure my Internet browsers are. "Why?" you may ask. I use the Internet for online banking, and am also buying things frequently - using cards - so security is important, but why worry about the browser when you have firewall, anti virus and anti malware software installed on your machine?
whatever you're doing on the web, make sure you have the latest version of your browser
Bottom line is that the browser itself is vulnerable to attack and I have been surprised lately by the number of new versions of the two browsers I use most on desktop and laptop - Mozilla Firefox and Apple Safari - that have been appearing, mainly to fix security issues. Firefox has gone from version 4 in 2011 to version 14.0.1 now - in less than a year!
The interesting thing about all this is it is difficult to find up to date information in the public domain that examines how secure browsers are.
Security vulnerabilities in your browser can be exploited, bypassing all the protection you have installed, and all sorts of bad things can happen to your machine. Trojans can be inserted that take control of your desktop or laptop, turning them into robots under the control of spammers or worse, or Trojans that capture your online banking login details and pass them to servers in Egypt, China or Brazil. I personally cleaned up a friends laptop that was infected with this one recently and that laptop had Windows Firewall switched on and anti-virus software installed and up to date.
This sort of attack affects PC's the most because they are so common but increasingly Macs are becoming targets. Vulnerabilities in Safari have been exploited recently. So which browsers are most in use? Some recent figures (May 2012) show that as far as desktop and laptop machines are concerned there are 3 big players and a couple of bit part ones:
Internet Explorer - 54%
Firefox - 19%
Chrome - 19%
Safari - 4%
Opera - 1%
The mobile device picture is very different, simply because of the market dominance of the Apple mobile devices; iPad, iPhone, iPod:
Interestingly I could not find any information about mobile device browser security though I do hear that mobiles are starting to come under attack through malware, mainly hidden in apps; so not a browser issue. Organisations can get advice from their IT services/infrastructure providers as to security best practice including which browser to use and what its security and privacy settings should be. But what about individuals?
I found one report that is reasonably current (though does not reflect the flurry of recent Firefox releases) from December 2011, which was quite widely reported on in the tech press. This report by Accuvant ranked the big three browsers in terms of their overall security features: Chrome first, IE second and Firefox third. Accuvant rated 4 of the 7 security features tested in Firefox either unimplemented or ineffective. This probably accounts for the rash of recent releases!
It should be noted however that whilst one can be reasonably sure that the testing was independent the study was funded by Google, the makers of Chrome! The scope of the testing however seems to have been pretty thorough and penetrating.
Whilst there are more secure browsers out there than the big three the vast majority of us are using one or more of these 3 or if on a Mac we are likely to be using Safari as well. How can you make your browser more secure? Most importantly download the latest version of the browser you are using. It will be more secure. Interestingly many Firefox users (37%) are reluctant to download the latest version; why? Strange and unexplained.
I found one good resource that documents how to make your browser safer: this is from the University of California Santa Cruz Information Technology
Services: Web browser secure settings. This resource covers Firefox (Mac and PC), Safari (Mac), IE (PC), Chrome (Mac and PC). A good general resource covering all manner of Internet nastiness is the CERT Coordination Center (Carnegie Mellon University Software Engineering Institute).
Do check this information out and stay safe!
Until next time ...
During Andrew's extensive business career he has worked in a wide cross section of companies, specialising in the creation of contact centres and business systems, software development, telecommunications and project management. Andrew's key skills are:
Business planning and strategy
Matching technology to business needs
Software development and implementation
Designing and implementing business systems
His work has included sourcing and implementing a new integrated telecoms system for National Energy Services, designing and project managing a new IT and telephony structure for the Greyhound Racing Association, and directing technology development for Wembley plc.