Super UserMost secure browser
[+28] [11] Russell Dias
[2010-11-11 12:51:10]
[ security browser ]

I apologize for the sensationalist title. I do not wish to begin a flame war here, but rather, I require some answers based on fact.

I had a rather quick conversation with the father of a friend of mine. Who happened to be some sort of security analyst.

He claimed that IE was currently the most secure browser on the market because it supports:

Scouring through the web on the above issues and their browser support didn't prove very fruitful, and I'm curious to know if is this an accurate depiction of the current browser state?

The AES counter mode is essentially used for encryption (which I'm sure is supported by all modern browsers) but only uses the Galois Message Authentication Code (GMAC) for authentication purposes. I was curious to know how this was browser dependant? As I can't seem to find much information regarding GMAC and browser dependencies at all.

(4) Ack... time to run for the hills! - Andrew Barber
(3) I actually like this question - the title may sound subjective, but you are really trying to approach this from an objective PoV - and I agree with that. However, it's really not programming related. - AviD
Hmm thats true. Would it be better suited as a community wiki ? or just not suited for SO at all? - Russell Dias
@Russell, it's really not SO. - AviD
(3) However, I would point out that while your friends father is technically correct - and these points ARE important - "most secure browser" actually relies a lot more than simple (sic) cryptography implementations, rather a usage model analysis is necessary. E.g. common uses, plugins, failure modes, probable / possible site bugs, malicious sites, etc etc. - AviD
@alex, or to the security site on SE [… which should be opening any day now :) - AviD
My reason for voting to close this as "subjective" is actually contained in the question itself; the last bullet point. Such a bullet point could be added to the list of reasons any product is "more secure" than its competition. - Andrew Barber
@Andrew Well yes that is a subjective aspect. But, I'm sure there are plenty of SO questions which are objective in nature and yet have elements of them that are largely subjective. But, I do agree that this is not entirely programming related. - Russell Dias
@Russel: That's true; the 'off topic' votes are probably more accurate, and what is 'subjective' (or what is problematically subjective) is itself, really, subjective. :P It's definitely an interesting topic to consider though, I think! I hope it finds a SE home. - Andrew Barber
(2) With the constant updates to all the browsers, it's also a question whose answers will almost quickly be out of date and inaccurate. - BBlake
[+32] [2010-11-11 13:36:50] Fabian

I would argue that the most important metric for browser security is the amount of exploitable bugs (and their severity) and the time they stay unpatched. You can find some statistics about that e.g. on the Secunia website ( Statistics for IE8 [1])

The encryption algorithms are usually not the weak point, the implementation of the functionality with the inevitable bugs is it. A list of security features means nothing, if there are exploitable bugs in the application.

Another important point is the market share of your browser. The most common browsers and operating systems are more likely to be attacked. Using an uncommon browser does protect somewhat from untargeted attacks.

It is also essential to keep your browser up to date, any older browser is vulnerable. That gives an advantage to browsers that update silently like Chrome.


(6) 100% agree. Unbreakable encryption doesn't matter if you have an exploitable buffer overflow in your JavaScript engine. - Michael E
(1) Required cliche: "Only as strong as its weakest link" - Nick T
(1) “A list of security features means nothing, if there are exploitable bugs in the application” That's not totally correct, though, as some features may provide defense in depth. An example of this are activating DEP and ASLR or running with low integrity (on Vista/7) that may mitigate attacks that would otherwise allow access to the system. And yes, such countermeasures are orthogonal to exploitable bugs in some cases. - Joey
Security by obscurity, is not true security. - Anonymous Type
The features your friend mention are just for HTTPS/SSL (secure connections). They mean nothing for the regular HTTP traffic that most sites use. They are related to security in the sense that they are used for encrypt the data sent over Internet so it wouldn't be intercepted, but that doesn't prevent you from being infected by a virus is the web site is attacked and modified to exploit IE vulnerabilities (although the malicious code would travel secure inside the TLS/AES/etc. connection :-) ). - Alberto Martinez
@Joey Those techniques weren't in the list, and most of them can be used by any browser. You're of course right that they can prevent exploitation of vulnerabilites. They are a useful second line of defense, and in the end we end up with less exploitable vulnerabilites due to them. - Fabian
Ah, sorry; didn't notice you were referring directly to a list within the question there. - Joey
[+14] [2010-11-11 13:44:09] Joe Taylor

Judging by this Article:
Its google Chrome that stands above the rest at the moment.

Browser vendors often make strong claims about their responsiveness to vulnerability reports and their ability to preemptively prevent exploits. Security is becoming one of the most significant fronts in the new round of browser wars, but it's also arguably one of the hardest aspects of software to measure or quantify.

A recent contest at CanSecWest, an event that brings together some of the most skilled experts in the security community, has demonstrated that the three most popular browser are susceptible to security bugs despite the vigilance and engineering prowess of their creators. Firefox, Safari, and Internet Explorer were all exploited during the Pwn2Own competition that took place at the conference. Google's Chrome browser, however, was the only one left standing—a victory that security researchers attribute to its innovative sandbox feature.

However I personally prefer this statement:

Browser security tips
Instead of accusing one browser of being weaker than another, real-world testing has revealed that users should pick a browser that has the security features and functionality they desire, and implement the following suggestions.

•Don't log on as admin or root when running an internet browser (or use UAC on Windows Vista, SU on Linux, etc.).

•Make sure the browser, OS and all add-ons and plug-ins are fully patched.

•Don't be tricked into running malicious code.

•If unexpectedly prompted to install third-party software while browsing a site, open another tab and download the requested software directly from the software vendor's website.

•Be careful about which add-ons and plug-ins you use. Many aren't secure, many are very insecure, and some are actually malware in disguise.

Source: [1]


I do like the bug bounties to pro-actively pursue bugs in chrome and google apps - aking1012
Apple also pays people to try and find bugs, it makes sense to do so. There's no incentive for hackers to hand over exploits to the big companies when there are other, less reputable, people who would pay them for exploits. If the big companies want to be seen to be taking security seriously its time to dig deeper into the pockets - Joe Taylor
[+11] [2010-11-11 13:50:49] harrymc

A good answer to this question is given by Which browser is the most secure, is that the question? [1]

Better (and more useful) advice than “Which browser is most secure?” would be “How can I best secure my browser of choice?”

Browsers are more or less secure depending on what you are measuring:

  1. The father of your friend values encryption algorithms.
    Unfortunately, that is not much of a protection against exploits.
  2. The GIAC Advisory Board values the number of live threats intercepted by the browser's reputation system: IE8 85%, Safari 29%, Firefox 3.5 29%, Chrome 4 17%, Opera 10 less than 1%.
  3. CanSecWest [2] values how long can a browser resist the same hacker. The order from best to worst is : Chrome, Firefox, IE8, Safari.
  4. PCWorld [3] votes for Chrome, quoting the opinion of expert Dai Zovi, because of its sandbox.
  5. Symantec [4] votes for Opera, because of its shortest window of exposure before exploits were fixed.

As I agree that the real question is what effort one is willing to invest in order to secure the browser, I personally vote for Firefox, because of the number of available security-oriented add-ons that make this task much easier.


[+3] [2010-11-11 19:05:09] vdboor

Rather then mentioning the list of security features, consider to reverse the question. How many posibilities are there to allow hackers to get in?

  • If parsing the URL fails, could the Internet zone be mistaken for Local zone? (yes)
  • If ActiveX security fails (which it did in the past), can you start a random system control? (yes)
  • If the HTML parser fails (which it did in the past), what memory area can you exploit?
  • If the file type detection fails (which it did in the past), what happens when you put a <script> tag in a GIF comment? (whoops)
  • If the CSS expression(..) allows evaluation of JavaScript in markup, when happens with [font color=...] code in UBBC forum markup? ;-)

Most normal powerusers see the limitations like "download protector" and "xss filter". The bigger, and more security features something has, the better it seems. A complex security system seems like a good idea.

Hackers reverse the question. They don't look at limitations, they look at possibilities.

  • With a complex and large security system, could it be that someone made a mistake in there?
  • If the XSS filter alters the page, can I abuse that?
  • If there are many "poweruser" features there, can they be leveraged to exploits?
  • If there are is a password protection, can I confuse it with weird input?

In this retrospect, MSIE scores pretty low on security.

For example Chrome/Firefox never allow accessing local content through "security zones". They never ever give access to system components (ActiveX). They reject web content when a MIME type is missing (no auto detection!). Furthermore, no powerfeatures like expression(..) in CSS or overly smart recovery that by accident bypasses security.

I disagree that Chrome/Firefox disallow access to system components (as ActiveX does). They, in fact, do via the plug-in system. There is nothing preventing the plugin author from doing whatever they please. In fact, an ActiveX control on IE has less rights than a plugin on chrome, because IE runs in a lowered security context itself. - AngryHacker
@AngryHacker a plugin still need to be installed first (e.g. tricking the user into installing it). ActiveX is there by default. - vdboor
IE pops up an ungodly amount of "Are you sure?" messages boxes when an ActiveX controls wants to install. I think at that point, the user has pretty well been informed of the danger. - AngryHacker
[+2] [2010-11-12 00:23:05] Nick Gorbikoff

Here is a very objective opinion based on personal experience: I'm a system admin for a mid-size company, and before that I worked for a 90,000 -employee multinational - also doing system administration, plus some jobs on the side, and all the friends and relatives that I have to support.

It's not the browser it's the USER. It doesn't matter weather you use Chrome, Opera, Firefox, IE, Safari, etc. If the user doesn't follow basic secure browsing procedures - it doesn't matter which browser they use. If they are stupid / inexperienced enough to go on a phishing site and download spyware / trojan / virus - browser won't matter! Also while IE9 or IE8 may introduce and provide all of these features, most users tend to ignore & disable them. Also IE require for running of ActiveX and other crap - that be definition IS ONE BIG SECURITY HOLE.

Having said all of the above, here are the criteria that affect browser's security assuming we are dealing with an educated user, who won't mess things up:

1) Active development - namely New threat/exploit to update-time ratio
2) Obscurity - the more obscure is the browsers - the less likely it be targeted by hackers who are looking for exploits. Number of threats is much larger for IE then let's say Opera ( the are market shares are also incomparable)
3) OS Platform - since most malicious activity / research is directed towards Windows, Konqueror is a lot more secure then IE, simply because of the nature of the beast. 4) Availability of third-party plugins such as ad blockers.
5) Integration with anitvirus software - for instance AVG toolbar.
6) Availability and support of modern encryption mechanisms

Based on that criteria, here is my personal preference from best to worst
1) Firefox
2) Chrome
3) Opera
4) Safari
5) IE

I'm assuming we were talking about windows OS - since it's not that big of an issue for other OSes, but for MacOSx:

1) Firefox
2) Camino
3) Chrome
4) Opera
5) Safari


[+2] [2010-11-11 18:24:21] DaveD1948

I agree with the comment identifying the use of the term "secure" here.

The most secure Web browser? What does that mean?

Was the argument about personal security on the Internet - or say, communication security between a browser and a given Web site?

Surely, things like TLS 1.2 and Elliptic Curve Cryptology, etc. all go into making a secure communication session. Since other browsers may not take advantage of these technologies [yet], and since all uber-technical-types want to measure the length of their member using their own ruler, then given the metrics chosen by those in the security field, IE might win the #1 Cryptology Awards. And that's fine for them.

Ratcheting up your specs with the latest versions of high-profile encryption puts the focus of security solely on the communication channel - and not the whole experience. It's like wearing a bright spiffy ribbons-and-gold adorned uniform with lots of stars on your collar. It has little to do with your character. It has a lot to do with how you want others to see you. And that's self-promotion which counts for nothing.

But surely, if you want to know which browser has the highest chance of getting you nipped by some malware infected Web site on the Windows platform, IE wins hands down.

Lack of openness, sloppy, business motivated design, just the pure bulk of it along with Microsoft's on-again off-again attention to it, and their insistence to jam it full of wildly dangerous and powerful OS level language hooks, leaving that on top of the worlds most poorly written OS in the first place, pretty much screws them into last position every single time. But get a bunch of security professionals in an auditorium, and get a bunch of marketing types to tell them about all you're doing with the latest elements of security and bah-dah-boom, you got hundreds or thousands of converts all talking the same talk and promoting your product over those who's credentials and performance are better. They got religion. Good for them.

The real truth is - the most secure Web browser is not about communication channels any more than banning printer cartridges on airplanes will make our homeland more secure. In fact, that's the whole problem right there. We get hit in the head by a baseball and ban baseballs. Baseballs aren't the problem. It's about building systems that let the least amount of malice through, and IE ain't it.

The DoD and Homeland Security need iron-clad communication channels and safe browsing environments - at both ends. But they're not using a Web browser to shop shoes or scan their favorite blogs which may be laden with [software] bombs and malice.

If on the other hand, you want the worlds most secure browsing experience on Windows, use Google Chrome with a few simple, openly available extensions (adblock, flashblock, etc.) and enjoy yourself.

And if you read the industry reports and comparisons to come to your own conclusions, make sure you depreciate those by authors who stand to benefit by your choice.

+1 I like the analogy in the middle. Drives the message right home. Building preventative measures is definitely the right way forward. - Russell Dias
[+1] [2010-11-12 07:36:51] Digital Dude

To me there are no most secure web browser, if a hacker wants to hack it will surely be cracked. There can only be with tighter securities to makes things difficult for hackers but this will result in lesser access where developers will have alot of limitation developing the plugins/extension. Take for example,

Its either you want to make end-user more happy or tighten up the securities to inconvience to the end-user.

IE is mainly the target because of large number of user-based and hackers always default to Microsoft for some reasons...

[+1] [2010-11-11 13:46:09] aking1012

"most secure" cannot be boiled down to crypto-systems unless there is a checkbox for disable http/require https for all sites/verify full certificate chains fail closed. If this option were available and it was still usable he might be right by virtue of the fact that you would only go to "signed" sites and any issues should be trackable. The problem isn't really IE as much any more as it is plug-ins and DEP/ASLR opt-outs. On that note did you know that FF opts out of apparmor policy by default on ubuntu boxes? So that problem is not uniquely IE or windows. As to most secure, I think it depends a lot more on configuration than browser platform. I would look to more standards compliant browsers than IE though. There is a tendency for there to be an IE way to do it and an everyone else way that works on webkit based etc. I prefer FF just for the consistency across platforms and the plugins i use(firebug,torbutton,noscript,adblock,greasemonkey,etc), but don't have a problem with opera or safari. They are all rendering webpages more consistently and are early supporting the developing html5 spec pretty well. The functionalities in the html5 spec may let us get away from flash(imho evil - note:actionscript can let you bypass some memory protections too even if they are present).

[+1] [2010-11-11 16:46:42] SEJeff

Real hackers tend to disagree with your friend's conclusion:

The most secure browser is Google Chrome. Ask him about how Internet Explorer's sandboxing and process isolation works in comparison to Chrome's. Hint: Internet Explorer's process isolation isn't really process isolation as it just launches a few more iexplore processes instead of one per tab. There is a huge list, but basically your friend is a) trolling or b) not technically able to answer the question properly.

[+1] [2010-11-11 18:06:15] Graeme Perrow

Listing security features like ECC and TLS 1.2 is meaningless considering the number of web sites out there that use them (which is very close to zero). This is telling us about these links in the chain which are made of the strongest steel available, and not mentioning those links over there made of tinfoil.

[+1] [2010-11-11 18:13:34] Ken

That's an impressive alphabet soup of encryption protocols. If you're sending sensitive data over HTTPS, those are great to have.

But at the end of the day, there are still remote exploits for IE, from time to time.

I would say the most "secure" browser is the one that doesn't compromise your computer's security on non-SSL pages. When I'm typing a credit card number into a web form (even over SSL), I know I'm taking a risk, however minor. When I'm just clicking around, I tend to assume that's 'safe', and I think most other people do, too.

And for that, my money is on Grails [1], which, AFAICT, has never had a single remote exploit in its entire 15-year history.

Granted, a lot of that is due to being unpopular and not supporting much in the way of modern web standards. But those were never conditions of the title: just "most secure browser".


(2) "Grail supports full HTML 2.0, including images, forms and imagemaps, and many HTML 3.2 features", and obviously no CSS - which makes it pretty unusable these days. - paradroid
But the claim was "most secure browser", not "most secure browser with support for particular features". Personally, I would call IE "pretty unusable", both due to its UI and due to its lack of support for modern web standards, but that's independent of the security claim. - Ken