enigma# Posted November 17, 2010 Share Posted November 17, 2010 (edited) Note: If and before you go raging, please read through the post carefully! It was brought to my attention recently that Bit9 had recently put in a dirty dozen list. For those who know don't know what Bit9 is, a software company in Advanced Threat Protection (software security). Essentially the dirty dozen list is a compilation of common software programs associated with the web and a numeric representation of their software vulnerabilities. Their list was: 1. Google Chrome - 76 2. Apple Safari - 60 3. Microsoft Office - 57 4. Adobe Acrobat - 54 5. Mozilla Firefox - 51 6. Sun JDK - 36 7. Adobe Shockwave Player - 35 8. Microsoft Internet Explorer - 32 9.RealNetworks RealPlayer - 14 10. Apple Webkit - 9 11. Adobe Flash Player - 8 12. Apple Quicktime and Opera Web browser (tied) - 6 I was quite shocked to see that MS Internet Explorer (who has a notorious reputation for seeming very insecure) be near the bottom. Please be aware that #vulnerabilties =/= (does not equal to) security In the vein of understanding what that means to the user, it means Google Chrome at the moment has MORE vulnerabilties than Internet Explorer! (http://www.bit9.com/company/news-release-details.php?id=175) My own investigation about it However, I decided to take a look further into this issue (with the limited information given by Bit9) and went to a different route. First I went to Secunia (a firm similar to Bit9) and found the following results [http://www.secunia.com] . Google Chrome 7.x – 12 - All Patched . Apple Safari 5.x for Mac OS X – 19 - 33% Unpatched . Apple Safari 3.x for Windows - 42 - 20% Unpatched . Mozilla Firefox 3.6.x – 72 - All Patched . Microsoft Internet Explorer 8.x – 67 - 29% Unpatched . Opera 10 - 10 - All Patched ------------------------------------------------ In this instance, if we look at vulnerabilities, Firefox and Internet Explorer top the list at 72 and 67 each. What I find interesting to note is that Apple Safari for Windows is more patched (according to Secunia) than the Mac OS version. Furthermore in this instance, Opera is the software with the LEAST amount of vulnerabilities. Take caution though as each vendor (e.g. Bit9 or Secunia) finds similar or differing vulnerabilites which impact the score. This is not an equation to security. ---------------------------------------------------- The question then becomes... how do we measure security for web browser? More importantly how do you measure (and pick your browser) security? A few factors to consider 1. Vulnerabilties (as discussed above) 2. Plugins installed and their associated vulnerabilities 3. Unknown bugs/vulnerabilities 4. User knowledge 5. OS-dependent security features (e.g. ALSR) 6. External factors Finally, aesthetic features play hand in hand as well 1. How it looks 2. How it works 3. Subjective work flow.... I mean these are all different factors in determining one's opinion about web browsers. Obviously, some will just use what is more convenient. What do you think? Edited November 17, 2010 by enigma# Quote Link to comment Share on other sites More sharing options...
Provin Posted November 17, 2010 Share Posted November 17, 2010 i always thought that internet explorer was the least secure but i prefer to use chrome and firefox, i tried safari but didnt like the look Quote Link to comment Share on other sites More sharing options...
Tommo Posted November 17, 2010 Share Posted November 17, 2010 double mozilla all the way. Nice post! Quote Link to comment Share on other sites More sharing options...
Jake Posted November 17, 2010 Share Posted November 17, 2010 Nice find! Quote Link to comment Share on other sites More sharing options...
VeN Posted November 18, 2010 Share Posted November 18, 2010 GOOGLE CHROME! Quote Link to comment Share on other sites More sharing options...
Guest The_Monkey Posted November 18, 2010 Share Posted November 18, 2010 I use all of them all the time, not just because I'm a webdev. I constantly toy and tweak and play around in each of the browsers. I end up assigning a niche to each browser, i.e, chrome for testing programs I write in our framework, firefox for surfing our forums, IE for internet radio and netflix, opera for surfing for random crap that could contain viruses, and safari for the lols. Quote Link to comment Share on other sites More sharing options...
Plaayer Posted November 19, 2010 Share Posted November 19, 2010 I use all of them too, in the order of: Chrome-Firefox-IE-Opera. But, has anyone noticed that the Chrome symbol looks like a advanced Pokeball? Quote Link to comment Share on other sites More sharing options...
bort Posted November 20, 2010 Share Posted November 20, 2010 The reason Chrome and Firefox show up at the top of that vulnerabilities list and MSIE shows up at the bottom is because they actually publish what bugs they are working on. MSIE keeps a lot internal to Microsoft and won't necessarily publish that a vulnerability exists until/unless it is already widely known or has the potential to be widely known. And I'm pretty sure the Chromium and Mozilla projects have a much more active bug reporting/fixing team, since they are open source and able to take direct help from the community. tl;dr ... Think of all the MSIE vulnerabilities that aren't on that list simply because Microsoft hasn't made them publicly known. Quote Link to comment Share on other sites More sharing options...
fox* Posted November 21, 2010 Share Posted November 21, 2010 i tried safari but didnt like the look judging a book by it's cover! Quote Link to comment Share on other sites More sharing options...
Sia_^ Posted November 21, 2010 Share Posted November 21, 2010 judging a book by it's cover! I was gonna date a fox but it was to hairy. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.