According to Microsoft, Chrome on Linux only gets a 2.5 for security!
Posted on 10/13/2011 7:28:52 AM PDT by ShadowAce
Summary: Microsoft is trying again to con people into thinking that Internet Explorer is the safest browser around. It’s not. At best, it’s tied with Chrome.
According to Microsoft, Chrome on Linux only gets a 2.5 for security!
Microsoft has always been fond of paying analysts to say that its products are best, or having partners release reports showing how their rivals’ products are second-rate, and, now, Web sites that “show” how Internet Explorer (IE) is better than Chrome and Firefox when it comes to security. Really? Didn’t Microsoft just release yet another major Internet Explorer patch?
I quote from the IE patch update (MS11-081), which apples to all currently supported versions of Microsoft Windows and Internet Explorer and IE 6 as well: “The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Yes, that includes IE 9, the best and most up-to-date IE which is only available on Windows 7. Isn’t it funny how Microsoft claims that IE 9 is the most secure of its browser family, but somehow it has to have the same problems fixed that exist in IE 6, 7, and 8? Could it be that it’s really not that different after all from the rest of its historically insecure family?
If you go to Microsoft’s Web browser security “test” site, Your Browser Matters though, it will tell you that IE 9, with a score of four, is the most secure browser of all. Funny, it told me that it was the most secure both before and after the patch.
As for the other browsers, it informs me that Firefox 7.01 only rates a 2, and Chrome 14 gets a 2.5. And, this I might add, were my scores on my Mint Linux desktop!
How can they produce such clearly nonsensical results? It’s because they’re setting the rules on what’s important and what’s not. So, for example, Microsoft give IE full credit for its SmartScreen malware detection software. With SmartScreen, software that signed with a digital certificate that Microsoft trusts is allowed to be saved or ran. Chrome, on the other hand, blocks known malware, but lets you save unknown, potentially dangerous programs.
On the other hand, if you do download malware with Chrome, the program is still stuck in a sandbox, where it has very limited abilities to actually attack your system.
Besides that, Chrome automatically upgrades browser extensions as security fixes come out. Since programs like Adobe Flash are often used for attacks these days, and in Flash’s case there have been 17 significant patches in the last 16 months, I think automatic security updates for Flash and other potential problem programs are a big deal. While Microsoft acknowledges that it doesn’t provide these important features, it doesn’t take away any points for lacking them from its perfect score.
Interesting judgement call there Microsoft.
Johnathan Nightingale, Mozilla’s director of Firefox engineering, also has trouble with what factors Microsoft considers important and what it doesn’t. “Mozilla is fiercely proud of our long track record of leadership on security. We believe that being safe on the Web means having a robust browser that defends against malware and phishing, includes new technologies to help sites and users secure themselves, and a responsive security team that gets security updates out quickly and reliably. Microsoft’s site is more notable for the things it fails to include: security technologies like HSTS [HTTP Strict Transport Security], privacy tools like Do Not Track, and vendor response time when vulnerabilities are discovered,” said Nightingale.
Exactly so. Firefox has long been a leader in browser security. True, Microsoft has gotten a lot better about security, but Firefox was doing it when the horribly unsafe IE 6 was still the best Microsoft could do. True, today. you can make Windows and IE relatively safe. No, really you can. All you have to do is constantly and regularly patch it.
Those of us who use other operating systems, like Linux and Mac OS X, and alternative browsers such as Chrome and Firefox, can sit back and relax more. Don’t get me wrong. We must patch our software as well. As security guru Bruce Schneier points out, “Security is a process, not a product.”
Security also isn’t something though that you measure by a Web site that, when you get down to it, simply checks to see what your browser you’re running is IE 9 or not. Deciding what’s a secure Web browser a lot more complicated than that. Personally, thanks to Chrome’s auto-updating and sandboxing, I feel a lot safer running Chrome on Windows than I ever will running IE.
So how many geeks out there think I should be flayed alive for using Safari? I’ve never had an issue with it. I know the smaller population of users means that viruses aren’t (usually) targeted at Macs but website exploits should be equal opportunity attackers.
I just bailed from IE, it was slow as molasses in January and constantly froze. Just couldn’t take it anymore!!!!!
I downloaded Google Chrome which is so much faster I can cruise through my daily website list in about 1/2 the time.
Lately, I seem to get as many or more patches for Firefox as for IE.
I don't criticize anyone over something I know nothing about. I've heard IE9 is better, but I still won't use it (for several reasons).
I use Safari and love it. No Flash. RSS, PDFs and other files display perfectly. Chrome is faster, but I’m stuck in my old habits...
Flash is available for Internet Explorer 9.
This article is by a friend of mine who is in charge of keeping Firefox secure....
https://spartiates.wordpress.com/2011/10/12/microsofts-browser-security-website-marketing/
It will not install on my computer x20. I do not understand the Geakese directions so the effect is that it will not work!
Opera’s working fine for me.
I read the article, and find absolutely no evidence as to which browser is better. It’s nothing but a rant from another MicroSoft hater.
Which is not to say which browser is best. Only to say that you certainly won’t learn anything from this guy.
I’ve been using Windows 7 and IE9 since they came out, and haven’t had a single problem. No idea whether that’s MS or my various antispyware programs. But IE9 is fast, convenient, and seemingly pretty secure.
More secure than other programs? No idea. But I like it.
Safari is fine but it has its own problems. There are some sites that just refuse to play with it.
What am I missing? Adobe has a Flash plug-in for Safari. I use it and it works perfectly on Safari on a Mac (just not on an iPhone). I can't speak for iPads, but speaking for Scoutmaster, Mrs. Scoutmaster, and the assorted Scoutmaster-ettes, Safari runs Flash on one MacBook and multiple MacBook Pros, iMacs, and Mac Pros.
I use Safari, Firefox, and Chrome - which browser I open depends on what I'm going to do.
THAT is funny!! lol!!!
When comparing it to the latest version of IE it’s absolutely true. The issue Microsoft has is people are still running XP and IE6/7.
Everyone wants to compare the latest and greatest vs. Microsoft’s stuff from over 10 years ago. The amazing thing is that the 10 year old software still competes. Once you compare to the latest and greatest from Microsoft they generally win.
I have the extension, or whatever its called, that blocks Flash from playing unless you want it to. Click on the flash box on a page, and it will play.
I’m sorry. I misunderstood. I thought you were saying that Flash didn’t play on Safari. My mistake.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.