Google Chrome offers more protection against online attacks than any other mainstream browser, according to an evaluation that compares exploit mitigations, malicious link detection, and other safety features offered in Chrome, Internet Explorer, and Firefox.
It seems that this report sponsored by google, cherry picked those security methods that Chrome is ahead in to show that Chrome is best, and ignored other security factors.
I saw the headline and knew I wouldn’t be reading the report. These reports are often biased… just pick the browser you like and be done with it.
And just like Javascript benchmarks, I have to wonder how much this really matters anymore. I mean, in the days of IE6, it mattered a lot. But really, are browsers still so insecure that the security of one over the other would be the deciding factor in which browser you choose? I’d guess that blocking Flash by default would make you a lot safer, no matter which browser you were using.
And if people rely on something that is designed to display HTML documents in order to get strong security, something is deeply wrong with current OSs.
Only light software can be made truly secure. Modern HTML, CSS, and Javascript standards are anything but light, and logically their parsers are a bloated and insecure mess.
Same opinion here.
Although I develop web business applications for living, I am the opinion that many applications only have a place as desktop applications.
The browser is to read documents.
If all OS’s would agree one a format so you could write once and run anywhere and which has a solid update framework you would be right. BUT it will sooner snow in hell so html5 is the next best thing.
This is a fool’s dream.
Just try to create a web application that works the same way across multiple browsers and operating systems, without being full of browsers and operating systems specific hacks scattered around JavaScript and CSS files.
Actually Blocking the Java plugin is more important than Flash, but Flash gets all the hate.
Chrome and IE have better Sandboxing … Firefox’s seems to be non-existant.
JS really isn’t insecure anymore, you may still get annoying popup windows but that is really the worst that it can do, even trying to spam the window all of the browsers will pick up and ask whether you want it happening.
Not sure where you are getting your information, but there are pleanty of JS related exploits out of there that are very much a threat.
I’m guessing you meant JS based attacks on the OS, which have been pretty rare as of late. Most are actually focused on hijacking the session to launch Cross Site Request Forgeries (CSRF) and such.
https://www.owasp.org/index.php/Top_10_2010-Main
I would be more upset personally, if my bank account were accessed without my permission than my locked down PC.
But I thought the previous poster was referring to how little the differences between different JS implementations mattered simular to how the differences in other areas of browser security didn’t matter.
I think you should look at the Javascript benchmarks in a different light.
Most of the “well known” Javascript benchmarks have been created by the same teams which work on the browsers. It is a tool they use to measure the performance of their own browser and to help determine what and how to improve it.
Because it was created by the developers of the browser it represents what they think is important performance-wise.
So they will optimize the parts of the browser that their benchmark tests. Obviously they would do really well in their own benchmark because of it.
This is a very important difference from a benchmark created by a third party.
Worse – it’s a symptom of fascination with easy to digest numbers …which present only a part of the picture of comfort, responsiveness, etc.
(not the first such fascination of course, witness the cult of fps …for most of the time ignoring the endemic “micro- stutter” which only recently seems to get some slight attention; resolutions and processing levels which looked “good” only on magazine screenshots; or mpixels …the cult of simple number, generally)
Edited 2011-12-19 00:05 UTC
From the article. It can be peer reviewed. Hardly Biased.
It can be peer-reviewed AND still be cherry-picking *which* criteria to examine.
The peers would just check that the data chosen is correct; they wouldn’t able to force the original researchers to start measuring other criteria.
That is not how peer reviewing works.
Something is not deemed unbiased because it can be reviewed by peers. See, we all have the potential superstars, but you have to sell a million records to be considered one.
Yes it is. It cannot be called Bias until it has been peer reviewed … the whole process of peer review is to how valid it is.
Calling Google names and saying it is Biased btw doesn’t cut it.
Uh, yeah, it’s fine to call them biased. Because the “researchers” commissioned by Google completely ignored the larger issue of how MANY vulnerabilities have been seen, severity, etc, among the various browsers. They cherry-picked the criteria that they chose to evaluate and, so, peer-reviewing their conclusions is a waste of time, because the CRITERIA are the problem, not the DATA.
yep
just like MS did before
and people usually fall far it. sad.
seems optin’s Chrome, making websites Chrome only, and publitizing it everywhere isn’t enough.
Google has changed.
Every browser is more or less the same secure…
Privacy-wise, Chrome is worst.
I had a fling with chrome for performance but I got back to Firefox for plugins, some of which don’t have chrome versions because it’s not possible.
e.g. HTTPS-Everywhere is not possible in chrome due to limitations in address rewriting.
So I’m sticking with FF + Ghostery + BetterPrivacy + HTTPS-Everywhere + Adblock.
that use Windows proxy settings, and not it;s own? Thank you, i will stay with something better.
If you are talking about Firefox: http://support.mozilla.com/en-US/kb/Options%20window%20-~*~…
If you are talking about Opera: http://help.opera.com/Windows/11.60/en/network.html
Haha, thank You I’m already know this, and i’m using firefox (with noscript+adblock+firebug) with ads enabled on OSAlert:) But Your post may be informative for other, chrome browser users
Perhaps you’d also like to share with those Chrome users why using the Windows proxy settings is a bad thing…
Because setting up proxy settings with Windows make it work for many other applications besides Chrome. For example i want to use proxy settings for my browser because i can’t access some website. But same time i want my messenger software to do not use it. If both apps use Windows configuration, then both will use it, and i can do nothing about it in such situation. And this is real problem that i had when trying Chrome some time ago, also when last time i try to make it work for my friend, and other networking apps start to use proxy (and some didn’t work because it was really web proxy, so they just inform about problem with connection).
That is why web browser should use own proxy settings, which is in my humble opinion, fundamental for nice and customizable web browsing.
I will stick with Opera, thank you. Take that, Google overlords.