- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Browser security study lacks credibility for one simple reason
It was funded by Google.
The report notes this, but makes the following justification:
Readers should understand that, while Google funded the research for this paper, Accuvant LABS was given a clear directive to provide readers with an objective understanding of relative browser security. The views expressed throughout this document are those of Accuvant LABS, based on our independent data collection.
I'm sure Google did give Accuvant free reign. But I can't help but wonder: Had the researchers found that Internet Explorer was the most secure and Chrome the least, would Google have gracefully stepped back, allowed the findings to come to light and then offered a fix-it plan?
I'm highly skeptical.
I would be just as skeptical had Firefox come out on top with the study funded by Mozilla.
The credibility is damaged from the start, in my opinion.
That won't change my browsing choices. I'll continue to use Chrome over the others. But to be perfectly honest, my decision isn't security based. I think all three browsers are much more secure than they used to be. My choice is instead based on the look, feel and speed. Chrome is a simpler, cleaner and faster browser. So I use it.
I used to favor Firefox, but each new version seemed to get more loaded down with more features I had no interest in -- features that turned it into a clumsy, way-too-slow-to-load browser. But that's not a security complaint, either.
Accuvant's conclusion is this:
The URL blacklisting services offered by all three browsers will stop fewer attacks than will go undetected. Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art antiexploitation technologies, but Mozilla Firefox lags behind without JIT hardening. While both Google Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies, Google Chrome’s plug-in security and sandboxing architectures are implemented in a more thorough and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured against attack.
I want to believe. The results of the study are probably accurate.
But it would have been much easier to believe had it been funded by someone other than one of the big three browser providers.
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.