Salted Hash — IT security news
About this Blog:
IT security news analysis, over easy!
Browser security study lacks credibility for one simple reason
I'm a Google Chrome user and should be happy about a newly-released study that declares it more secure than Firefox and Internet Explorer. But I have one big problem with this study.
It was funded by Google.
The report notes this, but makes the following justification:
Readers should understand that, while Google funded the research for this paper, Accuvant LABS was given a clear directive to provide readers with an objective understanding of relative browser security. The views expressed throughout this document are those of Accuvant LABS, based on our independent data collection.
I'm sure Google did give Accuvant free reign. But I can't help but wonder: Had the researchers found that Internet Explorer was the most secure and Chrome the least, would Google have gracefully stepped back, allowed the findings to come to light and then offered a fix-it plan?
I'm highly skeptical.
I would be just as skeptical had Firefox come out on top with the study funded by Mozilla.
The credibility is damaged from the start, in my opinion.
That won't change my browsing choices. I'll continue to use Chrome over the others. But to be perfectly honest, my decision isn't security based. I think all three browsers are much more secure than they used to be. My choice is instead based on the look, feel and speed. Chrome is a simpler, cleaner and faster browser. So I use it.
I used to favor Firefox, but each new version seemed to get more loaded down with more features I had no interest in -- features that turned it into a clumsy, way-too-slow-to-load browser. But that's not a security complaint, either.
Accuvant's conclusion is this:
The URL blacklisting services offered by all three browsers will stop fewer attacks than will go undetected. Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art antiexploitation technologies, but Mozilla Firefox lags behind without JIT hardening. While both Google Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies, Google Chrome’s plug-in security and sandboxing architectures are implemented in a more thorough and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured against attack.
I want to believe. The results of the study are probably accurate.
But it would have been much easier to believe had it been funded by someone other than one of the big three browser providers.
--Bill Brenner
It was funded by Google.
The report notes this, but makes the following justification:
Readers should understand that, while Google funded the research for this paper, Accuvant LABS was given a clear directive to provide readers with an objective understanding of relative browser security. The views expressed throughout this document are those of Accuvant LABS, based on our independent data collection.
I'm sure Google did give Accuvant free reign. But I can't help but wonder: Had the researchers found that Internet Explorer was the most secure and Chrome the least, would Google have gracefully stepped back, allowed the findings to come to light and then offered a fix-it plan?
I'm highly skeptical.
I would be just as skeptical had Firefox come out on top with the study funded by Mozilla.
The credibility is damaged from the start, in my opinion.
That won't change my browsing choices. I'll continue to use Chrome over the others. But to be perfectly honest, my decision isn't security based. I think all three browsers are much more secure than they used to be. My choice is instead based on the look, feel and speed. Chrome is a simpler, cleaner and faster browser. So I use it.
I used to favor Firefox, but each new version seemed to get more loaded down with more features I had no interest in -- features that turned it into a clumsy, way-too-slow-to-load browser. But that's not a security complaint, either.
Accuvant's conclusion is this:
The URL blacklisting services offered by all three browsers will stop fewer attacks than will go undetected. Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art antiexploitation technologies, but Mozilla Firefox lags behind without JIT hardening. While both Google Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies, Google Chrome’s plug-in security and sandboxing architectures are implemented in a more thorough and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured against attack.
I want to believe. The results of the study are probably accurate.
But it would have been much easier to believe had it been funded by someone other than one of the big three browser providers.
--Bill Brenner
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Previous Post: Location data sharing is dumb on many levelsNext Post: Microsoft's 13 December security bulletins
WEBCAST
Transition Confidently to the Cloud
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
WHITE PAPER
Magic Quadrant for Enterprise Information Archiving
Gartner evaluates vendors offering products and services that provide archiving for email, files and other content types.
Recent Comments
Webcasts
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Security Analytics Video
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- B2B Integration on Cloud: Real World Solutions and Technology Advances
White Papers
