Browser security study lacks credibility for one simple reason
I'm a Google Chrome user and should be happy about a newly-released study that declares it more secure than Firefox and Internet Explorer. But I have one big problem with this study.
It was funded by Google.
The report notes this, but makes the following justification:
Readers should understand that, while Google funded the research for this paper, Accuvant LABS was given a clear directive to provide readers with an objective understanding of relative browser security. The views expressed throughout this document are those of Accuvant LABS, based on our independent data collection.
I'm sure Google did give Accuvant free reign. But I can't help but wonder: Had the researchers found that Internet Explorer was the most secure and Chrome the least, would Google have gracefully stepped back, allowed the findings to come to light and then offered a fix-it plan?
I'm highly skeptical.
I would be just as skeptical had Firefox come out on top with the study funded by Mozilla.
The credibility is damaged from the start, in my opinion.
That won't change my browsing choices. I'll continue to use Chrome over the others. But to be perfectly honest, my decision isn't security based. I think all three browsers are much more secure than they used to be. My choice is instead based on the look, feel and speed. Chrome is a simpler, cleaner and faster browser. So I use it.
I used to favor Firefox, but each new version seemed to get more loaded down with more features I had no interest in -- features that turned it into a clumsy, way-too-slow-to-load browser. But that's not a security complaint, either.
Accuvant's conclusion is this:
The URL blacklisting services offered by all three browsers will stop fewer attacks than will go undetected. Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art antiexploitation technologies, but Mozilla Firefox lags behind without JIT hardening. While both Google Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies, Google Chrome’s plug-in security and sandboxing architectures are implemented in a more thorough and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured against attack.
I want to believe. The results of the study are probably accurate.
But it would have been much easier to believe had it been funded by someone other than one of the big three browser providers.
--Bill Brenner
Print
It was funded by Google.
The report notes this, but makes the following justification:
Readers should understand that, while Google funded the research for this paper, Accuvant LABS was given a clear directive to provide readers with an objective understanding of relative browser security. The views expressed throughout this document are those of Accuvant LABS, based on our independent data collection.
I'm sure Google did give Accuvant free reign. But I can't help but wonder: Had the researchers found that Internet Explorer was the most secure and Chrome the least, would Google have gracefully stepped back, allowed the findings to come to light and then offered a fix-it plan?
I'm highly skeptical.
I would be just as skeptical had Firefox come out on top with the study funded by Mozilla.
The credibility is damaged from the start, in my opinion.
That won't change my browsing choices. I'll continue to use Chrome over the others. But to be perfectly honest, my decision isn't security based. I think all three browsers are much more secure than they used to be. My choice is instead based on the look, feel and speed. Chrome is a simpler, cleaner and faster browser. So I use it.
I used to favor Firefox, but each new version seemed to get more loaded down with more features I had no interest in -- features that turned it into a clumsy, way-too-slow-to-load browser. But that's not a security complaint, either.
Accuvant's conclusion is this:
The URL blacklisting services offered by all three browsers will stop fewer attacks than will go undetected. Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art antiexploitation technologies, but Mozilla Firefox lags behind without JIT hardening. While both Google Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies, Google Chrome’s plug-in security and sandboxing architectures are implemented in a more thorough and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured against attack.
I want to believe. The results of the study are probably accurate.
But it would have been much easier to believe had it been funded by someone other than one of the big three browser providers.
--Bill Brenner
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Previous Post: Location data sharing is dumb on many levelsNext Post: Microsoft's 13 December security bulletins
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
