Comparison of Internet Explorer and Firefox: A Security Perspective
Browser is the most widely used tool starting from expert computer professional to a novice user who just wants to find some information on the web. Because of its high usage it makes it more vulnerable to security threats. The default configuration of a browser with operating system is not very secure which makes it vulnerable to security threats starting from spyware being installed inadvertently to hackers taking control of your machine without your knowledge to phishing.
This can result in your personal information becoming available to intruders starting from picking your bank account/credit card or other information and used maliciously to misuse your secret information or crashing your computer due to a virus and spywares. There are some simple things one needs to keep in mind while using a browser so that it does not result in loss in terms of productivity or financial loss.
Security in the Most Popular Browsers (IE and Firefox)
Browsers are inherently not secure; most popular browsers have some security gaps or the other. When it comes to browser popularity two names stand above the rest which are Microsoft’s Internet Explorer (IE) and Mozilla’s Firefox. Both have worldwide acceptance and audience. From security perspective there are several wide spread beliefs that one is more secure then others or both are insecure with some features in one but better in others.
While all of these beliefs may be true from individual perspectives but general notion is that Firefox is historically considered to be more secure than IE. Some parameters used to measure browser security could be such as:
- Total number of discovered vulnerabilities and their weighage is one of the security measuring techniques. And we should not count the critical flaw same as a low one.
- Counting total number of known vulnerabilities at present time gives us an idea about the security of the browser.
- Watching the attack surface of the browser is also helps us in deciding the right browser.
- By knowing the time taken from discovering the security hole to work around is a way to track the security future of the browser.
- And by considering the time taken to patch a security hole from its discovery help us in taking right decision about browser.
Few Facts about Browser’s Vulnerabilities and Securities
By and large ActiveX and Java Scripts are the biggest security culprits. Unfortunately today’s web sites just do not run without enabling each of the two features. But both the browsers typically have features which either completely block these components or allow all, which makes it worthless.
On the overall features front IE obviously outscores any other browser in the market primarily because of its compatibility with various web sites which Firefox does not have. IE in general has a very effective “security zone” for controlling the web content, where as Firefox has “Safe browsing” which is run by third party “Google” which blacklists sites suspected of phishing and other malicious activities.
IE’s earlier version were extremely prone to security breach than the later versions where as Mozilla’s Firefox was considered robust from the first launch itself. Microsoft released several version and patches since then and the reality is quite different now. MS has paid special attention to security features since the IE7 and have drastically improved its security in the later versions. In IE8 which is considered most secure MS made security as its top priority. In a recent study published in PC Quest even the speed of IE8 out performed over Firefox 3.0.7 version for popular web sites like Amazon, PC World, Yahoo, Microsoft, Apple, MySpace and eBay etc.
Therefore even though Firefox has been preferred over IE from security perspective since last several years but that opinion is melting over the years.
Some Tips for Secure Browsing
Whatever the case may be as the hackers are become more and more knowledgeable in attacking the application layer, the security professionals have to focus more and more on building robust security layers within the application and system architecture within the organization than worrying about the vulnerabilities in the browser, and the discussion which browser is more secure is transient as each browser company would be filling gaps as they discovered. It is just like a situation in Virus protection world, as the new viruses are detected the Antivirus companies come up with new patches. So, the discussion which Antivirus is more powerful is just a momentary situation until a new virus if found and get patched by Antivirus. So is the case with browsers, therefore enjoy Browsing but follow simple steps as below:
- Resist the temptation to click on any link unless you are fully sure that this is an authentic one.
- Make sure the web addresses are authentic.
- Use only necessary functionalities of a browser.
- Secure you browser before using the security features provided, take help from an expert if you do not understand.
- Do not visit unknown sites unless absolutely necessary.
- Do not install just about any tool available on the web.
- Do not install browser Popup Plug-ins.
- Use Popup blocker.