How-To Geek

I never think of browsers in their "security" capacities. Just that they do exactly what I want (hence FF2 for me, with all those add-ons)

i too have never thought of a browser in terms of it's security. I simply use what ever browser that i feel most comfortable in, and what allows me to have the most add ons. Firefox has a huge array of plugins many of which are not available in IE.

When i do need to use IE for a website requiring it, i use Maxthon
http://www.maxthon.com/

it will allow you to even run windows update and it too is EXTREAMLY customizable, and has many plugins for those who do not like FF and still do not want to use IE.

I'm going to have to disagree with the crowd. Browser security IS important and I'm surprised that you geeks don't know that.

Consider this question: how will you get infected with malware? We don't pass around floppy disks like in the olden days so that viruses were spread that way. None of us geeks are likely to open an e-mail attachment from an untrusted source. We all have firewalls -- hardware or software or both. We know where to get our downloads from -- filehippo, softpedia, etc. -- where they are pre-screened malware free. No, we are too smart to let the malware come in.

So, how will you, or I, or any of us geek types ever get infected? By going to where the malware is, navigating with a *browser*. The browser is now the most likely vector of infection. Have a read through those security patches that Microsoft puts out and you will see this phrase often:
"In a Web-based attack scenario, an attacker could host a Web site that contains a malformed <object>". Where <object> is usually a URL, but can be a number of other things, too. Remember the Windows MetaFile vulnerability? A flaw in the graphics rendering engine allowed for remote code execution on all versions of Windows available at the time, "if a user visited a malicious Web site or opened a specially crafted attachment in e-mail".

Still feeling safe and complacent? By show of hands, who here is safe from cross-site scripting, zero-day exploits, firewall leaks, application security holes, browser hijacking, and whatever else the bad guys are working on? If you are, go back to being complacent. The point is that security matters, attack methods are constantly changing and at this point in time, the browser is the go-to attack vector for malware. Browser security is just one part of the fix -- it's application layer security -- but every layer of security helps.

But it is just the "normal users" that should use all the tools that are available - but they do not seem to listen or do not see the benefit for the small investments. An article about the arsenal one should have would be useful - arsenal for both, Geeks and non-Geeks. Keep it simple but make it efficient should be the guideline.

That is my point. Some more education is urgently required - but in a way that a lay-man/woman understands.

Security is definitely a major issue as ScottW pointed out. I do understand BobJam's point on download, but will reiterate and better explain the point, a non-techy person in most cases will not download something when they already have a program to do the same thing. To better describe the user base I am referring to, it is the same person that when they ask you to fix their computer, it takes very long to start up because they didn't really read the options when downloading programs and almost everything they have downloaded starts up with Windows. They also have programs Geeks know to stay away from like WeatherBug. When I was at college/university a lot of people would ask me to look at their computers. I will say though, in concordance with BobJam, a part of this was when Firefox was the secure browser it claimed to be and before IE7 came out. Upon opening IE (as Firefox was not on their computer), I found half the screen covered with toolbars. After a while (sometimes a LONG while), their computer was starting up faster, programs did not start up with Windows, they had Firefox, and I had taught them how to use Ad-Aware and sometimes Spy-Bot: Search and Destroy.

So today with the popularity of Firefox large enough to be on college/university campus's computers, large enough even to set a record in the Guinness book of world records (although to my knowledge no record existed previously), how secure is the browser?

As Geeks we either loath or love Microsoft, whether we use Windows or not, because honestly if we have a "Geek" job, we have to deal with Windows at some point. (Unless you are working for Apple or on a Linux team.) So momentarily let us put away our feelings toward Microsoft as a company, Microsoft as the maker of things such as Vista and Office 2007, and look only at IE6 and IE7.

Why look at IE6 some may say? Some corporations cannot yet switch to IE7 because it will break programs they have. We can assume this will be fixed in an IE7 update but for now, it must stay in the mix.

There are numerous browsers out there but the largest majority uses either IE or Mozilla as the underbelly, so we will look at the main browsers in use today.

IE6 - Windows
One of the lesser secure browsers, but can be integrated with virus scanning software and firewalls. Still has a large user base mainly due to corporations.

IE7 - Windows
Microsoft's most secure browser. Not aesthetically the best according to many people, but not the point. It is more secure than its predecessor, and does take security measures the previous browser did not. Can be integrated with different virus and firewall software.

FF3 - Windows, Linux, Mac
Mozilla's most secure browser. Many aesthetic changes over FF2 that many didn't like, but once again, not the point. It is more secure than it's predecessor. It can be integrated with different virus and firewall software, and has numerous plug-ins to help security.

Safari - Windows, Mac
Horrible Windows browser. As far as a Mac browser, it is better than it's Windows counterpart, but most likely the worst browser on the Mac.

Opera - Windows, Linux, Mac
Quite possibly the best browser available, at least for Windows. Still a smaller user base, but Opera is very secure and very fast.

So what browser to use? IE7, FF3, and Opera are all good browsers. While Opera most likely is the most secure, IE7 and FF3 are not bad enough to push away. The extra features, especially that of FF3 make it worth it. IE7 and FF3 are secure enough to keep one safe if the person stays on safe sites.

As for the big debate of IE7 v FF3. IE6 v FF2 most would agree went to FF2. So did IE7 increase and FF3 decrease ( I say decrease because while more bugs were fixed, the growing user base as BobJam pointed out has made a difference) to make IE now on top? I think at least for now the answer is not so simple because one piece of malware may make it into IE7 and not FF3, while another may make it into FF3 and not IE7.

Browse on.

Agree With All AND ScottW,

I'm on this site with a laptop dropped off by a friend this morning after I finished cleaning it up (out). Have never seen so much Viruses, Spyware, BHOs, etc.. on one machine. Debating how to keep it from happening again so it won't be back on my table but know my friend has a bad habit of clicking on everything and doesn't know anything about what's in his machine as Lighthouse says. My friend just thought his machine was "broke" and ask me if he should buy a new one (LOL).

Regards,
Rick P.

whs,

YOU MAKE A GOOD POINT !!

Never considered the issue from that aspect. You express wisdom in your comment.

Regards,
Rick P.

Rick, they tell me, wisdom comes with age. I am glad there is one person in the world who sees it coming - after over 70 years.

@ScottW, I used it for a short time, but honestly did not much care for it. The reason I said it is possibly the most secure is ratings from approximately one year ago ( I do apologize for not having a citation, I read hundreds of articles and never bookmark them ) it was ranked as the most secure. I do not know if this has changed or not, but it is still a very secure browser and the development team has always been quick to fix problems. Once again, note these were articles from approximately a year ago. As far as suggesting Opera is the new Firefox, of course not. I was simply pointing out it is a small market share.

@ScottW, I agree with almost everything you said. There needs to be more education on the issue. As far as security goes though, I think the best browser is one that performs the best for someone who is security aware and someone who is not security aware.

@whs, Very good point with the "bloatware" concept, I as raphoenix had never thought of the issue from that perspective.

Back to the issue of browser security in relation to security aware and non-security aware. The field of Human Computer Interaction is a fairly new idea of importance to the computing world. Microsoft spends money many of us could only dream of on this concept every year. We as users are accustomed to certain things, even though it may not be the best design. Sadly this leads to certain things that are such a cornerpost that it may never change. I am getting off topic, but I said that to say this: While I think a browser should operate in such a way that the security aware and non-security aware are equally covered, it would be very difficult to do. For anyone who has studied Human Computer Interaction, may know where I am getting at. If not, I do not care to explain, just ask.

So while I disagree with ScottW, I have to agree with you at the same time. Currently this is the issue we need to discuss, but the ultimate answer to is develop better more intuitive software for both user groups.

If anyone is interested in Human Computer Interaction go to Amazon and search for "About Face 3." Very good textbook.

Really while this discussion is about browsers, it essentially comes down to IE vs Firefox, because the other players in the game simply do not currently have as big of an impact, so I suggest someone start the discussion on very specific issues AND HOW THE ISSUE IS HANDLED.

This type of discussion will be more effective.