Header Ads

Is Chrome Really the Safest Browser ?


Security experts have cast doubt on research that named Google's Chrome as the most secure of the three most popular browsers, ahead of Internet Explorer and Firefox.

The research, conducted by IT consultancy firm Accuvant, has been slammed by security firm NSS Labs for being "skewed" in Google's favor. NSS's main criticism was that the report was actually commissioned by Google, though it also said that other major issues had been overlooked.

"The clear bias in the test methodology does a disservice to the researchers' work, and diminishes the report to a propaganda piece for Google. Upon examination, it became evident that important security technologies incorporated within Firefox were not included in the test methodology," NSS Labs wrote in its analysis of the research.

Chrome 'is safer because of sand boxing' 

The original study concluded that Chrome was more secure than IE and Firefox, largely because of its use of 'sandboxing' technology, which means that the browser only has limited access to a computer's resources. For example, sandboxing prevents Chrome from installing and opening software on a computer without the owner's explicit permission, whereas these functions can be performed by a non-sandboxed browser such as Firefox. IE does use sandboxing technology, but Accuvant said it's less effective than Chrome's.

However, NSS Labs said that other security features of Firefox and IE had been ignored. “Key security technologies incorporated within Firefox, such as frame poisoning, were not included in the test methodology. And the JIT-hardening analysis failed to give ample credit to the more proactive technologies employed by IE9, which happened not to be present in Chrome," NSS Labs wrote.

Frame poisoning is the term given to a technique that cybercriminals use to hijack a small part of a web page, such as an image or advert, to run code that will infect your PC. Firefox has protected against this type of attack since version 3.6, which launched in January 2010. JIT (just-in-time) hardening is a protection technique used to stop cybercriminals taking control of elements in webpages that use the JavaScript programming language.

'Flee from old browsers' 

Other security experts agreed that surfers shouldn't read too much into the report and that there were more important factors to consider when choosing a browser. "The real issue isn't which browser you use; it's more about whether your browser is up to date and how you've configured its security options," said Graham Cluley, senior security consultant at Sophos.

"Security can be improved simply by keeping a browser up to date. Don't flee from Firefox or IE because of a report like this one. But do flee from old browsers," he continued.

Mozilla itself didn't comment directly on Accuvant's research, but did release a statement saying it was planning to incorporate a sandbox into Firefox.

"Firefox includes a broad array of technologies to eliminate or reduce security threats. Sandboxing is a useful addition to that toolbox that we are investigating, but no technology is a silver bullet," said Johnathan Nightingale, director of Firefox engineering.

Facial recognition comes to Google+ 

Google has introduced facial-recognition technology into Google+. The Find My Face tool searches through images posted on Google+ and match them up with your picture. If you turn it on, people in your Circles will be prompted to tag you when they upload an image with you in it. To turn it on, visit Google+, go to 'settings', 'Profile and privacy', scroll down to Photos, click 'Edit photos settings' and check the box marked 'Find my face in photos'.

Privacy campaigners have welcomed that Find My Face requires you to opt in. This contrasts with Facebook, which recently angered members when it introduced the facial-recognition tool Tag Suggestions that is turned on by default.