The 3rd World (Wide) War: The Browsers War

Online security has become a major concern to our everyday lives mostly because we are in constant danger of having our passwords and credit card data stolen each time we purchase something online. To this end, we must take every precaution possible to not be misled and have our most valuable information secure at all times.

Browsers have been continuously tweaked and optimized to render great performance in terms of navigation speed and user control, but what have they done in regards to more sensitive matters such as online security?

Focusing more on the key features and differences between Internet Explorer 9, Firefox 4 and Google Chrome, you’ll hopefully get a good idea on what they’re all about and which one is best suited to your needs.

Internet Explorer 9

We’re all familiar with IE9 and it’s a safe bet that with the new and improved GUI from IE9 we’ve become even friendlier with it. Sure, it’s nice to look at and it has some new and polished features, but is the average user secure?

(Microsoft calls it OneBox, but it’s the same dropdown address bar with a couple of tweaks.)

While the One Box feature might seem like a big change (basically an address bar drop-down search), the biggest change lies in the ability to activate or deactivate the ActiveX Filtering. ActiveX components are a highly regarded feature in IE, mostly because they allow functionality and information sharing among various programs.

(One way to disable the ActiX Filtering option.)

As you can see, this can be somewhat of a security risk and thankfully, you can now choose to occasionally or fully disable the ActiveX Filtering. This has been a major security risk for as long as Microsoft has been relying on ActiveX components and they still haven’t fixed all the exploits, so it would probably be safer if you took matters into your own hands.

(Disabling the ActiveX Filetering option from  the address bar.)

(Managing your extensions and choosing which ones to disable.)

IE9 also features a Tracking Protection option that serves to protect other websites from tracking your content and online activities. Ad scripts can now easily be blocked with the push of a button, but only for those websites that you consider not to be trusted.

(Setting up a whitelist and a blacklist for all the websites that you’re currently tracking. It’s as simple as that.)

Although Internet Explorer 9 has no other protection options that allow for direct user customization, its hidden anti-phishing methods seem to do a great job at operating discretely in the background and protect you from most identity theft attempts.

Firefox 4

The open source browser has now reached a new stage in its evolution and it has made a remarkable comeback by adding some new security and browsing features that turn it into a worthy adversary to any browser out there.

The number one feature that Firefox brags about is the increased browsing speed. Reportedly, it’s now six times faster than any of its previous versions by considerably reducing start-up page loading times, increasing web apps performances and implementing some new hardware accelerated graphics that only serve to enable a more interactive browsing.

In terms of security and privacy, there have been some serious upgrades to HSTS (HTTP Strict Transport Security) and CSP (Content Security Policy) that serve as a means of stopping man-in-the-middle attacks types with a much higher success rate.

If you’re a security freak and you need everything completely encrypted, you could try installing a small Firefox add-on, HTTPS Everywhere. This will automatically redirect you to websites that support HTTPS (a combination between HTTP and SSL/TSL) encryption thus making your data transfers safer and more secure. The downside to this is that your browsing speed will severely be kicked down, but at least you’ll have a means of securely transmitting and receiving data. It’s a pretty good tradeoff considering.

Another tip that will increase your browsing security is trying to reduce the trusted root certificates. If you don’t trust an intermediary and you want to deny its access to your data, simply remove the validation certificate and each time you’ll run into it again, you’ll know that it’s not to be trusted.

(Browsing through all the security certificates. Firefox even lets you remove most of them.)

Granted, Firefox currently has about 200 certificates in its database and it could be a challenge tracking down the most common and safe ones.

Another interesting feature is the ability to use Private Browsing. Granted, this is not exclusive to Firefox 4 and in fact it has been available since Firefox 3.5, it’s still a great way to browse without having to worry about sensitive data being stored into your local cache or cookies that can be traced back to your computer. Simply press CTRL+Shift+P and a new private browsing session will appear in the same window. Reverting back to your original tabs is a matter of pressing the key combination again. Simple and effective, isn’t it?

(Firefox 4 now warns you when you’re about to active the Private Browsing feature.)

Google Chrome 10

Google Chrome has been classified as a browser with an average security system and this new version only brings a couple of fixes to some of the hiccups that its predecessors had.

(The Google Chrome version that we used for our tests.)

In fact, a new and important step forward in terms of security has been made by integrating the flash player on a sandbox, which in turn limits the access flash files have and prevents any malicious code injection  through the player. This type of exploit has made quite a rampage on past occasions and it looks like we have seen the end of it by using Google Chrome.

Also, past events have shown Chrome that its add-ons can easily be exploited and that they can be turned into serious security hazards. For this reason, Google Chrome 10 disables any outdated plugins in the hopes that your browsing experience won’t be compromised.

The biggest improvement that has been made (granted, it’s not really about security per say) is that the V8 JavaScript Engine has been considerably overhauled and now JavaScript handling efficiency has increased considerably, making Google Chrome perform better than any of its competitors. So, if you want sizable browsing speed, this is the go-to browser.

Sadly, no advance security options can be customized and you’re left in the (arguably) capable hands of Google’s developers. Anti-phishing detection and other forms of attacks are being handled quietly in the back, with no control and sometimes with no notification on such events.

(A sneak peak at how the Options menu has been organized into a single page.)

Benchmarking…

In most cases, you can choose to perform some benchmarking test yourself and go through the data according to your own specifications. There is a wide range of tools that can serve your purpose and that can also give you a run for your browser security options.

Peacekeeper is a free and popular choice that will surely give you a great idea as to what the browser you’re currently has to offer. From tests that measure your browser’s ability to render and modify specific HTML elements used in typical web pages to tests that emulated the methods used to create dynamic webpages, Peacekeeper will probably tell you everything you need to know about your browser. (clients.futuremark.com)

(A small benchmark using Peacekeeper, where you’ll get to view some test results regarding Firefox’s performance.)

(You can easily view how efficient the rendering and the data processing processes are when compared with other browsers. Test performed with Peacekeeper.)

SunSpider is also a great and effective tool in testing the java script capabilities of your browser. This test will serve to demonstrate the various fixes that developers have made in increasing the performance speed of java based code. Since most websites make use of JavaScript, you will get a better understanding on how your browser performs and how fast it actually is. (www.webkit.org)

(Benchmark results for Firefox aster using the online Sunspider benchmarking tool.)

So, start testing!

In conclusion…

There is no perfect solution when it comes to safe browsing. The best security is the one you can provide for yourself, meaning that you constantly need to be on the lookout for dubious website behavior, weird security certificates and other stuff that might compromise your virtual identity.

There’s also the matter of security versus performance that you should take into consideration. For instance, it’s expected for a browser to perform slower if you have a zero tolerance in terms security transgressions and this can be an asset for those of you that perform daily online banking or trading operations.

With such a wide variety of uniquely capable browsers, the choice is yours!

FacebookGoogle+TwitterLinkedIn