A new report says some conventional wisdom about browser security might be wrong, as a series of tests to choose the most secure browser delivered a result that may surprise many IT pros:
The test concluded that the most security browser available is currently Microsoft’s Internet Explorer 9 — and its competition isn’t particularly close, either.
While many IT pros would say ditching IE in favor of Chrome or Firefox is a best practice of browser security, a recent report from NSS Labs reached a different conclusion.
The security firm tested several different browsers (IE 9, Apple Safari 5, Google Chrome 15-19, and Mozilla Firefox 7-13) against 84,000 malicious URLs over the course of 75 days. The result: IE 9 nearly aced the test, blocking malware in 95% of cases.
In comparison, Safari and Firefox were way behind at 6%. Chrome fell between 13% and 74%, depending on the version and the date of the test.
However, as anyone who’s followed the browser security debate knows, these results won’t end the argument. One study conducted by Accuvant last year named Chrome the most secure browser — but the study was paid for by Google, so the results may have been suspect.
Likewise, developers of other browsers have accused NSS Labs of favoring Microsoft in its previous browser security tests.
Browser security key to network protection
Though its browser security rankings may be in dispute, one point made in NSS Labs’ report is impossible to argue with: Since most IT security attacks come from the Internet, securing web browsers is key to protecting the company’s data.
Choosing a secure browser is one key step, but with so much disagreement over which software is the most secure — and with constant updates changing browser security features — many experts say companies should choose the browser that best meets their users’ needs and secure the software as best as they can.
To do that, IT and the company’s users can follow these browser security essentials:
- Make sure the browser — as well as all add-ons and plug-ins — are kept patched and up to date. Many malicious attacks attempt to exploit known vulnerabilities in older software — and they’re often successful because the average Internet user isn’t diligent about updating their browser.
- Disable popups in the browser’s settings. Not only are popup ads annoying, but hackers often use infected popup windows on legitimate sites to spread malware.
- Evaluate the security of the browsers on your company’s PCs using free browser security testing tools to know what vulnerabilities need to be fixed.
- Install browser extensions to boost security. Depending on the browser, tools may be available to warn users about potential malware infections, block unnecessary Flash and Java content, and warn about sites that don’t encrypt passwords.
- Train users on safe web browsing — after all, a browser is only as secure as the person who is using it.