Forbes reports that researchers at the security firm Accuvant released a new study on Friday assessing the security features of Microsoft Internet Explorer, Mozilla Firefox and Google Chrome, the three most popular web browsers. Accuvant"s findings show that Google is the leader when it comes to security criteria, with Internet Explorer close behind and Firefox in last place.
There is one major reason for pause at these results, however: the independent study was commissioned and funded by Google. "Although both Google Chrome and IE are competitive, Chrome is a little better," said Ryan Smith, an Accuvant researcher. "We"ve tried to point out areas where Firefox can improve its code base."
Credit: Forbes
Rather than counting the known vulnerabilities in the three browsers, Accuvant"s study assumes that hackers will find exploits and instead rated the three browsers on how well they would deal with an attack that had already gained access to the machine. The areas that the browsers differed the most in were sandboxing, JIT hardening, and plug-in security. Google tied or beat the other two browsers in these areas, while Firefox"s features were labeled "unimplemented or ineffective."
Sandboxing limits the commands available to a website exploit, and Chrome was found to have the strictest sandboxing of the three. Just-In-Time hardening is a feature that prevents Javascript on websites from compiling code to run on the user"s machine, and plug-in security limits the access of exploits that don"t require user interaction on a site and also exploits that trick users into downloading add-on programs with malicious behavior.
Jonathan Nightingale, Mozilla"s director of Firefox engineering, responded to the Forbes article with this statement:
Firefox includes a broad array of technologies to eliminate or reduce security threats, from platform level features like address space randomization to internal systems like our layout frame poisoning system. Sandboxing is a useful addition to that toolbox that we are investigating, but no technology is a silver bullet.
We invest in security throughout the development process with internal and external code reviews, constant testing and analysis of running code, and rapid response to security issues when they emerge. We’re proud of our reputation on security, and it remains a central priority for Firefox.
The full 140-page study can be viewed at Scribd.