SOLVED Browsers

Joined
Sep 27, 2010
Messages
286
Reaction score
2
I'm fiddlin' again. Just downloaded Google Chrome. I have been using Firefox. Any advantages to switching?
 
Joined
Sep 27, 2010
Messages
286
Reaction score
2
Well, I've been playing with Chrome and it seems to be fast!
 

Capt.Jack Sparrow

Microsoft MVP
Joined
Jul 8, 2011
Messages
48
Reaction score
12
Hello there!

I have noticed Chrome is faster to load but I never felt it very stable when it comes to Java based website. I still prefer Firefox and IE9
 
  • Like
Reactions: JMH

Digerati

Post Quinquagenarian
Microsoft MVP
Joined
Apr 7, 2010
Messages
1,094
Reaction score
277
Since the requirement to practice safe computing to keep your computer safe and secure is the same, regardless the browser of choice, your choice of browsers is just that, your choice. Pick the most current version of the one that has the "look and feel" you prefer. I prefer IE9.
 
  • Like
Reactions: JMH
Joined
Apr 2, 2009
Messages
925
Reaction score
362
Chrome is legitimately the fastest and most secure, but Firefox easily wins on the quantity and versatility of its addons. IE9 has made great strides, but it still lags behind both of its competitors in speed/security.

This is fact, not opinion.
 

Digerati

Post Quinquagenarian
Microsoft MVP
Joined
Apr 7, 2010
Messages
1,094
Reaction score
277
Chrome is legitimately the fastest and most secure, but Firefox easily wins on the quantity and versatility of its addons. IE9 has made great strides, but it still lags behind both of its competitors in speed/security.

This is fact, not opinion.
Ummm, no! Not even close! Got links? I do. Big ones.

In terms of security, IE 8 and IE 9 whomp all over Chrome and the other alternatives. MS does not play around with security anymore, and will not get blamed for the actions of badguys like it endured for 10+ years with XP and IE6. Microsoft continues to lead the way, not just in browsers either. Windows 7 is much more secure than all earlier versions. MSE equals or beats the competition (and its free!). Microsoft for the first time ever, hired a major independent security firm to rip, or try to rip Windows 7 apart all through development.

Chrome may be faster in some areas, but not all, and not for all users either. Many people with ample hardware horsepower and a good Internet connection may notice no difference. But security trumps all and not worth sacrificing for differences typically in fractions of seconds. IE8 and IE9 are clearly much more secure, by a long shot. And since security trumps all, it certainly trumps speed any day for overall ratings - at least if you have family or a personal identity you want to protect.

The facts are, Chrome has consistently performed poorly at detecting malware distributed via "social engineering", a leading malware distribution method. And Chrome continues to have more new vulnerabilities discovered than IE 8 and IE 9 too, though still less than Firefox.

Sorry, but I can't and don't expect people to automatically take my word just because I say so, so here are the facts with links to reliable sources with evidence to corroborate these claims:

New Report - NSS Labs Q3 2011 Report, note where it says,
It became obvious from this worldwide test and our recent European and Asia-Pacific tests, in comparison to our earlier global tests, that Microsoft continues to improve their IE malware protection in Internet Explorer 9 through its SmartScreen® Filter technology and with the addition of SmartScreen Application Reputation technology. With SmartScreen enabled and Application Reputation disabled, IE9 achieved a unique URL blocking score of 89.5% and over-time protection rating of 96%.

With a protection rating of 13.2%, Chrome 12 offered inferior protection to IE9, yet superior protection to Opera, Safari and Firefox.
Same time last year, NSS Labs Q3 2010

Windows Internet Explorer 9 (beta) caught an exceptional 99% of the live threats, leading the non-IE pack by 80%. IE9's protection includes SmartScreen URL filtering, which is included in IE8 as well as SmartScreen application reputation, which is new to IE9.

Windows Internet Explorer 8 caught 90% of the live threats, an exceptional score which was a 5% improvement from the Q1 2010 test and built upon prior improvements from the Q3 2009 and Q1 2009 tests. IE8 showed a 71% lead over the next best browser.

Mozilla Firefox 3.6 caught 19% of the live threats, far fewer than Internet Explorer 8 or Internet Explorer 9. This is a 10% decrease in protection from the Q1 2010 test.

Apple Safari 5 caught 11% of the live threats. Overall protection declined 18% from Q1 2010.

Google Chrome 6 caught 3% of the live threats, down 14% from the Q1 2010 test.

Opera 10 caught 0% of the live threats, providing virtually no protection against socially-engineered malware.
NSS Labs Q1 2009
Microsoft Internet Explorer 8 (RC1) was the standout in our tests, achieving a best-in-class 69% catch rate against Malware. It is clear that Microsoft is making an effort to provide security to their customers with IE8.

With a catch rate of 30%, Mozilla Firefox was a distant second to IE8, but commendable nevertheless.

Apple Safari achieved a respectable 24% catch rate, However, test results indicate operational delays in distributing protection filters, leaving Safari users unprotected for long periods of time.

Google Chrome’s protection was notably inconsistent. Initial protection was commendable, however as the test progressed, Chrome’s protection faded dramatically – bringing down the average catch rate to 16%. We were concerned that this was somehow an artifact of our test harness and spent extensive time manually verifying results. Our findings were that Chrome’s protection did indeed drop off significantly.

With a catch rate of 5%, Opera, provided virtually no protection against Malware.

With a 4% catch rate, Microsoft Internet Explorer 7 provided practically no protection against malware
Note this April 2011 Ed Bott Report. He provides an excellent explanation of social engineering. Note these excerpts:
Summary: Social engineering has become the dominant method of distribution for fake antivirus software these days. Google Chrome puts you at risk: in my testing, malware broke through Chrome’s defenses in four clicks. Internet Explorer 9 flags the exact same sites and files as suspicious.
Of special interest to me was his closing comment about the commitment Microsoft has made (in terms of money and people resources),
Ed Bott said:
This kind of improvement isn’t just a matter of clever code. It takes a tremendous investment in back-end services and a huge commitment of resources—people and money—to do the necessary analysis. This is one feature that other browser makers—especially Google—desperately need to copy.
I recommend anyone interested in security to sign up for the US Government's CERTS Vulnerability Bulletins. I note in this Aug 1, 2011, US-CERTS Report Chrome had 14 High (the highest rating) vulnerabilities reported that one week! If you go back through the archive, you will see Firefox leads (in a bad way), by far. Chrome is much better than FF, but IE 8 and 9 have had much fewer than Chrome.

So, (1) an independent lab, (2) a distinguished author and IT journalist for ZDNet - a company never noted for their love of Microsoft, and (3) the Department of Homeland Security, United States Computer Emergency Readiness Team's official report and summary of new vulnerabilities recorded by the National Institute of Standards and Technology (NIST) all clearly find IE, in particular, IE 9 is tops in security, with Chrome a distant second.
 
Last edited:
Joined
Dec 17, 2010
Messages
189
Reaction score
43
I use 4 different browsers, I primarily use FF 6 but I use IE9 for certain things, I also use Pale Moon which is really FF 3.6.18 and I use the stable version of Chrome.
If I really want to surf safely, I boot up in the Zorin Version of Linux and use Chrome or FF
 
Joined
Sep 27, 2010
Messages
286
Reaction score
2
All this computer stuff still confuses the bejeebers out of me, but I guess I'm gonna hafta go with the experts. I'm too lost to be buckin' against the wind.

I just dumped Mozilla and Chrome.
 
Last edited:
Joined
Apr 2, 2009
Messages
925
Reaction score
362
Ummm, no! Not even close! Got links? I do. Big ones.
I'll tell you why all your links are invalid: NSS labs tested IE9 against Chrome 6 in some of its reports. Chrome 6 is so unbelievably old that it boggles the mind. Even in its most recent reports, the tested version was behind what any user can download (currently v14), which certainly makes me question the validity of any data that I'm reading.

I'm sure you're not actually insisting that an old, unpatched, out of date version of a browser is in any way a fair comparison against a brand new browser. Are you?

Let me continue on by saying that I respect NSS Labs' "social engineering" argument, but it is a complete disingenuous and limited view of the picture. Social engineering does not account for real security flaws: the ones that can be exploited without you clicking, launching or accepting anything. These are far, far more dangerous than social engineering protection, because there's nothing you can do to see or stop them if someone chooses to take advantage of them. At least with socially engineered attacks, smart users can see that something is funny and go to another page/delete the email/whatever.

Again, let me be very clear: an attack that uses social engineering is not a real attack, because it relies on the user doing something ignorant or stupid to activate it. A real security flaw requires no user intervention at all.

I hope we can agree on which flaws are more serious, and that NSS Labs' decision to include only social engineering in its analysis to be an egregiously narrow view of the actual landscape. It's not that the results are invalid, just that they don't paint the complete picture.

When it comes to actual exploits that can get me even when I'm cautious, I will always take the pwn2own contest as a bellwether. The conference is a collection of some of the biggest, brightest minds in compsec coming together to see what they can exploit, and how quickly they can do it. Chrome has survived the conference unscathed for three straight years, this year because nobody signed up--a strong indication that nobody has a working hack they could take to the conference.

You can have your social engineering protection. I'll take protection from the exploits that I can never see, and never hope to stop.
 

Digerati

Post Quinquagenarian
Microsoft MVP
Joined
Apr 7, 2010
Messages
1,094
Reaction score
277
Thrax said:
When it comes to actual exploits that can get me even when I'm cautious, I will always take the pwn2own contest as a bellwether.
OMG! Did you research this? I did! Pwn2own is a contest! A game! An exhibition! A prepared competition using one specially prepared exploit in a controlled environment! A game to test hacker skills. It is NOT, in ANY way, designed to test and evaluate browser security.

PLEASE! Do NOT base your security decisions on the results of a game! And do not base your security decisions on the results of just one source either. I provided links to 3 "reliable", independent sources. Note NSS Labs state in their report (their bold italics)
4.4 ABOUT THIS TEST
This report was produced as part of NSS Labs’ independent testing information services. Leading vendors were invited to participate fully at no cost, and NSS Labs received no vendor funding to produce this report.
Ed Bott has a long established career of unbiased reporting, and the US Government does not take advertisement, promotion, or hush (I hope! ;)) money from the vendors. These actions are to avoid even the "appearance" of impropriety. The promoters of pwn2own, TippingPoint DVLabs, on the other hand, may have good intentions, but by their own admission, have "partnered with Google"! And that, "certainly makes me question the validity of any data" out of that contest.

The "contest" is cool! But it's like watching a basketball dunking contest - fun to watch the pros "play", but that's not the same as after the buzzer and there's defenders in your face, and ribs and knees blocking your every move.

To learn about pwn2own, the results, as well as the unwelcomed (which gives me hope for the organizers) fanboy journalism/sensationalizing, and "meme" reporting over this contest, read this: Pwn2own considered (somewhat) harmful. Make sure you also scroll down through the comments and note what the game organizers responding have to say too. I note the following key points:

Michal Zalewski said:
..."The formula of the contest boils down to this: once a year, a single, secretly developed exploit is exchanged for a substantial amount of money."...

..."It takes days or weeks to find and exploit a vulnerability, and Pwn2own is no exception: the actual exploits are prepared months or weeks in advance,"...
dragosr - contest organizer said:
You can use the results of the sometimes chance related availability of exploits for a target platform a somewhat litmus test of overall security, but it's very hard to draw definitive conclusions.
Aaron Portnoy - contest organizer said:
The purpose of Pwn2Own is not about which browser is more secure than it's peers. The point of Pwn2Own has always been to entice those who are able to actually exploit these vulnerabilities to come to Vancouver to show off their techniques.

...this doesn't actually help draw any high-level conclusions about browser security...
I find it scary ignoring not 1, but 3 reliable, independent sources, including genuine testing labs and a government agency assigned to keep the public informed of cyberthreats, and instead, using the results of a contrived, narrowly focused game as a "bellwether" for security? :eek: That's certainly your choice, but I would ask you reconsider your position in lieu of what I have presented here. And please don't announce and advise others, "This is fact, not opinion." :( Because it's not fact - it is opinion.

After the pwn2own contest organizer states it, "doesn't actually help draw any high-level conclusions about browser security", I have to ask, "is it wise to use this contest as the "leading indicator", the "bellwether" of browser security?" Not for me.

**********

Thrax said:
I'll tell you why all your links are invalid: NSS labs tested IE9 against Chrome 6 in some of its reports.

which certainly makes me question the validity of any data that I'm reading.
Please, Thrax, that's very misleading! :( I don't trust ME, why should I trust you? I am researching and validating as I type. I suggest you do the same. Your link references the Q3 2010 report and with a quick look here you can see that V6 was the current version at that time! My first link was to their Q3 2011 report and they tested with Chrome 12, the current version at the time of testing. 13 just came out this month! 14 is still in beta! They do 4 reports a year to keep up with version changes - not an easy thing to do with Chrome having 7 in one year!

Social engineering does not account for real security flaws
I NEVER said it did. I noted, as Ed Bott noted, and as NSS Labs noted, it is a "distribution method" for malware, and a very popular one, growing in popularity.

it relies on the user doing something ignorant or stupid to activate it. A real security flaw requires no user intervention at all.
Also invalid. The vast majority of all malware relies on human failings. AS NOTED BEFORE - if the user practices safe computing, then it does not matter the browser of choice! It is the exposed vulnerabilities that get exploited. How are they exposed? By not updating Windows. By not using a firewall. By not using a good anti-malware solution. By participating in illegal on-line activities. By opening the door and letting the badguys in. Not by your browser of choice.

I provided references to 3 reliable sources. You incorrectly dismissed one with inaccurate claims it used outdated Chrome versions, and you dismissed Ed Bott's Report and social engineering in general, and apparently totally ignored US-CERT's Vulnerability Reports, then declared you are right - based on a "contest" that was NOT designed to evaluate browser security.
I hope we can agree on which flaws are more serious
There are organizations that do that. One is US-CERT, the ignored source that ranks those that are more serious.

For the record, I don't object to your opinion - I spent 24 years in the military defending your Right to express it. I object to how it was slammed down on us, as fact, with zero supporting evidence, then expected to be taken as the Gospel.

Not going to happen - at least not in a technical discussion. Not when there is no one "best", "most secure" across the entire security spectrum. It matters not if a mod, MVP, admin, or 1st time poster. Experts are a dime a dozen. You cannot step into the middle of them and make "claims of fact" on what IS an opinion - with no supporting evidence and expect everyone to just accept it.

THERE IS NO PERFECT BROWSER. So I say again,
Since the requirement to practice safe computing to keep your computer safe and secure is the same, regardless the browser of choice, your choice of browsers is just that, your choice. Pick the most current version of the one that has the "look and feel" you prefer. I prefer IE9.
mr.magoo said:
I just dumped Mozilla and Chrome.
There's no need to dump them. None of the major browsers, on a properly secured computer, are "unsafe". While I prefer IE9, and it is the default on all my systems, I have Chrome installed on this machine and FF on my other main machine to use as an "alternative browser". If I have trouble connecting to a site, or a site does not render right in IE9, I will call up my alternative browser to see if it is IE9 or the site.
 
Last edited:

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top