August 19, 2009, 1:30 PM — It's hard to believe that people will actually believe the new NSS Labs report that claims Internet Explorer is safer than other Web browsers at blocking "Socially Engineered Malware" (PDF Link), but I have to remind myself of two things. One, not everyone reads the fine print, which reveals that Microsoft paid for this report. And, two, not everyone is an IT professional who follows this stuff for a living.
So, let's get to it. Is IE (Internet Explorer) safer than the other browsers. Ah, in a word, no.
Internet Explorer 6, which according to the W3school Web browser survey, is still used by over 14% of all Web users is the least safe browser out there. How bad is it? There's a group encouraging Web sites to tell you to dump IE 6. Heck, even Microsoft wants you to get rid of IE6 in favor of IE 7 or IE 8.
IE 7 and, especially, IE 8 are better, but they're not, as claimed by Microsoft, oh excuse me, NSS Labs, safer than your other browser choices. IE fails even at the particular problem of social engineered malware-links that this study is about.
For example, Koobface, perhaps the most common live example of this kind of malware used infected Windows Twitter, Facebook and MySpace accounts to collect your friends name and contact informration. It then sends them links to a fake YouTube site. Once there, it will tell them they need to update their Adobe Flash player before they can view the cideo. If they do, they'll end up with a case of Koobface and the whole process starts over again.
And, who, may I ask, do you think gets the most cases of Koobface? That would be, as Dancho Danchev, independent security consultant, points out, Internet Explorer users. Or, to break it down, IE 7: 43.33%; IE 8: 32.07% and IE 6 13.01%. Oh yeah, with numbers like this I believe that IE is safe. Not.
So what about your other choices? Opera used to be pretty good, but their upcoming version, Opera Unite looks like a security disaster to me.
Apple's Safari, which is available for both Windows and Macs these days, has a long, bad history of fixing security problems slowly. I'd skip Safari for now.
To me, if you want to wander the Web relatively safely, it's a toss up between Firefox 3.5x and Google Chrome . Even with these though you must, must keep them up-to-date. As I've said before and I'll say many times again, security is a process (http://www.itworld.com/security/74446/security-process), not a product.
Of these two, Firefox 3.5 is the more mature of the two and it has a whole family of useful programs that go with it. On the other hand, Chrome is just faster than fast. Chrome burned up the track on my test PCs when I first looked at it, and it's only got better since then.
I see it as a toss-up. If you like a lot of add-ons and extras for your Web-browsing, you want Firefox. If you just want the basics and speed and more speed, Chrome is the browser for you. In either case, you'll be a lot safer than with any of the current competition.
