How secure is Opera?

Opera has long been an underrated, feature-rich browser worthy of greater attention and a larger market share. It runs on Microsoft Windows, Mac, Linux, FreeBSD, Solaris, mobile phones, Nintendo gaming systems, and other now historical operating systems. Like all of the leading browsers, it supports Java and JavaScript, and its impressive, growing feature set pushes beyond today's standards such as tabbed browsing to include the likes of voice-controlled browsing, e-mail, and instant messaging. Opera has many unique security features too, and the granularity of its security controls easily beats that of most rivals, the exception being Microsoft's Internet Explorer.

When executed under Windows Vista, Opera runs as a single process (Opera.exe) of medium integrity, with file system and registry virtualization enabled (a User Account Control feature that allows users to operate without administrative rights), but without DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization).

[ See also: " How secure is Google Chrome?" Tomorrow: "How secure is Mozilla Firefox?" For more on browser security and protection against Web-borne threats, see Security Adviser and " Test Center: Browser security tools versus the evil Web." ]

Opera's unfortunate lack of support for DEP and ASLR makes the Opera process the weakest protected of any of the browsers I've tested (including Google Chrome, Firefox, Safari, and Internet Explorer) and potentially puts it at higher risk of buffer overflows. This weakness is exacerbated by the 45 announced vulnerabilities in Opera 9.x over the last two years, one-third of which would have allowed complete system compromise. Opera Software should immediately recode Opera to use ASLR and DEP, to remove this major blemish on an otherwise fine product.

Block that content