What web browser do you use? If you’re like over 60% of the population (as of May), you probably use Internet Explorer, most likely because it comes with Windows. There are a number of other choices out there, and they all have things to offer that IE does not.
What does this have to do with security? Well, for starters, Windows includes Internet Explorer with the base operating system. Because of the way the components of IE are tied to the components of Windows, Microsoft successfully argued to the antitrust courts that it was impossible to truly uninstall IE. Sure, as a result of those antitrust proceedings you can have a different browser as your default, but IE is still there, hiding in the background. Because of this collusion between IE and Windows, I believe IE has an easier path into the operating system in the event of a security breach. What I mean by this is that a malicious website that exploits a vulnerability in IE is more likely to break through into Windows itself, as opposed to a similar vulnerability in a browser that is simply installed on top of the operating system.
My browser of choice is Mozilla Firefox. There are many reasons for this. First of all, in my experience it loads pages considerably faster, and crashes less often. Second, it is extremely customizable. You can load different themes to totally change the look and feel of the browser, and you can install add-on applications that perform different tasks to make the browser more useful to you. Since you can choose which add-ons you install, your browser can become very personalized.
Again, what does this have to do with security? A lot of these add-ons are used to enhance the security of an already reasonably secure browser. For instance, I use an add-on to block advertisements, which can prevent certain malicious pop-ups from loading. My favorite add-on is known as NoScript, which is an amazing tool if you can deal with how it breaks certain sites. NoScript effectively disables all scriptable components of any website, include Javascript and ActiveX. Without scripts, it is practically impossible to have a malicious site compromise Firefox. Of course, many sites use these scripts to provide basic functionality – YouTube, for instance. The point is you can pick and choose which sites you want to enable scripts on, and any other site will be script-less the first time you visit it. Play around with it, I’m sure you’ll get to enjoy the feeling of only allowing sites to run scripts that you specify.
What’s your choice for the most secure browser? Let me know in the comments.
I choose Opera, becuase it’s fast, customizable and very secure.
Thanks for the input, David. I have heard of Opera, but I have never had the opportunity to test it out. I will give it a shot, and let you know how it goes.
Please do. It will be interesting to hear your opinion.
Opera is very famous for its security, and is often cited as being the most secure browser. Even Bruce Schneier uses it (e.g. [1][2])
You mention the NoScript extension. Please have a look at the site preferences in Opera (right-click) where you can use different preferences for different sites, including disabling of scripts. (You can also do it fast by pressing F12 and then unmark “Enable JavaScript”).
AFAIK, they are also the leading browser when it comes to SSL/TLS and related technologies.
Other features worth cheking out: http://www.opera.com/products/desktop/
If you don’t like Opera right away, give it a chance, if just for some days. You’ll learn to love it (promise), and you’ll notice how much faster you’ll surf when you start to use mouse gestures and stuff.
[1] http://www.eweek.com/article2/0,1895,1854652,00.asp
[2] http://www.schneier.com/blog/archives/2006/02/the_new_interne.html