IE9 Security

Looking to get confirmation that what I'm finding is correct, or for a friendly slap upside the head asking me what hell I'm thinking

Knowing full well Microsoft's general ineptitude when it comes to Internet Explorer, I'm thinking of going back to it as my primary browser with IE9 (on Windows 7). When I've read information on IE9 specifically, it seems to be holding up very secure (particularly once you set the ActiveX filter on as default). Most of the negatives relate to past versions.

I do use Chrome as well, and I think they are pretty even as far as security goes, but the fewer pieces of software running the better IMHO.

 

In Windows 7, I'd say they are both well secured, although IE will be a more common target.

From what I've seen though, most people are usually swayed by browsing preferences more than anything else. I'd use whatever you enjoy using more..

 

Add your browser process to EMET and you're pretty much fine whichever you choose.

 

IE9 has one of the best built-in scanners (smartscreen filter) compared to other browsers.

 

I personally prefer Chrome because it sandboxes Flash aggressively while also using a custom patched version of Flash. The Chrome sandbox has proven itself time and time again with only a single 0day in the last 3 years.

I do not suggest running Chrome with EMET. It should already implement most of those security options and EMET can break some plugins.

 

Have you experienced such?

 

Yes. Silverlight.

 

Chrome has been proven to be most secure by default, IE 9 not yet.

 

Hi,

I would also highly recommend the Chrome browser. It is currently the most difficult browser to penetrate mostly because of the sandbox.

-MessageBoxA

 

Funky, wanted to thank you for mentioning EMET - I wasn't even aware this tool was out there. I had no issues with deploying this and setting it up with my software.

 

FYI, if you're using EMET on your browser and you use Silverlight for anything like Netflix you should disable EAF.

 

Thanks again everyone for your thoughts. I decided to go IE9 for now, primarily due to its integration with Norton IS and fits into the AppLocker rules I already have setup (not that creating new rules for Chrome would be hard, but I'd break my separation of user-writeable and user-executable areas doing so). As it seems the pair are somewhat evenly matched, that ended up being the kicker.

NIS 2012 will support Chrome, so I might revisit this in a month or so.

 

Thanks. Haven't hit a Silverlight site yet so haven't experienced a problem, but I'm sure I will soon enough