Which one is more secure: IE or Firefox?

I was a big Firefox supporter for many years until I started doing some in depth research of the two products. I've been reading the pros and cons for both of these browsers and was wondering what everyone thoughts were on which one is more secure to use on a daily basis?

 

I would say Firefox: vulnerabilities are patched faster, you have a wide range of security addons and it's proven to be tougher in hacker contests (Pwn2Own for example).

 

latest IE & latest FF roughly the same

 

Basically the same...just pick the one that works best for the way you browse then change the settings/use add-ons that help you do it.

 

I don't think that there is much between them security-wise. IE 8 is certainly safer than its predecessors & there have been some worries about Firefox recently. Opera & Chrome/Iron are probably safer than both of them.

 

Is IE8 actually safe yet?

I was still under the impression that all the bugs haven't been worked out just yet. So I figured IE7 would be the better choice if I were to use IE at all.

As far as Firefox goes:

The thing that kind of scares me nowadays about Firefox is the fact that they incorporated a few IE files. Now grant it as it was mentioned above already I can delete those IE extensions from FF however, wouldn't that leave some type of security risk of some type?

 

The question of which browser is more secure (how vulnerable it is if attacked) depends to some extent on the environment. For example, IE8 on XP can't run in Protected Mode because Protected Mode is based on security features found only in Vista and Win 7.

But:

• Either browser can allow an exploit to compromise a user account or a whole system through a vulnerability in a browser plug-in.
• Both browsers experience zero-day vulnerabilities.
• Both browsers contain yet to be discovered vulnerabilities.
• Either browser can be made more secure by changing it's default settings.

IE8 is less safe (how likely it is to be attacked) than Firefox 3.x to the extent that it is targeted more often than Firefox 3.x, and vice versa.

 

Quick Answer: Firefox is generally more secure than IE, but use neither in favor of Chromium.

Firefox updates with more frequency than IE, IE leaves their cheese hanging in the wind for quite a while. From the point of view of the attacker, IE is easier to hack and has more negative repercussions because it is insecurely hooked into all the windows OS. Firefox is a harder to break. However, if you want even better security, go with Chromium (Not google chrome browser); each tab acts as a separate process which makes attacks so much harder to perform. Chromium is google chrome but has had all the google spyware removed.

 

I thought it was the other way around

Google Chrome is Chromium but with privacy issues added.

 

Hi Steve,

Uh, why is each tab a whole separate process instead of a separate thread? Is it a shared memory issue between threads that makes for less security? A whole separate process, depending on how it is implemented could have the same issue in an SMP environment, but seems a bit heavyweight compared to a lightweight thread which is probably more appropriate for a browser implementation. As long as separate threads or separate processes have private memory implemented - access between them can be controlled, otherwise, if control of the main browser process is hacked, then all bets are off.

How does Chromium differ from SRWare Iron browser? Your description of Chromium sounds very much like SRWare Iron.

-- Tom

 

I think Opera is also very safe (market share < 5 %)

 

I'm not the master of the chromium underpinnings, that would be kyle. Let's see if we can get him to comment.

Chromium is the source that google built, then branded and added all the anti-privacy stuff to make Chrome. SRWare is not comparing itself to Chromium because there would be little to compare, they are comparing themselves to Chrome. SRWare appears to be Chromium, but with updating turned off (bad), and some fingerprints turned off (good or bad, as a blank fingerprint is still a fingerprint, and an especially conspicuous one) and error reporting to google turned off (good).

 

my vote firefox portable which i run from crograms with addblock,flashblock,leechblock
returnil2008 on and browser sandboxed
i also copy the firefox onto another drive just in case
i feel pretty secure
always updated xp pro sp3, mss
i dont instal java
i don't use ie as it caused a lot of problems in the past [the reason i switched to firefox portable]

 

1.) I see no mention of the NoScript Firefox add-on.

Short of not allowing JavaScript at all, can anything be more secure than allowing it selectively, via judicious use of NoScript?

What about clickjacking/ xss?
Was it not the case for some time that NoScript offered the only protection against this vulnerability?

What is the current situation?

On the other hand, is it not just a matter of time before someone discovers a serious vulnerability in NoScript?

When that happens, aren't we all sunk?

2.) (In a Windows environment) Is it not the case that using the portable version of just about any program is at least somewhat more secure than using the equivalent installed version?

Both Firefox as well as Opera come in portable versions.

Do any other browsers?
________________________
3.) Regardless of browser:

-Take heed:
http://www.cert.org/tech_tips/securing_browser/

-Note that the fewer plugins/multimedia you allow, the more secure*.

(*Ideally, the same (network-connected) system should not be used both for multimedia and the storage and transfer of sensitive data.)

 

I am using XB Browser right now. But of course I have a xerobank account. I wonder if XB Browser could be used without Tor or Xerobank?

I just downloaded Chromium. Are there security addons for Chromium?

I am surprised to hear that anyone thinks that IE is as secure as Firefox. Doesn't IE leave a lot personal info on your computer?

 

The Safest browser is a browser run from inside Sandboxie.

 

Charlie Miller

 

That is a very interesting article. I had always heard that a MAC was more difficult to bust into. Evidently not so. And I am surprised to hear him say that Chrome is less vulnerable than either Firefox or IE.

 

Chromium is secure by default, as long as you keep it updated. There's no holes that need to be plugged with extensions, unlike Firefox.

What personal info? That's a very vague claim. I wouldn't be surprised if whoever told you that didn't you a proper explanation for it, because doubt there's any.

With Protected Mode, ASLR, DEP, built-in anti-XSS and process-per-tab, I wouldn't be surprised if IE is more secure than Firefox.

 

What about all those tracks IE would leave behind like index.dat and .tmp files ?

Okay, that answers one of the questions in my previous post.

But is there any way in IE (or any other browser, for that matter) to get the level of selective control over JavaScript that NoScript offers in Firefox?

And is there anything for IE that's even comes close to being as effective as AdBlock Plus?

(Haven't Ads frequently been a vector for malware?)

I was just about to say that even if a third browser (Chromium or something else) were to be more secure than both Firefox and IE, the question would remain: Between FF and IE, which is the more secure of the two?

Hopefully, others will answer this, whether by giving their own opinion or citing that of others.

 

Google Chrome, Chromium & SRWare Iron Portable

 

link for downloading chromiun please..

 

I can't verify for IE7, but IE8 zeroes out the index.dat files when you clear browsing data. Which is actually better than simply deleting them.

Besides, those are privacy issues, not security issues. And unless you share your user account on your computer with other people, there's no reason to be worried about it.

Sure there is. Just turn off Javascript and enable it manually for every site you want to whitelist. All major browsers (IE, Opera, Chrome 5) offer that ability. But as far as I'm concerned, that's irrelevant. Because - again, as far as I'm concerned - NoScript has got to be one of the stupidest ideas I've ever heard. There are plenty of other mechanisms to keep yourself safe, and they don't involve whitelisting every website you visit, or breaking pages like Windows Live Mail and Wordpress.

It doesn't matter. To infect you, the malware still needs a vulnerability to exploit. And even with a vulnerability, the exploit code still needs to be able to bypass DEP, ASLR, and Protected Mode. That's a pretty tough order.

Feature-wise, Firefox is superior. But as far as security is concerned, I'd rather take my chances with IE8 on Vista/Win7 over Firefox any day.

 

There are anumber of options for IE but one that is based on EasyList, EasyPrivacy and EasyElements is Simple Adblock: http://simple-adblock.com/

 

There probably isn't a lot of difference security-wise.

Opera or SRWare Iron are probably more secure.
They may not be as appealing targets because of less market share/users.