Favourite browser - 2012

My current favourite is IE9.5 (aka IE10 for Windows 7 SP1). I have used it for more than 4 days, and I definitely like it. It is at least as good as old IE9, perhaps with somewhat better security. The only problem I have found is that some of my financial sites must be run in compatibility mode.

 

I use Firefox. I've been using it for a long time. Tried using Chrome. But just couldn't get to like it.

 

My sarcasm alert is sounding loudly

 

Right, I never said Firefox couldn't be made more secure. Well, when you're talking extensions, that opens up an entirely new security topic. Every extension pokes a hole in the security of the browser by nature, especially when you're talking about browsers that lack strong default protection. I'm not at all knocking Firefox, that would be rather hypocritical considering I still use it from time to time. My sole point has been that Firefox isn't as secure as a default Chrome install because of the much stronger built-in protection. I'm not dismissing NoScript either as it has a place in the security toolbox for those that want to deal with it. I just don't see it relevant to discussing default security, plus it is there almost solely for scripting issues which is not the only malware threat to worry about.

 

I think the whole concept of out-of-the-box-securitylevel is something Wildersmembers have forgotten about. It's optimized so fast the user thinks it's still in production.

 

Wilders is a place full of "1 percenters" who are too busy playing with their toys to be concerned about something so basic..yet obsessive enough that if you started a "Best Default Security" thread right now, by tomorrow night you'd probably have about 4-5 pages already and the back and forth arguments would be in full swing, along with the always prevalent "personal settings and tests/some graph off Google" picture uploads with a few sprinkled in troll posts for the heck of it.

Anyway, browser security has taken a backseat to speed just about everywhere. Now it's all about who tops the V8 or whatever tests. If you're at the bottom or even middle of the pack, you automatically suck. But hey, who cares, LOLCats loads fast

 

i just switched to Opera.

i have been trying it over the years and always kept an eye on it's development.

i thought i'd miss NoScript but it's easy to add a button to a toolbar to enable js on the fly.

you can also right click a page (Edit Site Preferences) and allow it to a white-list of sites that are allowed to run js.

there's some very nice skins for it as well!

 

What is opera like on resource usage.?

 

pretty light from what i can tell.

CPU usage is near 0 at idle, the browser uses about 75 megs with 1 tab, 115 megs with 4 tabs open.

 

There are some nice themes, unfortunately a lot of the skins are not up to date & tend to 'break'.

 

most software has near 0 CPU usage at idle. you have to compare CPU usage at different websites. we need to know how Opera handles low, medium and highly intensive tasks as opposed to other browsers.

 

i'm not about to run benchmarks but Opera feels faster than Firefox and as fast as Chrome.

but browsing is pretty light anyway as i go about with javascripts disabled.

 

while we're on the subject of CPU loads...

i see quite a few web sites using scripts and whatnots that will put the CPU at 100%, therefore freezing the computer.

i've seen this with different browsers and machines, so short of blocking javascripts i don't think any browsers do particularly well when it's being assaulted by a barrage of marketing sludge.

 

It's far more powerful: http://en.wikipedia.org/wiki/NoScript#Features

Other browsers don't have all those functions together and/or fully implemented.

IE 10 is the one that comes closest IMO. Its new EPM offers the protection that NoScript's Application Boundaries Enforcer is intended to offer.


http://blogs.msdn.com/b/ieinternals...rk-security-addons-cookies-metro-desktop.aspx

http://en.wikipedia.org/wiki/NoScript#Application_Boundaries_Enforcer_.28ABE.29

 

The problem with IE10 is slow start ups, freezes, and general slow usage. My new 1.5 single core laptop cannot handle IE10.

 

I wouldn't call that "far more" powerful, though I will give you anti-XSS and Clickjacking. ABE actually raises more false alarms than anything, in my experience. But even the features it touts can't truly compete with what Chrome offers built-in. I don't need plugin blocking because Chrome sandboxes them in its own house built sandbox and does even more ))Java I believe is still a lone exception)).

 

What NoScript tries to do is far different from what any application sandbox tries to do.

NoScript is for dealing with web-based attacks. CSRF, XSS, ClickJacking, script keylogging, etc. These are attacks that deal with content security policy, same origin policy, and generally 'web based' attacks - the kind that never leave a website/ browser.

A sandbox limits attack surface for the system itself, and confines attack to within a process.

Generally, in the past, we've seen attacks try to infect systems rather than attack hijack sessions ie: you may have an XSS attack, but it's used to try to exploit the process and infect the system.

But that doesn't mean XSS, Clickjacking, CSRF, etc are unimportant. As sandboxing becomes more prevalent they may start to become more mainstream.

It's all just different methods for different attacks.

 

So if I understand this right, a sandboxed Firefox with NoScript is as secure as Chrome or more secure?

 

i'm tinkering with a Chrome extension called Quick Javascript Switcher.

by turning off javascripts globally in the Chrome settings it is easy to white-list your favorite and trusted site using Chrome itself.

but Quick Javascript Switcher can be used to temporarily allow sites and easily clear its temp whitelist when you're done.
it can also write temporary whitelisting to the Chrome javascript exceptions list permanently.
QJS also puts a button in Chrome so you can turn on and off javascripts globally in Chrome on the fly!
QJS is a tool for web site developer to check for compatibility but i found better use for it.
QJS here:
https://chrome.google.com/webstore/detail/quick-javascript-switcher/geddoclleiomckbhadiaipdggiiccfje

it's almost like having NoScript in Chrome, without NS extreme granularity and extra features.
but unlike Opera or Firefox you have the added advantage of the sandbox.
and the speed of Chrome.

it's just a matter of building a whitelist or/and blacklist as you go along.
i think this is the best way to control js in Chrome, as NotScript and ScriptNo seems to be abandonware...

 

@HungryMan: I know what the features of Noscript are about and that they differ in protection from the measures that are used by Chrome. As I had said before, NoScript is a great little program for those that want to deal with it. I'm neither knocking Firefox nor NoScript, I'm only saying that even with NoScript, Firefox cannot be considered more secure than Chrome. Why? Where are the separate and protected processes? Where are the plugin sandboxes ((plugin-container is, again, a stability measure))? Where is the inability of one exploited tab to exploit the contents of the second tab ((remembering your good site in one tab/bad site in another talk not too long ago))? Firefox has none of this. It is a single process browser with next to no protection without the addition of possibly security-diminishing extensions that still would not give it those separate processes, etc.

@Amit: Using a sandboxing program like Sandboxie changes the discussion quite a bit. A very sound, ((though likely hindering in an environment that isn't personal home use)) restrictive configuration will stop a lot of browser exploiting cold. But, I was trying to keep this discussion to default security, plus, I'm not certain Sandboxie has the same strength as some of what Chrome offers. A default Sandboxie to me is more like an Etch-A-Sketch. If you screw something up, it can be wiped away, but the screw-up still happened.

@Moontan: It's great to know there's a bit more scripting choice for Chrome My only issue with something like that is that it is leaving bad/good script choices in the hands of likely clueless users. Leaving a user to decide what is secure and what isn't almost never ends well ((you Wilders-type folks aside)).

 

I couldn't help myself. Seeing all this stuff about Chrome's built-in sandbox protection made me kind of greedy to get assured of my sandboxed firefox.

What more does Chrome offer that makes it stronger than firefox sandboxed by sbie?

 

They are secure against different things.

Sandboxing Firefox doesn't provide the same level of security as sandboxing Chrome - the Chrome sandbox is far more advanced than any sandbox Firefox could support due to architectural differences.

I'll put it this way.

If your priority is to prevent web-based attacks like XSS, CSRF, Clickjacking, SVG keylogging, or the like - use Firefox with NoScript.

If your priority is to prevent unauthorized access to local files or system intrusion/ infection - use Chrome.

I've just written an article about banking online. I recommended Firefox for it. Although preventing system compromise is key, and for that you should use Chrome, when it comes to banking and ensuring that websites are unable to be 'sniffed' or exploited in any way I think Firefox with NoScript is your best bet.

You can read that article here:
https://insanitybit.wordpress.com/2012/11/19/banking-online-firefox-with-noscript-is-your-best-bet/

I agree, and I think it's a matter of risk assessment. For preventing system compromise I think Chrome takes the cake - I think the sandbox is incredible. But for preventing attacks that can work within sandboxes, within webpages, I think NoScript is best suited.

Use Chrome for your regular browser and use Firefox with NoScript (follow the guide in the link for more info) for banking or accessing sensitive websites.

@Amit,

Chrome's architecture lends itself to sandboxing. Each process is sandboxed separately, keeping them all isolated from one another. With Sandboxie you isolate Firefox from the system, but due to its single process architecture it's unable to restrict tabs from each other, the Javascript renderer (most exploitable area) from a web page, etc.

 

Here's a memory efficiency benchmark for you, Opera doesn't look so good:
http://www.tomshardware.com/reviews/internet-explorer-10-chrome-23-windows-8,3349-9.html

 

yes, i have seen it.

but to tell the truth, i found real-life performance was more than up to the task.
it feels very fast when i was using it.

but Chrome is still the fastest.
for example, it loads a page in 3 seconds when it takes the other browsers 4 or so.
i've tested Opera vs Chrome yesterday with a stopwatch.

 

Maybe I'll switch to portable IceDragon because I often play with time machine's snapshots and therefore often need to install the latest version of my browser again. IceDragon looks cool, FF personas and the add-ons I need works ok. I just installed it in non-system partition.

Unfortunately I found no official portable Opera - I would prefer to stay there because of its superb inbuilt mail. My quest in portable browsers goes on...