Is Firefox still the safest web browser?

You have a good point, but this is also why everyone who knows how to use Sandboxie will stress closing your browser and making sure it's cleaned before doing anything important. I don't particularly care that a malicious tab reads my PCWorld page sitting in another tab. But I most certainly would care if that tab contained a bank or place of purchase.

 

Yes. And that's something that Opera and Firefox just can't compete with because it's part of the architecture.

There's no security benchmark. We can't say "Chrome is better than Firefox" and know that in every case this will be true, but in my opinion when I look at objective facts and subjectively weigh them Chrome comes out on top.

 

I think that sandboxed tabs, although important are overrated as a security feature. What good is it if you are clickjacked or you get a drive-by. NoScript is more successful at stopping an infection if used well.

I know I'm arguing with a fanboy but I'm just not that convinced that Firefox can't be protected to the same level. As I have said earlier, ad bloody infinitum it boils down to a swings & roundabouts thing.

Well, I use Firefox far more than Chrome on my desktop PC & I've not been infected yet, to my knowledge anyway. All I run on it as security is MSE. Everything else is at the browser end. All you need to stay safe online is a decent AV, some basic browser security & a couple of grams of common sense. I feel more confident with Firefox (or SeaMonkey for that matter) with NoScript surfing the Net than with Chrome even with its sandboxes. In fact, I'd wager that IE9 (64 bit) with WOT installed is as safe as Chrome to surf the Net with.

Like I said, there is no viable Chrome version of NoScript, merely substandard clones, & what with Chrome's often dodgy & under developed extensions, which themselves can have security concerns, I am just not convinced it's immeasurably superior to a NoScript defended Firefox. You can keep repeating yourself & wishing it to be true, but it doesn't neccessarily make it so.

 

Not a fanboy. I really don't need to argue about it lol I've said that it's my opinion when I weight up the facts. If you really think I could ever be a fanboy of a product you don't know me at all, but of course how could you - I don't blame you for that. I often defend Google and Chrome because the arguments against them are always really dumb and the people misinformed. I'm also interested in security and I think browser security is one of the most interesting things in that area. That's why I focus on Chrome and that's why people think I'm a fanboy.

Pointing out clickjacking is just like me pointing out sandboxed tabs. Can't really say which one is a bigger issue.

And same to you.

 

On both of my computers, Firefox 7.0.1 is as fast as Chrome IMHO. And I have a gazillion extensions on Firefox.

Fx #3-3.6 series were dark days for Firefox, it really came back with the #4 series.

 

In terms of a typical page load I find Firefox to be just as fast as Chrome. For certain things I know Chrome was always MUCH faster. Running a javascript gameboy emulator, some OpenGL stuff, and a few other really heavy javascript things have always been wayyyy faster in Chrome for me. Things may have changed.

And we're still waiting to hear back on this.

 

Yeah, right.

No? So why are you then? LOL

I have been accused of often attacking M$, probably because I sometimes spell it with a dollar sign, & I am no huge fan of Idiot Exploder Internet Explorer. Yet I am quite impressed with the 64 bit IE9 & I use MSE.

Yeah, well, the fact that we are using a security forum sort of points to the fact that we are both security anoraks. Believe me, I have the same concerns about security.

Which was sort of my point ....

 

I just like the way it scrolls faster than Firefox when I'm using a notebook.

Don't hold your breath.

 

Then we agree...

As I said riiiight before your post

I then went on to say:

 

IS he away or something? I'm expecting an answer.

 

Yeah, subjectively speaking, I am pretty sure Chrome tops Fx 'out of the box' but I think that they are virtually equal after Fx has NoScript installed inter alia. Of course I can't prove it outright, but I really do have some concerns over the sheer efficacy of some of Chrome's extensions. Overall, it appears to me that Mozilla's extensions drastically improve Firefox's abilities in many areas & address its security flaws with some confidence.

Chrome's extensions on the other hand, often just don't seem to always cut the mustard. I tend to worry about them even when they are working well. At one stage I used Chrome's default javascript off position using the runbox icon to OK pages. This often disabled extensions when the JS wasn't allowed to run. This problem is an Achilles heel in Chrome if you ask me. At best it's irksome.

 

http://www.adrienneporterfelt.com/blog/?p=226

From the link about Chrome's extensions where I think you're getting the ideas about Chrome's insecure extensions.

23 require the attacker be on your network, only 3 out of the 100 tested allow for remote attacks.

Is this ok? No. I don't think so. It's easily fixed but that's not the point. I think people looked at that and said "omg 27 vulnerabilities" but you have to remember they're local attacks. Again, not ok, but it's important to keep that in mind.

I personally do not feel all too unsafe using the extensions that I do.

In certain areas Firefox + NoScript is more secure than Chrome. In certain areas Chrome is more secure. I personally value certain areas more than others.

 

My guess is that he's quite busy with working & keeping NS & his other programs up to date for Fx & SeaMonkey. Either that or he's said all he wants to about porting NS for Chrome. It's like I said, if it was possible, he'd have done it. I'm also pretty sure he is on record as stating that there is no point in just porting an inferior version of NS for Chrome because of Chrome's API problem. That's what the clones have done; unsuccessfully. This is one of my problems with running Chrome (or Iron). It is quite a bit of a security hole that has never been satisfactorily addressed IMHO.

 

Even if it does move to Chrome I won't be running it. Just not worried. I can't see what it protects me from at this point on Chrome.

But that's besides the point.

If Maone does not comment I'll have to ask the ScriptNo dev.

Maone is not the best Javascript developer in the world and he's not the only person capable of creating an extension.

 

I wasn't thinking of that particularly.

3 out of a 100 ain't too bad I suppose.

It's just that as a whole I find that Chrome's extensions don't seem as well developed as Mozilla's are. Ghostery for instance. This applies to other security extensions & it does worry me somewhat.

Swings & roundabouts. I'm probably paranoid because I got hit with a drive-by trojan once. I wasn't running NoScript in SeaMonkey, I'm convinced that NS would have stopped it. I don't think that Chrome could have stopped it either. I'd rather prevent an infection than rely on sandboxing after the event. Neither Norton, Spybot or SpywareBlaster either stopped or detected that trojan. Thank god I ran a SUPERAntiSpyware scan!

 

I think that they're limited. Chrome has been very slow to open up its API, and for good reason. A wide open API means a lot of vulnerabilities.

This is one of many reasons that OpenGL was such a huge security issue - the fact that it was kernel-level access from the internet and the fact that the API never ever took security into account.

Does this gimp extensions? Yup. We couldn't properly adblock for a long time. Does this ensure overall security? Somewhat.

I've never had a successful driveby download on Chrome. Definitely have on Firefox via Flashplayer.

The reason I rate Chrome higher than IE9 is due mainly to Flash. Flash is one of the most targeted products and Chrome sandboxes it.

 

I'd definitely run it.

I believe he has a Ph.D. in software engineering or something. NoScript is arguably the best extension of its kind ever written & is one of the most downloaded & used in the world. I genuinely feel safer using it. If he could write/port NS for Chrome & it worked as well as it does for Firefox it would seriously address Chrome's security flaws.

 

Which is great... but it doesn't mean that another software developer can't do just as well or even better.

Eh, I disabled ScriptNo today. I think about the security it provides me and I just don't see it as being too beneficial.

Maybe, maybe not. I don't worry too much about my computer's security lately.

 

Swings & roundabouts.

Yes, the flash sandbox is a plus point for Chrome.

Yeah, I only really use the 64 bit IE9, which hopefully is a tad more secure.

 

Not really. I was explaining why Chrome extensions are often gimped.

The only security benefits I know of for 64bit would be a more random ASLR. I don't know of any others.

 

I tend to trust Giorgio though.

I'm giving Opera a run at the moment to see if they've fixed some of the bugs that were 'bugging' me after the upgrade. I just uninstalled NotScripts as it obviously isn't being supported/developed any more. I think I'll be OK though as only four people actually use Opera.

 

Well I certainly feel that Opera is easily the least secure browser for many reasons. But I also don't pick every program that I use based purely on security.

 

Either way, the result's the same in the real world.

You're probably right.

 

The result is that extensions are less capable but also more restricted.

Not much else I can think of. I mean, if some other technique requires randomization it'll be improved but ASLR is the main thing.

 

You and your absolutist statements hahaha. Yes there is denying. Check SmartScreen.