Is Firefox still the safest web browser?

This would make sense. Flash does not natively support running at any lower integrity. Google only manages it by modifying it quite a bit.

 

I made a small research on that. Turns out IE does that for better compatibility. We have to agree that the most used browser in the world has to remain compatible for more time than the others, specially when the drawbacks aren't really important.

Very sensible. About the Flash thing, as I said before, IE doesn't come with it out-of-the-box, so it is unaffected by it until it is installed. Weren't we talking about security in out-of-the-box browsers? We can't make an exception for Flash just because only Chrome comes with it bundled.

Anyways, only Adobe can properly address the not-low integrity issue, and Adobe is doing that for IE too, as this official statement implies: http://blogs.adobe.com/asset/2010/12/the-year-of-the-sandbox-isnt-over-yet.html

 

"Adobe and Google". Please correct your statement.

 

Of course. Allowing read access is going to improve compatibility a lot.

But Chrome restricts reads and it hasn't been a problem and it's still something to consider. In my opinion sandboxing is meant to be used to restrict every possible action that malware can use to break into a system/ accomplish its goal. If malware/ an exploited Chrome can read every file on your system it may not need to break out of the sandbox at all.

Is it super important? Not necessarily. But I would absolutely consider the sandbox stronger because it's more restrictive.

It's hard to talk about out-of-the-box with Flash because virtually every personal computer will have Flash installed. Is it included in IE9 by default? No. You could even argue that IE9 therefor doesn't include a hugely vulnerable plugin and therefor is much more secure.

But I think we can both agree that most everyone reading this topic has Flash involved and that Flash is practically a web standard. It's fairly relevant to the conversation.

If I knew someone would literally never use Flash I might just put them on IE9. I've never had that happen. I personally always assume someone will be using Flash at some point - it's just so prominent.

Yes, Adobe will eventually address the problem. Hopefully.

But we can't really talk about security in the future, we have no clue what new techniques each browser and malware will utilize.

 

I'm not clear on Adobe's involvement. I know they provide developer builds to Chromium's team. I don't know that they actually deal with the implementation. I would think that it's handled entirely by Google/ the chromium team.

 

Firefox countless security add-ons
like NoScript, ABP, Adblock Plus Pop-up Addon, HTTPS Everyware, HTTPS Finder etc.
make it very secure.

 

Not quite countless, six hundred & sixty two I believe.

Top that Google Chrome!

 

The situations mimics Linux vs Windows. Linux is more secure at the core but Windows has loads of security addons.

Would you call Windows more secure? Perhaps that's too off-topic.

The point I'm trying to make is that building extensions is a matter of opening APIs. Creating a secure program means huge archetectural rewrites. Chrome is already secure at the core.

Personally, I care much more about core security. No amount of extensions will sandbox Firefox's tabs.

 

I don't think it's an issue that will bother your average Firefox user when they are faced with a choice of over 600 security/privacy extensions. I certainly don't feel any less secure in Firefox (with NS & my extensions of course) than when I am in Chrome, in fact it is quite the reverse. IMHO, to answer the original poster's question, I'd say that Firefox was still the safest web browser, just as long as it is running NoScript, ABP & a few other choices from literally hundreds of security extensions.

 

I don't think that those hundreds of extensions are all viable and most of them are clones of another extension (a lot of popup blockers etc.)

If we were talking about the issues that bother average Firefox users I doubt we'd be discussing security at all.

 

ROFL. Hungry Man is guarding this thread as if his life depended of it. He answers in no more than a few minutes, sometimes seconds. LOL

Just KIDDING.

 

They may not be all viable, but it is the sheer choice that is important I think, as people can tailor their set-up to be peculiar to their specific needs.

Probably because they feel secure! For instance, I have, as security/privacy extensions on various versions (portable/non-portable) of Firefox: ABP, Addon Update Checker, Certificate Patrol, Flagfox, Flashblock, Ghostery, Google Docs Viewer, NoScript, Trust My Web & WOT. I have other extensions & altogether these don't impede overall performance too much. Of course, I have similar extensions for security on Chrome, but as a whole they are not as well developed.

 

Massive poster for a reason.

Eh, if the option is "Adblock plus" and "knockoff plus that hasn't been updated in 2 years" it's either not a choice or the option to choose a far weaker product. A lot of the ones I saw there just weren't any good.

I'm sure most people feel secure. I don't think that we should be going by any average person - most people don't know what a browser is let alone a virus.

As for extensions, like I said, they're great. But they can only try to make up for core issues that can only really ever be taken care of by Mozilla.

Can Firefox ever be as secure as Chrome? To an end, I suppose. But only if we're comparing a "naked" Chrome to a Firefox + 3rd party extensions.

Even then I still feel more secure on Chrome. I do not trust 3rd party software to protect me - ever. Anything Chrome or Firefox does can be broken through. The difference between Firefox and Chrome is that Chrome plans for infection and runs at low integrity.

 

Spot on!
I fully agree with you!

 

You can just as easily say that about Chrome's extensions. Fx's extensions have far more efficacy & are more developed as a whole. In over 600 extension choices there is bound to be some variation in ability.

Very possibly, but many who choose to download a browser that their OS didn't originally ship with do it for a reason. Taking the time to personalise a browser to begin with suggests an awareness of security.

That's what I have been saying all along though, Firefox is a safe as Chrome when you add certain extensions, especially NoScript (which has no equivalent yet in Chrome) inter alia. Furthermore, the sheer scope & range of Fx's security extensions gives a customisability that Chrome just doesn't have. In my experience many of Chrome's extensions are a tad inchoate or quite buggy. Notwithstanding the often detrimental affect they have on the browser performance sometimes.

Personally I feel slightly safer with Firefox due to NoScript & the fact that extensions like ABP & Ghostery are more sophisticated & almost certainly have greater efficacy running on Firefox. Maybe I'm putting too much faith in NoScript but I'll never feel quite as safe using Chrome without it.

 

I sure could. But I've never made the claim that Chrome is more secure because of sheer number of extensions.

I disagree.

First of all, I seriously doubt most people or even a substantial amount customize their browser at all. I believe the most recent statistics show something like 6% using adblocking addons at all.

People don't know to care about security.

Eh, if we're talking about performance it's another subject. Extensions hare what Mozilla has always cited as causing performance issues.

That's another issue though/ separate topic.

Customization is nice but I don't think it's really even there. If I run adblock Pro as opposed to Adblock Plus it's basically the same extension, I won't be any more secure using one or the other.

And I'm not saying you shouldn't feel safe with Firefox. I just personally do not like to rely on 3rd party security, be it in the browser or the OS. I like for security to be built in.

 

My point was that variety can suit a wide number of different systems & combinations & thus contribute to security more successfully.

Yeah, you're probably right about this.

I guess that's why variety & plenty in extensions is a good thing. The meagre extensions I run on Chrome seem to affect its performance far more in comparison than the twenty or so extensions I run on Firefox, on both of my computers.

In my experience computers can differ greatly in performance with different extensions. There's nothing wrong with more choice.

As long as the security is there, why should 3rd parties be a problem? It can be better than putting all of your eggs into one basket, surely?

 

Strange. I haven't had issues.

Of course. Your setup and mine are very different.

3rd party is always an issue because it's always layered above what you're trying to secure. Extensions are nice and they can be very helpful - same goes for something like Sandboxie or Defensewall, but they'll never make up for core issues the same way that the vendor can.

I'm not saying "don't use extensions" or whatever. I just personally care more about the core security.

Certain things "worry" me and certain mitigation impress me. Chrome's mitigations take care of my worries.

Like I said, Firefox + extensions vs bare Chrome could protect the user depending on the situation just as well. I just consider some situations more of a danger.

 

Maone has still not responded and the ScriptNo dev is not around to answer questions until the 11th or something.

Oh well.

 

I think in terms of the "vanilla" browsers it's fairly obvious which one is most secure.

Extensions make the conversation a bit more difficult.

 

I've never had mumps.

Well, technically, 'set-ups' as I own more than one computer.

That's not really a cogent argument in my opinion. I would think a multiplicity or layered approach would be more effective.

Which again, is a bit of an 'eggs in one basket' scenario if you ask me.

That's because you're a Chrome fanboy.

I would say that Fx with only NS & ABP was far more protected than a completely bare Chrome.

 

Other things being equal, wouldn't both Chrome and Firefox be somewhat safer if they were run on a Linux system?

 

Oh ... you Linux guys ...

 

Just thought I'd contribute a "fact" or two

 

Everything is safer on Linux. Chrome's sandbox isn't used on linux though.