Most Secure Browser: FF, Chrome, Edge?

Discussion in 'sandboxing & virtualization' started by HempOil, Dec 15, 2017.

  1. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    124
    Location:
    Canada
    Does anyone know how the security of Firefox 57.x now compares with Chrome (and Edge)? As I understand it, FF is starting to sandbox things, but I doubt it is up to the level of Chrome, especially now that you can enable strict site isolation in Chrome (with some caveats). According to Google, the Strict Site Isolation feature puts "even stronger security boundaries between websites than Chrome’s existing sandboxing technology." Apparently, Google introduced this feature in response to Microsoft introducing Windows Defender Application Guard (WDAG), which allows Edge to be run in an isolated hardware environment. "In October, Microsoft said that WDAG marked a major breakthrough in sandbox technology since it offers a shield against attacks on the kernel, which is unprotected if an attack escapes the browser sandbox."

    I think hardware-based isolation would be the most secure, however, WDAG can only be enabled on Windows 10 Enterprise edition (fingers crossed it trickles down). So, it seems to me that Chrome is currently the most secure option that is widely available. Furthermore, with all of that new code in FF, security vulnerabilities are very likely.
     
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    623
    Location:
    Member state of European Union
    Chrome is most secure, but not most privacy-minded.
    IMHO Firefox is reasonably secure if updated fast enough. You could also add additional sandbox based on Sandboxie or at least run Firefox as different user.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    10,754
    Location:
    The Netherlands
    I agree, Chrome is probably the most secure, but it's way to resource hungry and bare bones for me. Firefox protected with anti-exploit or whitelisting and sandboxing is good enough security, never had a problem with it. Of course, ad-blockers will also help a lot against browser exploitation.
     
  4. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,159
    Location:
    USA
    I also believe that Chrome is the most secure browser, but I don't see why you say it's 'too resource hungry'. Is that just your observation or can you point to some browser comparison that substantiates your claim?

    Happy 2018
     
  5. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    124
    Location:
    Canada
    I forgot to update this thread with the news that Windows 10 Professional will also be able to support WDAG in the upcoming Spring Creators Update. Assuming WDAG can only be enabled for Edge, I think that makes Edge more secure than Chrome, despite what the Chrome developers may say to the contrary. Unfortunately for me, I only have Windows 10 Home :'(
     
  6. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,023
    I find this very subjective.
    depends what sort of security you speak about.In terms of certificate security then firefox is much better and i personally would be more worried about a compromised financial site then some potential trojan dropping on my system.
     
  7. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    124
    Location:
    Canada
    Fair point, The Red Moon. That's why I periodically run RCC.exe.
     
  8. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    156
    Of course running Edge in a virtual machine that gets deleted on shutdown is more secure than Chrome could ever be without a similar feature. The question is if Microsoft will open up WDAG to other browsers or if they will keep this an Edge feature. Google seems to be against virtualization for security so even if Microsoft allows Chrome to use WDAG it's not certain they will use it in the first place.
     
  9. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    124
    Location:
    Canada
  10. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    124
    Location:
    Canada
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    10,754
    Location:
    The Netherlands
    Everyone knows that Chromium based browsers like Chrome, Opera and Vivaldi are way too heavy. Try to open 50 tabs and see what happens. Like I said, FF protected with third party sandbox and AE is strong enough security.

    Thanks, will do some reading. And yes, M$ basically took this idea from Bromium.
     
  12. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    124
    Location:
    Canada
    Bromium rocks! I just wish it was available for personal use. It's mega $$$.
     
  13. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,159
    Location:
    USA
    50 tabs?! ...I have never had a need for more than 6 tabs to be open at any one time so I don't notice any lack of performance.
     
  14. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    623
    Location:
    Member state of European Union
    I sometimes opened up to 30 tabs, but it was distracting, so I don't do that anymore. I try to open no more than 5 tabs.
     
  15. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    124
    Location:
    Canada
  16. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,023
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,136
    They are aware of it :D
     
  18. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    124
    Location:
    Canada
    To me, it is more frustrating that Firefox was not included in the analysis.
     
  19. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,220
    Location:
    Canada
  20. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,404
    Hm, I wonder how this compares with Containers and First-Party Isolation in Firefox.

    Containers not only provide privacy benefits but also improve security:
    I'm using it with the Temporary Containers add-on which opens all tabs in temporary containers.

    First-Party Isolation restricts cookies, cache and other data access to the domain level. It's an implementation of the Cross-Origin Identifier Unlinkability feature in the Tor browser.
     
  21. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    580
    Location:
    UK
    As I have a network drive that can run Firefox (since it runs Linux) I should be able to run that and interact with it using an X windows client on Windows 10. However, for now I am using the latest firefox running inside Sandboxie. I think its important to use as few add-ons as possible to minimise the attack surface.
     
  22. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,632
    add ons are not the problem for attacks - there are plugins to attack and javascript flaws. addons should be kept current to avoid old an vulnerable code. "current" means not the latest build which may be in 2011 - minimal 2017 should be present as a date! too much people running old crap and think they are secure. firefox in sandboxie dont have many advantages. a decent security concept should run it live. but with a license you can gamble around with firefox options such as force cache, or force plugins, force downloads, force temp in the box. that wont have side effects like complete in the box. concerning profile - if some hit your profile inside there is really trouble outside.
     
  23. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,220
    Location:
    Canada
    @summerheat,

    I can't comment on Firefox because I don't have nearly the understanding of its workings as that of Chromium. There is also, however, the fact chrome runs its renderers at untrusted integrity level, something which I don't see with FF, where "low" is the lowest IL it achieves with its processes. Anyway, too bad FF wasn't tested; I'd be interested to see how it fares.
     
  24. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,404
    Ah, yes - on Windows. Well, I'm not worried since I'm running Linux. Don't you run it anymore?
     
  25. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    623
    Location:
    Member state of European Union
    On Linux Chrome/Chromium is also sandboxed and renderer processes have dropped privileges. It only uses other Linux kernel features to do that (IIRC seccomp and others).
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.