Which one is more secure: IE or Firefox?

Discussion in 'privacy general' started by helpmeout, Feb 7, 2010.

Thread Status:
Not open for further replies.
  1. helpmeout

    helpmeout Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    17
    I was a big Firefox supporter for many years until I started doing some in depth research of the two products. I've been reading the pros and cons for both of these browsers and was wondering what everyone thoughts were on which one is more secure to use on a daily basis?
     
  2. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
    I would say Firefox: vulnerabilities are patched faster, you have a wide range of security addons and it's proven to be tougher in hacker contests (Pwn2Own for example).
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    latest IE & latest FF roughly the same
     
  4. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    Basically the same...just pick the one that works best for the way you browse then change the settings/use add-ons that help you do it.
     
  5. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    I don't think that there is much between them security-wise. IE 8 is certainly safer than its predecessors & there have been some worries about Firefox recently. Opera & Chrome/Iron are probably safer than both of them.
     
  6. helpmeout

    helpmeout Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    17
    Is IE8 actually safe yet?

    I was still under the impression that all the bugs haven't been worked out just yet. So I figured IE7 would be the better choice if I were to use IE at all.

    As far as Firefox goes:

    The thing that kind of scares me nowadays about Firefox is the fact that they incorporated a few IE files. Now grant it as it was mentioned above already I can delete those IE extensions from FF however, wouldn't that leave some type of security risk of some type?
     
  7. Dogbiscuit

    Dogbiscuit Guest

    The question of which browser is more secure (how vulnerable it is if attacked) depends to some extent on the environment. For example, IE8 on XP can't run in Protected Mode because Protected Mode is based on security features found only in Vista and Win 7.

    But:
    • Either browser can allow an exploit to compromise a user account or a whole system through a vulnerability in a browser plug-in.
    • Both browsers experience zero-day vulnerabilities.
    • Both browsers contain yet to be discovered vulnerabilities.
    • Either browser can be made more secure by changing it's default settings.

    IE8 is less safe (how likely it is to be attacked) than Firefox 3.x to the extent that it is targeted more often than Firefox 3.x, and vice versa.
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Quick Answer: Firefox is generally more secure than IE, but use neither in favor of Chromium.

    Firefox updates with more frequency than IE, IE leaves their cheese hanging in the wind for quite a while. From the point of view of the attacker, IE is easier to hack and has more negative repercussions because it is insecurely hooked into all the windows OS. Firefox is a harder to break. However, if you want even better security, go with Chromium (Not google chrome browser); each tab acts as a separate process which makes attacks so much harder to perform. Chromium is google chrome but has had all the google spyware removed.
     
  9. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    I thought it was the other way around :blink:

    Google Chrome is Chromium but with privacy issues added.
     
  10. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    Hi Steve,

    Uh, why is each tab a whole separate process instead of a separate thread? Is it a shared memory issue between threads that makes for less security? A whole separate process, depending on how it is implemented could have the same issue in an SMP environment, but seems a bit heavyweight compared to a lightweight thread which is probably more appropriate for a browser implementation. As long as separate threads or separate processes have private memory implemented - access between them can be controlled, otherwise, if control of the main browser process is hacked, then all bets are off.

    How does Chromium differ from SRWare Iron browser? Your description of Chromium sounds very much like SRWare Iron.

    -- Tom
     
  11. progress

    progress Guest

    :thumbd:

    :thumb:

    I think Opera is also very safe (market share < 5 %) :D
     
  12. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I'm not the master of the chromium underpinnings, that would be kyle. Let's see if we can get him to comment.

    Chromium is the source that google built, then branded and added all the anti-privacy stuff to make Chrome. SRWare is not comparing itself to Chromium because there would be little to compare, they are comparing themselves to Chrome. SRWare appears to be Chromium, but with updating turned off (bad), and some fingerprints turned off (good or bad, as a blank fingerprint is still a fingerprint, and an especially conspicuous one) and error reporting to google turned off (good).
     
  13. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    my vote firefox portable which i run from c:programs with addblock,flashblock,leechblock
    returnil2008 on and browser sandboxed
    i also copy the firefox onto another drive just in case
    i feel pretty secure
    always updated xp pro sp3, mss
    i dont instal java
    i don't use ie as it caused a lot of problems in the past [the reason i switched to firefox portable]
     
  14. ex_ployt_ed

    ex_ployt_ed Registered Member

    Joined:
    Jan 31, 2010
    Posts:
    26
    1.) I see no mention of the NoScript Firefox add-on.

    Short of not allowing JavaScript at all, can anything be more secure than allowing it selectively, via judicious use of NoScript?

    What about clickjacking/ xss?
    Was it not the case for some time that NoScript offered the only protection against this vulnerability?

    What is the current situation?

    On the other hand, is it not just a matter of time before someone discovers a serious vulnerability in NoScript?

    When that happens, aren't we all sunk?

    2.) (In a Windows environment) Is it not the case that using the portable version of just about any program is at least somewhat more secure than using the equivalent installed version?

    Both Firefox as well as Opera come in portable versions.

    Do any other browsers?
    ________________________
    3.) Regardless of browser:

    -Take heed:
    http://www.cert.org/tech_tips/securing_browser/

    -Note that the fewer plugins/multimedia you allow, the more secure*.

    (*Ideally, the same (network-connected) system should not be used both for multimedia and the storage and transfer of sensitive data.)
     
    Last edited: Feb 9, 2010
  15. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I am using XB Browser right now. But of course I have a xerobank account. I wonder if XB Browser could be used without Tor or Xerobank?

    I just downloaded Chromium. Are there security addons for Chromium?

    I am surprised to hear that anyone thinks that IE is as secure as Firefox. Doesn't IE leave a lot personal info on your computer?
     
  16. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    The Safest browser is a browser run from inside Sandboxie.
     
  17. Dogbiscuit

    Dogbiscuit Guest

    Charlie Miller
     
  18. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    That is a very interesting article. I had always heard that a MAC was more difficult to bust into. Evidently not so. And I am surprised to hear him say that Chrome is less vulnerable than either Firefox or IE.
     
  19. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Chromium is secure by default, as long as you keep it updated. There's no holes that need to be plugged with extensions, unlike Firefox.

    What personal info? That's a very vague claim. I wouldn't be surprised if whoever told you that didn't you a proper explanation for it, because doubt there's any.

    With Protected Mode, ASLR, DEP, built-in anti-XSS and process-per-tab, I wouldn't be surprised if IE is more secure than Firefox.
     
  20. ex_ployt_ed

    ex_ployt_ed Registered Member

    Joined:
    Jan 31, 2010
    Posts:
    26
    What about all those tracks IE would leave behind like index.dat and .tmp files ?

    Okay, that answers one of the questions in my previous post.

    But is there any way in IE (or any other browser, for that matter) to get the level of selective control over JavaScript that NoScript offers in Firefox?

    And is there anything for IE that's even comes close to being as effective as AdBlock Plus?

    (Haven't Ads frequently been a vector for malware?)

    I was just about to say that even if a third browser (Chromium or something else) were to be more secure than both Firefox and IE, the question would remain: Between FF and IE, which is the more secure of the two?

    Hopefully, others will answer this, whether by giving their own opinion or citing that of others.
     
    Last edited: Feb 10, 2010
  21. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
  22. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    link for downloading chromiun please..
     
  23. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    I can't verify for IE7, but IE8 zeroes out the index.dat files when you clear browsing data. Which is actually better than simply deleting them.

    Besides, those are privacy issues, not security issues. And unless you share your user account on your computer with other people, there's no reason to be worried about it.

    Sure there is. Just turn off Javascript and enable it manually for every site you want to whitelist. All major browsers (IE, Opera, Chrome 5) offer that ability. But as far as I'm concerned, that's irrelevant. Because - again, as far as I'm concerned - NoScript has got to be one of the stupidest ideas I've ever heard. There are plenty of other mechanisms to keep yourself safe, and they don't involve whitelisting every website you visit, or breaking pages like Windows Live Mail and Wordpress.

    It doesn't matter. To infect you, the malware still needs a vulnerability to exploit. And even with a vulnerability, the exploit code still needs to be able to bypass DEP, ASLR, and Protected Mode. That's a pretty tough order.

    Feature-wise, Firefox is superior. But as far as security is concerned, I'd rather take my chances with IE8 on Vista/Win7 over Firefox any day.
     
  24. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    There are anumber of options for IE but one that is based on EasyList, EasyPrivacy and EasyElements is Simple Adblock: http://simple-adblock.com/
     
  25. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    There probably isn't a lot of difference security-wise.

    Opera or SRWare Iron are probably more secure.
    They may not be as appealing targets because of less market share/users.
     
Loading...
Thread Status:
Not open for further replies.