We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Group test: which web browser is most secure?

Chrome, Firefox, Safari, Opera and IE tested

All of the most popular browsers such as Chrome, Firefox, Internet Explorer, have different security advantages and shortcomings. We've put them through rigorous tests, to find out which is best for you.

How to measure the security of a browser

Vulnerability counts and the frequency of announced exploits account for much of the overall risk to a web browser, but they are far from the only relevant factors to consider. In this security review, the following are the general categories that were considered when reviewing each internet browser.

Security model
Each browser is coded on the underlying strength of the browser vendor's chosen security model. This model is what keeps the untrusted network side separated from the more trusted security zones. If malware is able to exploit the browser, how easily can it compromise the whole system?

What defences did the vendor include in the browser's underlying design to prevent malicious use? How is malicious redirection (such as cross-domain cross-site scripting and frame theft) prevented? Is memory secured and cleared against malicious reuse?

Does the browser give end-users multiple security domains or zones with varying levels of functionality in which to place different websites according to their level of associated trust? What end-user protections have been built into the browser? Does the browser attempt to update itself? All of these questions, and more, go into determining the fitness of a browser's security model.

When the browser runs on Windows does it take advantage of Data Execution Prevention (DEP)? If it runs on Windows Vista, does it use file and registry virtualisation, Mandatory Integrity Controls or Address Space Layout Randomisation? These topics require too much space to discuss appropriately in this review, but all four mechanisms can make it harder for malware to gain system control.

Feature set and complexity
More features and increased complexity are the antithesis of computer security. Additional features mean more code available to exploit with more unexpected interactions. Conversely, a browser with a minimal feature set may not be able to render popular websites, which forces the user to employ another browser or to install potentially insecure add-ons. Popular add-ons are often exploited by malware writers.

User-definable security zones (also known as security domains) are also an important feature. Ultimately, less functionality translates into better security. Security zones provide a way to classify various websites as more trustworthy and, hence, suited for greater functionality. You should be able to trust your company's websites significantly more than a website offering pirated software or a small web page served up by someone you don't know. Security zones allow you to set various security settings and functionalities based upon the website's location, domain or IP address.

Security domains are used in every computer security product (firewalls, IPSes, and so on) to establish security boundaries and areas of default trust. Having a security zone in a browser extends that model. Browsers without security zones encourage you to treat all websites with the same level of trust - as well as to reconfigure the browser or use another browser for less trustworthy websites before each visit.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

NEXT PAGE: Vulnerability announcements and attacks

  1. We put Chrome, Firefox, Safari, Opera and IE through their paces
  2. Making a secure browser
  3. How to measure the security of a browser
  4. Vulnerability announcements and attacks
  5. The most secure browser
  6. Google Chrome and Mozilla Firefox
  7. IE8, Opera and Safari

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model