We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Group test: which web browser is most secure?

Chrome, Firefox, Safari, Opera and IE tested

All of the most popular browsers such as Chrome, Firefox, Internet Explorer, have different security advantages and shortcomings. We've put them through rigorous tests, to find out which is best for you.

Vulnerability announcements and attacks
How many vulnerabilities have been found and publicly announced against the browser product? Are the vulnerability counts going up or down as the vendor patches its browser? How severe have the vulnerabilities been? Do they allow full system compromise or denial of service? How many vulnerabilities are currently unpatched? What is the history of zero-day attacks against the vendor? How often is the vendor's browser targeted versus a competitor's product?

Browser security test
How did the browser fare against popularly available browser security test suites? In this review, all of the products passed the most well-known browser security tests located on the internet, so each item was further exposed to dozens of real-life malicious websites. Often the outcome was not pretty. I experienced frequent browser lockups, objectionable content, and sometimes complete system reboots.

Enterprise manageability features
It's generally easy to secure a favourite individual browser for personal use, but doing so for an entire business requires special tools. If the browser were selected for enterprise use, how easy is it to install, set, and manage secure configurations for every user?

How I tested

I downloaded the latest publicly available version of each browser (including beta products) and installed it on fully patched 32-bit versions of Windows Vista Enterprise SP1 and Windows XP Pro SP3. I reviewed all security settings and options and checked the vendor documentation for clarification. I then subjected each browser to numerous tests, including dozens of pre-defined tests made in the lab, internet-based test suites, and exposing the browsers to known-malicious websites.

The Internet-based test suites included several browser security test sites, such as scanit and Jason's Toolbox; several JavaScript, Java, and pop-up blocker testing sites; several cross-site scripting (XSS) testing websites; and several browser privacy test sites. I tested the security of the browsers' password handling using the Password Manager Evaluator and the security of cookie handling using the Gibson Research Corporation's Cookie Forensics. I tested Extended Validation certificates using links provided on the IIS7 site.

I surfed to dozens of sites known to contain live malware from several public and private malware site lists, including ShadowServer. I also visited dozens of known phishing websites, courtesy of PhishTank and similar referral sites. I used Process Explorer to monitor local processes and resources during install and ongoing operations. And I sniffed the browsers' network traffic using Microsoft Network Monitor Overview or Wireshark and examined the results for information leaks.

Finally, I also relied on public vulnerability testing for these evaluations, including Metasploit and milw0rm.com. Vulnerability statistics were taken from Secunia.com or CVE.

Additionally, each browser was used over a series of several weeks (or longer) to test general use, patching intervals, and other involved functionality.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

NEXT PAGE: The most secure browser

  1. We put Chrome, Firefox, Safari, Opera and IE through their paces
  2. Making a secure browser
  3. How to measure the security of a browser
  4. Vulnerability announcements and attacks
  5. The most secure browser
  6. Google Chrome and Mozilla Firefox
  7. IE8, Opera and Safari

IDG UK Sites

What is Google Photos? How to back up and share all of your photos for free

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Swatch launches a colourful smartwatch

IDG UK Sites

New Apple TV 2015 release date rumours: TV streaming service delayed, hand gesture interface being...