All of the most popular browsers such as Chrome, Firefox, Internet Explorer, have different security advantages and shortcomings. We've put them through rigorous tests, to find out which is best for you.
Vulnerability announcements and attacks
How many vulnerabilities have been found and publicly announced against the browser product? Are the vulnerability counts going up or down as the vendor patches its browser? How severe have the vulnerabilities been? Do they allow full system compromise or denial of service? How many vulnerabilities are currently unpatched? What is the history of zero-day attacks against the vendor? How often is the vendor's browser targeted versus a competitor's product?
Browser security test
How did the browser fare against popularly available browser security test suites? In this review, all of the products passed the most well-known browser security tests located on the internet, so each item was further exposed to dozens of real-life malicious websites. Often the outcome was not pretty. I experienced frequent browser lockups, objectionable content, and sometimes complete system reboots.
Enterprise manageability features
It's generally easy to secure a favourite individual browser for personal use, but doing so for an entire business requires special tools. If the browser were selected for enterprise use, how easy is it to install, set, and manage secure configurations for every user?
How I tested
I downloaded the latest publicly available version of each browser (including beta products) and installed it on fully patched 32-bit versions of Windows Vista Enterprise SP1 and Windows XP Pro SP3. I reviewed all security settings and options and checked the vendor documentation for clarification. I then subjected each browser to numerous tests, including dozens of pre-defined tests made in the lab, internet-based test suites, and exposing the browsers to known-malicious websites.
I surfed to dozens of sites known to contain live malware from several public and private malware site lists, including ShadowServer. I also visited dozens of known phishing websites, courtesy of PhishTank and similar referral sites. I used Process Explorer to monitor local processes and resources during install and ongoing operations. And I sniffed the browsers' network traffic using Microsoft Network Monitor Overview or Wireshark and examined the results for information leaks.
Additionally, each browser was used over a series of several weeks (or longer) to test general use, patching intervals, and other involved functionality.
NEXT PAGE: The most secure browser