Web Browsers Security. Opera, Internet Explorer, Safari, Firefox
After yesterdays post about new Firefox security bug I’ve decided to check out, which of the worlds most popular web browsers are most secure. Thanks to Secunia for stats.
Opera 9.x – Affected By 6 Secunia advisories
Unpatched 0% (0 of 6 Secunia advisories)
Internet Explorer 7.x – Affected By 13 Secunia advisories
Unpatched 54% (7 of 13 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 7.x, with all vendor patches applied, is rated Moderately critical.
Safari 2.x – Affected By 6 Secunia advisories
Unpatched 67% (4 of 6 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Safari 2.x, with all vendor patches applied, is rated Less critical.
Firefox 2.0.x – Affected By 12 Secunia advisories
Unpatched 67% (8 of 12 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Mozilla Firefox 2.0.x, with all vendor patches applied, is rated Highly critical.
I am really confused right now, but does that makes Firefox 2.0.x most insecure web browser? And according to Secunia stats, Internet Explorer 7 is right after Opera which puts it into the 2nd place?
1. Opera 9.x – Most Secure Web Browser?
2. Internet Explorer 7.x
3. Safari 2.x
4. Firefox 2.0.x – Most Insecure Web Browser?
About (Author Profile)
Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.
Comments (29)
Trackback URL | Comments RSS Feed
Sites That Link to this Post
- What Browser is better ??Firefox -IE-Safari or Opera - Page 4 - Nordinho.net Forums | April 24, 2008
- Web Browsers Security - Internet Explorer (IE), Firefox, Safari, Opera | June 16, 2008
- browser war « Sriniani’s Weblog | July 21, 2008
It’s true, if you care about your security, choose Opera!
http://weblogs.mozillazine.org/asa/archives/2007/06/real_world_secu.html
http://weblogs.mozillazine.org/asa/archives/2007/05/security_is_abo.html
http://developer.mozilla.org/devnews/index.php/2006/09/26/better-metrics-for-security-understanding-the-symantec-internet-security-threat-report/
It’s actually quite a bit more complicated a question than just counting vendor disclosed bugs.
– A
Yes, you are right Asa, it also depends on share itself, the more popular product is, more bad stuff you can find here. But the fact is: Firefox is least patched browser (security patches) according to Secunia.
Complicated? A security whole is a security whole no matter the user share. And if you are right , it’s even more reason to use Opera.
While it’s accurate to say that the greater percentage of open security holes, the more unsecure the browser; it is more accurate to evaluate the rank of the most critical open security hole.
1. Opera 9.x – Most Secure Web Browser?
2. Safari 2.x
3. Internet Explorer 7.x
4. Firefox 2.0.x – Most Insecure Web Browser?
Either way you slice it, Opera wins.
As far as what Asa said, I’m confused. Does Firefox have a greater marketshare than IE? The IE team has had to deal with hundreds of security holes, and they still manage to have a better secunia ranking than Firefox. So isn’t that saying that with a smaller marketshare, the browser vendor should be held to a higher expectation, because they receive fewer holes, and so have fewer holes to patch. Yet within the 2.x branch, Firefox has patched an amazing 4 security holes.
Opera’s marketshare is roughly 15 times less than that of Firefox. Opera has fixed 6 security holes. Using this statistic, Firefox would have to fix 90 holes. Yet they haven’t. In fact, Firefox is acting like it has a smaller marketshare than Opera, by fixing only 4 security holes. Firefox is acting like it has a smaller marketshare than Opera. Either that, or Firefox just doesn’t care if they infect millions of users. Wouldn’t that make Firefox earn the title of Malware?
You aren’t actually vulnerable to the highly critical flaw if you use Firefox. You’re only vulnerable if you have Firefox installed but use a different primary browser. That way a page can do the exploit if the opening browser doesn’t sanitize what is passed (Safari does IIRC)
I believe Asa’s point is that the rankings are apple-to-oranges comparisons due to the policy of the two companies (Opera/Moz) on disclosing security issues. (I’m aggregating stuff I’ve read from his site and OperaWatch.com). For example, one difference *could* be that Opera may have patched/unpatched bugs/issues that is has not disclosed to anyone, where FF has all of it’s issues tracked. (I say could because I’m not sure exactly what the policies are in both camps)
Of course… all the nit-picking of stats and numbers etc makes it difficult to get a straight answer on security. I choose Opera because I trust them to create a quality, fast, secure product that adheres the *web’s standards* Regardless of where they rank on Secunia against proprietary and open source clients and companies that have different policies on disclosing problems.
I agree with Eddie. There are most likely many flaws in Opera that we never hear about, whereas we hear about all of the flaws in Firefox due to it being Open Source. However, being Open Source is even more reason for Firefox to have an edge on Opera and the other browsers. Correct me if I’m wrong, but they already have a large community of users who inspect the code and provide fixes. Shouldn’t the user base be able to provide fixes/patches in a very short amount of time?
I’m also a pure Opera fan (regardless of the fact that I truly believe that Open Source is the way to go). Firefox has no excuse to not have their security flaws patched immediately. both companies are working on next releases (Opera and Firefox..as well as IE), however, focus should be set on keeping current releases 100% secure. Opera has always done a fantastic job of fix security flaws with the next build they release which usually only takes a week or two at most. It really surprises me that more people aren’t choosing Opera as their daily browser, but I’m glad to see that this is slowly changing!
Also, like Icy said..percentages really mean nothing. It’s the level of the security flaw that matters most. Safari has patched 2 of 6 flaws, whereas IE has patched 6 of 13. Based on the percentages one might assume that Safari is less secure than IE when in reality the security flaws in IE weigh heavier than those in Safari. And to add to what Vygantas Lipskas said..it really does depend on the market share of a browser. As Opera’s market share grows we will indefinitely see more security flaws surface, but the fact still remains..Opera is the most secure full featured browser available today..and that should be appealing to everyone.
Good writeup!
Wow… genious math. Have you ever took some classes on statistics? These numbers don’t have any significance at all. It’s like deciding how many percent of the people smoke, by just asking 50 passengers at the entrance of the mall.
For those of you who did not follow Aza’s link above. Here is the crucial section, an indirect quote from “The Symantec Internet Security Threat Report”:
On “window of exposure”:
The window of exposure is the difference in days between the time at which exploit code affecting a vulnerability is made public and the time at which the affected vendor makes a patch available to the public for that vulnerability.
And…
In the first half of 2006, Internet Explorer had a window of exposure of ninedays, down considerably from 25 days in the second half of 2005 (figure 4). Apple Safari had a window of exposure of five days, up from zero days in the second half of 2005.12 In the first half of 2006, Opera had a window of exposure of two days, down considerably from 18 days during the second half of 2005. In the first half of this year, Mozilla had a window of exposure of one day. In the second half of 2005, Mozilla had a window of exposure of negative two days, meaning that exploit code in that period was generally released after patches were available.
More market share = Better product ?? FALSE
Opera is the best… i try and use all of them for months, i always return to opera, the others just cant match the security, easy customize, create own buttons, mouse gestures, widgets, toolbars, fast, memory efficient, etc.
i like firefox and like it is takin IE market share, cause IE is the worst by far as opera is the best.
if opera were free since the begining, or beat firefox in make money from google searchs… maybe could have more market share.
Firefox born because 5 years microsoft not developing IE and grown frustation of IE users, it born at the peak time of spyware and virus so easily installed by IE, it born with good star and as much i love Opera i will love more the day IE market share go to 1 digit, IE is crap spread the word
this thing may be true but SOMEHOW after 2 years of using firefox i NEVER had problems with advare and security issues!
I’m not too sure that IE has a higher security then Firefox. I’ve had a fair amount of problems while using IE, but when I switched to Firefox I haven’t had any virus related problems since. I doubt its luck.
I think opera is the best
But, how could Firefox get the title of Malware? If you use Safari on Mac, it is even rarer, 1 percent of online threats!(except if you use Safari on Windows, it will be 57 percent.) . So, I installed Opera 9.5 on my sister’s computer. As you know, Linux and Macintosh are very hard to be attacked by viruses… so Windows HAD TO make up a firewall. 0_0
Maybe the Firefox folks have been concentrating on Firefox 3 which has been available for a couple of months. Secunia reports all reported vulnerabilities have been fixed.
Could the creators of opera make an operating system to match their browser..?
I like to explore sites that aren’t “politically correct.” So far, Opera has been the only browser who allows me to jump into the web with absolute safety. Firefox, IExplorer, and Safari have both let me down and required me to reformat several times.
When it comes to security, Opera dominates.
But I do miss Safari interface, Opera feels a bit bulgy.
I know that everybody know the truth is out there, opera is the safest browser on the planet and chrome is the unsafest browser on the earth.
safari doesn’t have fraud protection.
IE takes years to update threfore thre bugs , last for years.
…chrome is the unsafest browser on the earth.
Wait, I’m sorry, what?
You’re telling me that Chrome, with its stable design, and a dangerous website advisor (similar to Opera) is far more dangerous to use than, say, IE? If you are, then that’s quite possibly the biggest load of crap I’ve ever heard.
I agree with you that Opera is one of the safest browsers, however (Opera, Safari, and Chrome are my 3 favorite browsers).
Take in mind that Chrome is based on the Safari Webkit and is in fact a (heavily) modified version of Safari.
Glad you ask bro glad you ask
Plz read this article.
http://www.favbrowser.com/internet-explorer-8-is-the-safest-web-browser/
I see you doesn’t use ff (god on you)
Warning “- Safari doesn’t have fraud protection.(So having antivirus or internet security software cannot make you safe , you need fraud protection and I’m SERIOUS) should stick with the browser that have fraud protection(Opera,IE8).
You also see chrome took feature from Opera.
Also fraud protection introduced by Opera (better to stick with it)
if you care about your security and identity stick with Opera.
It’s true,
I am using Opera. I think Opera is best. It gave a lot of Options. All are simplyfying our works. So many good options like speed dial, file transfer screen, file load progress infdications, User friendly shortcuts……etc
Actually Opera has a number of unique things about it that make it a far more secure browser than the others. First Opera completely blocks file access from non local urls and makes a distinction between you having access to a remote host and not allowing the remote host to have access back. It is also very restrictive as to what things like plugins and java are allowed to do. For example a plugin cannot directly access or control the browser, where as in FireFox, I know how much everyone loves all those plugins, but frankly is a major factor in me not using it. It is a very big security hole that will always be exploited.
Opera does not allow java access to things like copy and paste, as such is a security risk. Opera has little known features like delayed script execution & event listeners that can process inline or remote Javascript and other page events before and after it gets executed, making it easy to determine if a malicious script is on a page before it ever gets a chance to do anything. I find it amazingly usefull! Opera was created with security in mind.
The difference between 0wning and being 0wned.. is Opera!
these people who hype chrome.do you guys realize that a KEYLOGGER is installed by default in chrome.i dont give a rats ass how fast it is.if you give a dam about privacy google chrome sucks