It's not about the browser, stupid!

In his latest opinion piece, Davey Winder tackles the great web browser security debate.

security figures on keyboard

COMMENT:When considering the security of your data how big a part does your choice of web browser client make?

Even typing that question sent something of a shiver down my spine, in a 'I hope nobody can see me asking that' kind of a way. Although some browser clients may be notionally 'more secure' than others, when talking about the mainstream choices none are actually safe nor unsafe, truth be told.

It's a bit like the guns don't kill people argument, although I've never heard of a web browser killing anyone (but Internet Explorer has driven me to suicidal thoughts in the past) the point is that people kill people and people use web browsers in an insecure manner.

A browser with hardly any market share is also going to have hardly any hacker interest in it but it won't save you from stupidity.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

That's precisely why I was a little disappointed to discover there has been yet another study into web browser security published, the results of which appear to be at odds with another recent study into the same thing.

One report says that Google Chrome is the safest browser you can use, the other that Internet Explorer 9.0 is the most secure. I will ignore the small matter of Google being the sponsor of the study it ended up winning as, like I already said, it really doesn't matter to me anyway and nor should it to you.

It does, however, seem to matter to the director of security strategy at one large vendor who insisted on

explaining in great detail via email how web browsers are like cars. I will spare you the full argument, but the abridged version encompasses Maslow's Law of Hierarchical Needs whereby cars (and ultimately web browsers also) start their lifecycle competing on basic functionality alone, then move into additional features and efficiencies. The point being that just as when comparing the safety features of cars (is ASB 'safer' than air bags, for example) how do you determine if a browser with a sandbox is safer than one with an anti-XSS filter?

His conclusion being that the answer depends upon the crash test criteria and how the scores are weighted.

Why did he tell me all this? Because one browser security study primarily focussed on malware blocking while the other took the view that URL or application reputation were not that important. Hence the two different end results. Bananarama and the Fun Boy Three summed up online security pretty nicely when they sang it ain't what you do it's the way that you do it.

Advertisement - Article continues below

Visiting dodgy download and sharing sites, clicking links indiscriminately, believing everything anyone who emails you says will get you and quite possibly your enterprise in trouble no matter what browser you are using. Sure, a browser with hardly any market share is also going to have hardly any hacker interest in it but it won't save you from stupidity.

So invest in user education and decent endpoint security protection if you want to protect your data, and forget about how secure or insecure your browser is. It really doesn't make much difference anymore.

Unless you are still using Internet Explorer 6 that is, in which case I retract everything I have said up to this point and would like to replace it with a great big WHAT ARE YOU THINKING?

Yes, I know that there are still bespoke applications within the enterprise which use IE6 and which work perfectly well, but that doesn't make them perfectly safe unless they are totally sandboxed from the internet and the rest of your network. Even Microsoft is pleading with businesses big and small to follow the consumer lead and drop the buggy, unpatched, unsupported, full of holes pile of web browsing poop that is IE 6. I grant you Microsoft didn't use those exact words but I think that's what it meant...

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020