It's not about the browser, stupid!

In his latest opinion piece, Davey Winder tackles the great web browser security debate.

security figures on keyboard

COMMENT:When considering the security of your data how big a part does your choice of web browser client make?

Even typing that question sent something of a shiver down my spine, in a 'I hope nobody can see me asking that' kind of a way. Although some browser clients may be notionally 'more secure' than others, when talking about the mainstream choices none are actually safe nor unsafe, truth be told.

It's a bit like the guns don't kill people argument, although I've never heard of a web browser killing anyone (but Internet Explorer has driven me to suicidal thoughts in the past) the point is that people kill people and people use web browsers in an insecure manner.

A browser with hardly any market share is also going to have hardly any hacker interest in it but it won't save you from stupidity.

That's precisely why I was a little disappointed to discover there has been yet another study into web browser security published, the results of which appear to be at odds with another recent study into the same thing.

One report says that Google Chrome is the safest browser you can use, the other that Internet Explorer 9.0 is the most secure. I will ignore the small matter of Google being the sponsor of the study it ended up winning as, like I already said, it really doesn't matter to me anyway and nor should it to you.

It does, however, seem to matter to the director of security strategy at one large vendor who insisted on

explaining in great detail via email how web browsers are like cars. I will spare you the full argument, but the abridged version encompasses Maslow's Law of Hierarchical Needs whereby cars (and ultimately web browsers also) start their lifecycle competing on basic functionality alone, then move into additional features and efficiencies. The point being that just as when comparing the safety features of cars (is ASB 'safer' than air bags, for example) how do you determine if a browser with a sandbox is safer than one with an anti-XSS filter?

His conclusion being that the answer depends upon the crash test criteria and how the scores are weighted.

Why did he tell me all this? Because one browser security study primarily focussed on malware blocking while the other took the view that URL or application reputation were not that important. Hence the two different end results. Bananarama and the Fun Boy Three summed up online security pretty nicely when they sang it ain't what you do it's the way that you do it.

Visiting dodgy download and sharing sites, clicking links indiscriminately, believing everything anyone who emails you says will get you and quite possibly your enterprise in trouble no matter what browser you are using. Sure, a browser with hardly any market share is also going to have hardly any hacker interest in it but it won't save you from stupidity.

So invest in user education and decent endpoint security protection if you want to protect your data, and forget about how secure or insecure your browser is. It really doesn't make much difference anymore.

Unless you are still using Internet Explorer 6 that is, in which case I retract everything I have said up to this point and would like to replace it with a great big WHAT ARE YOU THINKING?

Yes, I know that there are still bespoke applications within the enterprise which use IE6 and which work perfectly well, but that doesn't make them perfectly safe unless they are totally sandboxed from the internet and the rest of your network. Even Microsoft is pleading with businesses big and small to follow the consumer lead and drop the buggy, unpatched, unsupported, full of holes pile of web browsing poop that is IE 6. I grant you Microsoft didn't use those exact words but I think that's what it meant...

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020
Ransomwiz lets you test your security with simulated ransomware
ransomware

Ransomwiz lets you test your security with simulated ransomware

21 Sep 2020
Best free malware removal tools 2020
Security

Best free malware removal tools 2020

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Windows Server flaw sparks emergency US gov warning
vulnerability

Windows Server flaw sparks emergency US gov warning

21 Sep 2020