It's not about the browser, stupid!

In his latest opinion piece, Davey Winder tackles the great web browser security debate.

security figures on keyboard

COMMENT:When considering the security of your data how big a part does your choice of web browser client make?

Even typing that question sent something of a shiver down my spine, in a 'I hope nobody can see me asking that' kind of a way. Although some browser clients may be notionally 'more secure' than others, when talking about the mainstream choices none are actually safe nor unsafe, truth be told.

It's a bit like the guns don't kill people argument, although I've never heard of a web browser killing anyone (but Internet Explorer has driven me to suicidal thoughts in the past) the point is that people kill people and people use web browsers in an insecure manner.

A browser with hardly any market share is also going to have hardly any hacker interest in it but it won't save you from stupidity.

Advertisement
Advertisement - Article continues below

That's precisely why I was a little disappointed to discover there has been yet another study into web browser security published, the results of which appear to be at odds with another recent study into the same thing.

One report says that Google Chrome is the safest browser you can use, the other that Internet Explorer 9.0 is the most secure. I will ignore the small matter of Google being the sponsor of the study it ended up winning as, like I already said, it really doesn't matter to me anyway and nor should it to you.

It does, however, seem to matter to the director of security strategy at one large vendor who insisted on

explaining in great detail via email how web browsers are like cars. I will spare you the full argument, but the abridged version encompasses Maslow's Law of Hierarchical Needs whereby cars (and ultimately web browsers also) start their lifecycle competing on basic functionality alone, then move into additional features and efficiencies. The point being that just as when comparing the safety features of cars (is ASB 'safer' than air bags, for example) how do you determine if a browser with a sandbox is safer than one with an anti-XSS filter?

His conclusion being that the answer depends upon the crash test criteria and how the scores are weighted.

Why did he tell me all this? Because one browser security study primarily focussed on malware blocking while the other took the view that URL or application reputation were not that important. Hence the two different end results. Bananarama and the Fun Boy Three summed up online security pretty nicely when they sang it ain't what you do it's the way that you do it.

Visiting dodgy download and sharing sites, clicking links indiscriminately, believing everything anyone who emails you says will get you and quite possibly your enterprise in trouble no matter what browser you are using. Sure, a browser with hardly any market share is also going to have hardly any hacker interest in it but it won't save you from stupidity.

So invest in user education and decent endpoint security protection if you want to protect your data, and forget about how secure or insecure your browser is. It really doesn't make much difference anymore.

Unless you are still using Internet Explorer 6 that is, in which case I retract everything I have said up to this point and would like to replace it with a great big WHAT ARE YOU THINKING?

Yes, I know that there are still bespoke applications within the enterprise which use IE6 and which work perfectly well, but that doesn't make them perfectly safe unless they are totally sandboxed from the internet and the rest of your network. Even Microsoft is pleading with businesses big and small to follow the consumer lead and drop the buggy, unpatched, unsupported, full of holes pile of web browsing poop that is IE 6. I grant you Microsoft didn't use those exact words but I think that's what it meant...

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019