! Copyright © 2017 MakeUseOf. All Rights Reserved ®. ! What Is the Most Secure Mainstream Browser? Written by Philip Bates Published November 2017. Read the original article here: http://www.makeuseof.com/tag/most-secure-mainstream- browser/ This ebook is the intellectual property of MakeUseOf. It must only be published in its original form. Using parts or republishing altered parts of this ebook is prohibited without permission from MakeUseOf.com. Copyright © 2017 MakeUseOf. All Rights Reserved ®. ! Table of contents What Is “Mainstream”? 4 Google Chrome 5 Sandboxing 5 A Proviso about Sandboxing 6 More Good Stuff 6 Reporting Exploitations 7 Are There Any Negatives? 8 Internet Explorer 9 Is There Anything Good? 9 This Doesn’t Sound Too Bad 10 Why Should You Avoid IE? 11 Firefox 12 Applauding Firefox’s Mission 12 The Sandboxing Problem 13 Other Security Features? 13 Any Problems? 14 Microsoft Edge 14 Does Its Newness Affect Security? 14 Does It Have the Edge? 15 Anything Bad to Consider? 15 Safari 16 Reasons to Use Safari 16 Why Safari’s 54-Day Update Program Isn’t a Problem 17 Reasons Not to Use Safari 19 Opera 20 The Link Between Opera and Chrome 20 Why Choose Opera Over Chrome? 21 Anything Bad You Should Know About? 22 A Final Word on Downloads 22 What Is the Most Secure Mainstream Browser? 23 Copyright © 2017 MakeUseOf. All Rights Reserved ®. ! The battle for the best desktop browser will never be settled. There are those who will always swear by Google Chrome; others who hold Safari up as the clear winner; and even some who have stuck by Internet Explorer (IE) despite constant press negativity. Even defining the qualities for what constitutes as “The Best” is difficult, though it often simply comes down to user experience. But which is the most secure? Of course, all will boast having superior protection — but in 2017, which is the browser of choice for the security- and privacy-conscious? What Is “Mainstream”? Let’s set out some ground rules. If we were to open this up to all browsers, we’d be here forever and no conclusions would be made. For those not tech-savvy, we’re not rating operating systems (OS), mobile or otherwise. This isn’t about Linux or Mac or Windows desktop. We’re solely concentrating on which browser you’re using to explore the internet. This is designed for all levels of expertise — meaning we won’t cover VPN services like Tor because relatively few actually use that. Instead, we’re focusing on the most popular six. Those are, at the time of writing: Chrome (59.61% market share); Internet Explorer (14.18%); Firefox (12.85%); Edge (5.15%); Safari (5.08%); and Opera (1.27%). Again, we’re looking solely at desktop, but even if we include smartphone and tablet browsers, Chrome still comes out on top. However, Safari naturally sees a huge increase, thanks to it being the iPhone browser, putting it in second place. We’re going to look at each of these in turn, listing them in order of market share. This isn’t a popularity contest: let’s find out which is the most secure! Copyright © 2017 MakeUseOf. All Rights Reserved ®. ! Google Chrome Google is renowned for its solid security measures, which probably accounts for a considerable number of users downloading Chrome. It’s fair to say the rest just became used to it after dissatisfaction with IE. With an almost 60% market share, millions use Chrome. A wealth of those accessing the web through different gateways no doubt still use Google as a search engine too. All in all: the majority of people use, and therefore trust, Google. But are they right to? Sandboxing Let’s introduce you to a concept that we’re going to keep coming back to, but which Chrome arguably does best: sandboxing. Essentially, sandboxing is damage limitation. This is a safe space isolated from other areas of your computer: what happens in the sandbox stays in the sandbox — unless, that is, it’s something you’ve allowed to have wider effects. Image Credits: Gabriel Pu via Flickr. Copyright © 2017 MakeUseOf. All Rights Reserved ®. ! Any page or tab opened on Chrome is sandboxed so it can’t adversely affect your OS or any other app you’re running. If one website is unresponsive, those loaded on other tabs should still carry on as normal. Equally, if you encounter an unsafe site, any potential viruses won’t impact the rest of your PC. Once you close the page, the unsafe site is gone too. The same goes for extensions. Flash, though flawed, is an extensively-used add-on, allowing you to watch videos and play games on the web. Because it’s popular, however, hackers aim to exploit it. Fortunately, Chrome sandboxes this too; any issue with Flash won’t trouble any other part of your OS. Think of it like television. No single channel affects another. Don’t like what you’re seeing on NBC? Just “close” the channel by turning over. Simple. We’re certainly not saying that Chrome is the only service to use the sandboxing method. Your smartphone does too, as long as you’re solely using the official app stores. Any browser that uses the open-source software provided by the Chromium Projects includes sandboxing. But Chrome is the browser that uses the original source code. A Proviso about Sandboxing If you use Chrome, you might be questioning why you’ve had viruses in the past. If everything’s sandboxed, you should be fine — right? Sadly not. Malware, including ransomware, is held back by the unique environment, but the second you download anything, you leave yourself open to any flaws. You allow something to make changes to your PC. This might be adding a PDF to your Documents, or it could be having malicious code running in the background. That’s why email providers let you view attachments online: that way, anything you view is contained. Downloading anything is only advisable if you know for sure that everything’s okay. More Good Stuff The sandboxing process is widely used, so that’s fortunately not the only edge Chrome has on other services. You’ve probably visited a site and seen a pop up, warning that the site could harm your computer. That’s Chrome’s Safe Browsing, which alerts you of anything it suspects contains malware or phishing. The same goes for Google Search: when listing results, unsecure options will be accompanied by a similar monitory. Chrome also defaults to the most secure settings without negatively impacting your experience. In the address bar, it’ll tell you whether a site is secure (i.e. if it has SSL or TLS certificates), and clicking on that padlock or “i” symbol will tell you more about your connection. It’ll advise you whether you can safely submit sensitive information, for example, followed by a list of general permissions. On default, it will allow the loading of images, JavaScript, and Background Sync. For all others, like accessing your webcam, microphone, and location, Chrome will ask you whether this is really something you want to do. Copyright © 2017 MakeUseOf. All Rights Reserved ®. ! Image Credit: Alan Myers via Flickr. All of these are customizable, but rest assured that you don’t need to do anything to these settings to improve security or usability. The best thing about Chrome, however, is its updates. With major security patches issued every 15 days, Google is the fastest mainstream browser to respond to vulnerabilities. Any browser that checks whether fixes must be applied so regularly should be applauded. Furthermore, developers are always keen to push new Chrome extensions. While this isn’t the place to talk about those add-ons, taking 10 minutes out to personalize your browser can significantly tighten protection. Reporting Exploitations In the latest two-day hacking contest, Pwn2Own, hacking collectives attempted to exploit (and so expose) vulnerabilities in major browsers. In 2016 and 2017, Chrome came out on top, with no hackers able to crack it in the allotted time limit. It doesn’t mean that no one could eventually carry out a successful cyberattack, but it remains a good sign that Chrome is a very strong contender. Add to this the fact that the Chromium Projects has a Chrome Reward Program. Set up in 2010, Google offers monetary incentives to anyone who exposes a vulnerability and reports it to them, instead of exploiting the flaw. If a full report is made, the standing reward money is up to $15,000. That total is to anyone finding fault in the sandboxing process, though other prizes remain for smaller issues including bugs in third-party components. Copyright © 2017 MakeUseOf. All Rights Reserved ®. ! Patches for any problems would then be issued via updates. Are There Any Negatives? Naturally. Nothing is impervious. One of the things acting against Chrome is its popularity. You might question the logic of this argument, but because it’s used by so many, it’s the biggest target. In 2016, Chrome had the most discovered vulnerabilities (172, compared to Edge’s 135). The statistic doesn’t account for the severity of flaws, how fast they were patched, or, of course, how many remain undiscovered on other browsers. Image Credit: Eduardo Woo via Flickr. Similarly, a patch may be issued, but that doesn’t mean users are updating their settings. This is a problem shared by all mainstream browsers, and Chrome isn’t the worst affected. Still, around 50% don’t update. Yet it’s very easy to do! Just click on the vertical ellipses at the top right, then Help > About Google Chrome.