Bobby Software Security

STOP! This article is outdated. See my newest article about browser security for updated information.

Your Internet browser is the lid on Pandora’s box. A window to the madness of cyberspace. Visit the wrong website, click the wrong link, download the wrong file, and you’ll find out how effective that window is at protecting you.

The trouble with this article

The true security differences in these browsers are nitpicky. I can safely recommend using any browser in this roundup (except for Safari on Windows) because the differences don’t mean a whole lot as long as you practice good security habits.

This is a high-level overview, based on 1) others’ research, 2) the averaged scores from the Browserscope project, and 3) my own experiences with clients and colleagues.

I should point out that the Browserscope project is not a good standalone comparison of which browser is the safest. It merely analyzes a certain “class” of attack vectors. There is much more to browser safety than a number can tell you.

And keep in mind this is not a completely scientific comparison. It’s not really possible to pick a “most secure” browser since all browsers have their strengths and weaknesses.

Which Browser is the Most Secure and Private?

Chrome is typically the most highly regarded for security. That sentiment is based in large part on a 2011 study which was funded by Google themselves, as it so happens. A lot has changed since then, though Google appears to be staying on top of things pretty well. Its Browserscope tests are by far the highest in this roundup. It also has the second highest malware detection rate, right behind IE.

My biggest issue with Chrome is the fact that it’s developed by Google. Google makes their billions by knowing what you do, where you are, what you buy, and what type of hemorrhoid cream you prefer. Seriously, they want to know everything about you and giving us a browser on our computer is the absolute best way to get that information. That makes Chrome a huge privacy risk in my opinion. And because it’s not entirely open source, we can’t look inside and see how it works.

Chrome Summary

Security: Very good

Privacy: I have my doubts

Browserscope score: 16/17

I like Firefox the most – it’s my preferred browser. I wouldn’t put it’s security in the same class as Chrome, but it’s certainly not without its own strengths. For instance, it handles SSL certificate revocation extremely well, better than any other browser.

Part of what makes it so popular is the small footprint. It’s lighter-weight than its competitors, not bundling things like Adobe Flashplayer in case you don’t want it. Overall, that means fewer features and less code, which presents less of an attack surface for bad guys to latch onto.

My favorite thing about Firefox is its privacy. The source code is available for perusing, meaning anyone can crack it open and see its programming. Firefox is the only browser that is fully open source. This is extremely good from a privacy standpoint because no one can hide stuff in there that we don’t want (like tracking software). Firefox’s development community (known as “Mozilla”) is a non-profit organization that exists simply to produce free quality software. That puts me at ease, knowing that Firefox is not being used as part of a larger financial agenda.

Firefox Summary

Security: Good

Privacy: Very good

Browserscope score: 12/17

IE probably has the worst reputation for security. Unfortunately for them, that reputation isn’t entirely warranted these days but the stigma remains. The worst security issues are with older versions, like version 6 and 7. As long as you’re using version 10 or greater, you can avoid the worst problems. Microsoft has made a lot of improvements over the years.

For instance, IE has the highest detection rate of malware. That means it’s the best at keeping you from accidentally getting infected through web browsing.

However, some strange issues still remain. Like how they provide the manual ability to fake EV certification, and how they messed up the implementation of Java so that it’s very difficult to completely disable the plugin.

Not to mention, there have been plenty of severe vulnerabilities exposed in its programming over the years. Far more than any other browser. Which makes using IE a rather dubious affair when you’re always wondering what else they’ve messed up.

Additionally, IE is completely closed source. Considering that we now know Microsoft has been targeted by the NSA spying efforts, all bets are off. We don’t know what they may have been coerced into putting in their browser.

IE Summary

Security: Okay

Privacy: Maybe okay, but assume it’s not

Browserscope score: 11/17

Opera is the quiet guy who sits in the corner minding his own business and likes it just fine, thank you very much. It has a pretty good reputation for security (though, I should mention that the underdog usually has the loudest voice of dedicated followers). I do like Opera, and for being the little guy, it’s doing things really well. But based on it having the lowest Browserscope score of the bunch (by a significant margin), I feel like I need to dock it a few points.

Opera does have a reputation of patching security vulnerabilities faster than the big guys, and it’s also been known to adopt some new security features first, before anyone else.

However, Opera is completely closed source so no one but the development team knows what goes into it. Their market share is so small that we could probably assume they don’t have an agenda or are being pushed by someone who does. But who knows in this crazy world? It’s not a bad browser and it does a lot of things well. In spite of its shortcomings, I wouldn’t hesitate to recommend it.

Opera Summary

Security: Good

Privacy: Probably okay, but we can’t know for sure

Browserscope score: 8/17

Safari on Windows is no longer supported. The latest version available is 5.1.7 from May 2012. It is no longer getting security updates and therefore you shouldn’t use it on Windows.

On Mac, it’s another story. Safari is still a good choice if you’re using OSX. It has a good reputation for security and is one of the earlier adopters of new features. Privacy, on the other hand, may be an issue. We don’t know if Apple has cooperated with the NSA spying efforts, but being as big as they are, I’m playing the safe side and just assuming they have.

Safari Summary (on Mac only)

Security: Good

Privacy: Maybe okay, but assume it’s not

Browserscope score: 13/17

Browser Comparison Chart

Browser Security Privacy *Browserscope Chrome Very good Serious doubts 16/17 Firefox Good Very good 12/17 IE 10+ Okay Maybe okay 11/17 Opera Good Probably okay 8/17 Safari (Mac only) Good Maybe okay 13/17

*The Browserscope score is the averaged security scores for each browser family up to the time of this writing.

Which Browser Should I Use?



Chrome is probably the marginal winner in security. Of course it’s not always so cut and dry. As stated, I actually use Firefox. I believe it has the best security/privacy combo in this roundup. It’s also much cleaner and easier to use, and better at rendering pages, in my opinion. And based on my safe browsing habits, it does not concern me enough to change.

If you have no issues with Google knowing even more about you than they already do, or you prefer Google’s interface, then I suggest Chrome because they have the resources and expertise to make a good, secure product. Or if you’d rather support the little guy, Opera is also a good choice.

Do not use Apple Safari on Windows. It is no longer secure. However, on Mac, it’s a good option.

I would suggest staying away from Internet Explorer whenever possible. If you regularly practice good security habits, it shouldn’t be too big of a problem. It’s just my recommendation. There are plenty to choose from. Why choose the worst out of the bunch?

In the end, your security is based mostly on your behavior. No browser can always protect a user who’s browsing habits are unsafe. As always, practice good behavior, no matter what browser you’re using.

Related Articles