Most Web browser reviews focus on one thing: speed. Speed is all well and good, but browser benchmark scores fail to answer a fundamental question: which browser is best for business?

In an enterprise environment, speed is simply one concern among many. There are bigger questions: How secure are these browsers, and how well do they keep users from getting viruses or visiting fraudulent websites? How often are they updated, and how easy is it to apply these updates to multiple managed systems? How important do the companies behind these browsers think that the enterprise is? We set out to compare Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, and Opera to answer these questions and more.

For our purposes, we'll assume that all else is equal in your environment—that your shop doesn't live and die by a particular Firefox add-on or an Intranet site that won't render in anything that's not Internet Explorer 6. If you've got extenuating circumstances that dictate which browser you use, as many businesses do, consider these facts if you're trying to decide on a secondary or alternate browser for your systems.

Security and updates

When we talk about "browser security" we can actually be talking about a couple of different things. First, how quickly are security vulnerabilities patched once they are discovered, and how quickly can these patches be rolled out to users? The best security model in the world can be circumvented if you're running unpatched software. Second, how do browsers react when presented with a bad SSL certificate or a suspicious download? How do they tell the user that something is wrong, and how difficult do they make it for the user to proceed? Even more than the operating system or anti-virus software, the browser is often your computer's first line of defense against phishing and malware.

Internet Explorer uses Windows Update to download both its patches and new versions. Security bugs are squashed monthly on Patch Tuesdays, and Microsoft also occasionally issues out-of-band updates to fix urgent or zero-day issues. These patches can be applied regardless of whether a given user has administrative privileges (a vital safeguard against viruses and inadvertent user errors), and administrators can dictate which patches and major versions are installed by using a Windows Server Update Services (WSUS) server. For shops without centralized management, computers can still grab these updates from Microsoft's Windows Update servers as long as updates are enabled, and administrators can use tools like the IE Blocker Toolkit to prevent the automatic installation of major version updates.

Firefox, on the other hand, requires administrative privileges both to install and to update, and at present Mozilla offers no official MSI installer for the browser—a request for the latter has been in Bugzilla since 2004 (making it the Duke Nukem Forever of promised functionality). It still doesn't appear to be a priority. An MSI, or Microsoft Installer file, is important for businesses because it's the only kind of installer that can be deployed using Microsoft's Active Directory, which is commonly used to authenticate users, control their permissions to networked resources, and manage settings across all the computers in your organization. Lack of an MSI makes it much harder to deploy Firefox across an enterprise, and much harder to update and manage once it is deployed. Mozilla is planning to roll out silent, automatic updates in Firefox 13, due in June, which should make updating the browser simpler, though this does nothing to address manageability concerns.

In OS X, Firefox also has some permissions-related issues that prevent updating by any user account other than the one that originally installed it, regardless of administrative privileges. Most versions of Firefox make it through their entire six-week release cycle without needing security patches, but Mozilla will release minor security updates on an as-needed basis.

One of Chrome's most appealing features to the business set is its generally excellent security record, due in part to its lauded sandboxing feature—the browser wasn't hacked at all at 2011's Pwn2Own competition, and when it was hacked this year, those security flaws were patched within hours. The browser can be installed using Active Directory and the Google-provided MSI, and Windows users can also install the browser (but not set it as the default browser) without administrative privileges. Chrome's silent updater installs minor and major updates as they become available and without prompting the user. Generally speaking, any computer with Chrome installed will be running the latest version, even if Chrome is only rarely used.

In both OS X and Windows, Safari pulls down its updates through Apple Software Update, which requires administrative privileges to run in both OSes. The Windows installer is packaged as an MSI, which should allow centralized installation on Windows, and Mac system admins with access to Apple Remote Desktop can easily trigger Apple Software Update remotely via a Unix command. Security patches for Safari are provided on an as-needed basis, while major version updates tend to coincide with major OS X releases.

Opera doesn't offer an MSI for centralized installation, but in Windows it doesn't require administrative privileges to install or to update. The first time you check for updates, you're given the option to automatically install updates silently in the future. While Opera hasn't committed to a specific release cycle for Opera, security and feature updates are provided as needed throughout the year.