Mozilla Firefox vs. Internet Explorer: Which is Safer?

Based on a point-by-point security comparison, a security expert lays out his opinion.
Posted September 10, 2007
By

Kenneth van Wyk

Kenneth van Wyk


(Page 1 of 2)

I am safer browsing in Mozilla’s Firefox browser than I am in Microsoft’s Internet Explorer. I firmly believe this to be the case. Yes, that’s right, Firefox is safer than IE.

In the same vein as my series earlier this year on Windows vs. OS X vs. Linux security, let’s explore how I came to this subjective opinion.

Lower profile target. One of the main reasons I’m more willing to trust my data security to my OS X (Mac) system is that they have a smaller market share than Windows does. This sounds peculiar to many people who aren’t familiar with security, but in the dangerous world that is the Internet, keeping a low profile can be an important aspect of staying secure.

The reason for this, quite simply, is that our attackers, by and large, write their attack code to market share, for all the same reasons that legitimate software developers most often deliver their Windows products before their Mac or Linux ones.

Now, I’m fully aware that Firefox continues to make strides in this area and is constantly gaining market share, so this argument may well eventually fail. I’m confident, though, that by then I’ll have other, lower profile choices available.

For now, finding a balance between unpopular and popular enough to be widely supported on the web sites I frequent is very much a security consideration. Today, that nod goes to Firefox for my needs. It’s very rare that I can’t use Firefox on sites that I care about.

Qualitative score: IE gets an F while Firefox gets a B+.

Configurability. This is a tough one to judge. Like many Microsoft features, IE has a quite rich set of security features that can be configured to suit the user’s needs. Firefox, by comparison, is more simplistic in its security configuration choices. There’s a strong argument to be made for each approach.

IE manages its security via “zones”—Internet, Local intranet, Trusted sites, and Restricted sites. Within each zone, the user has a rich set of configuration options where authorizations can be fine-tuned. For example, Internet sites can be set to default to disallowing browser scripting, ActiveX, Flash, and other dangerous content. That’s the good news.

The bad news in all of these rich features is that a) by default, far too much untrustworthy content is allowed (e.g., JavaScript) and that b) the sheer vastness of the features will scare most users out of doing any substantive fine-tuning to protect themselves.

Firefox, on the other hand, is much simpler – but quite possibly too much so. JavaScript, for example, can be enabled or disabled (along with setting a half dozen or so JavaScript capabilities) for all or no sites. It’s nice that turning off dangerous features like this can be quickly turned on and off. It’s so simple that anyone could (and should!) experiment with it. But I want a little bit more flexibility than this.

Qualitative score: IE gets a B+ while Firefox gets a B-.


Page 1 of 2

 
1 2
Next Page





0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.