In the same vein as my series earlier this year on Windows vs. OS X vs. Linux security, lets explore how I came to this subjective opinion.
Lower profile target. One of the main reasons Im more willing to trust my data security to my OS X (Mac) system is that they have a smaller market share than Windows does. This sounds peculiar to many people who arent familiar with security, but in the dangerous world that is the Internet, keeping a low profile can be an important aspect of staying secure.
The reason for this, quite simply, is that our attackers, by and large, write their attack code to market share, for all the same reasons that legitimate software developers most often deliver their Windows products before their Mac or Linux ones.
Now, Im fully aware that Firefox continues to make strides in this area and is constantly gaining market share, so this argument may well eventually fail. Im confident, though, that by then Ill have other, lower profile choices available.
For now, finding a balance between unpopular and popular enough to be widely supported on the web sites I frequent is very much a security consideration. Today, that nod goes to Firefox for my needs. Its very rare that I cant use Firefox on sites that I care about.
Qualitative score: IE gets an F while Firefox gets a B+.
Configurability. This is a tough one to judge. Like many Microsoft features, IE has a quite rich set of security features that can be configured to suit the users needs. Firefox, by comparison, is more simplistic in its security configuration choices. Theres a strong argument to be made for each approach.
IE manages its security via zonesInternet, Local intranet, Trusted sites, and Restricted sites. Within each zone, the user has a rich set of configuration options where authorizations can be fine-tuned. For example, Internet sites can be set to default to disallowing browser scripting, ActiveX, Flash, and other dangerous content. Thats the good news.
Qualitative score: IE gets a B+ while Firefox gets a B-.