The Microsoft is much much happy now as they have a second position in their hands. Microsoft's Internet Explorer does a better job protecting systems from attackers who already have gained some degree of access than Mozilla's Firefox, and Google's Chrome trumps both of them, according to a new browser security study from Accuvant.
They came up with those results by analyzing the security features of the three most popular web browsers, but have decided not to employ the usual metrics: numbers of patched vulnerabilities, the severity of the flaws and the time it took for the developers to fix them.
As for the raw details, Accuvant's study didn't just focus on the sheer number of published vulnerabilities that a browser has at the time of testing. Rather, Accuvant presumed that a browser vulnerability is going to be exploited in some fashion by a third-party: The security testing, therefore, focused on the strength of a browser's anti-exploitation measures after-the-fact—"the software with the best anti-exploitation technologies is likely to be the most resistant to attack and is the most crucial consideration in browser security," Accuvant wrote.
They came up with those results by analyzing the security features of the three most popular web browsers, but have decided not to employ the usual metrics: numbers of patched vulnerabilities, the severity of the flaws and the time it took for the developers to fix them.
As for the raw details, Accuvant's study didn't just focus on the sheer number of published vulnerabilities that a browser has at the time of testing. Rather, Accuvant presumed that a browser vulnerability is going to be exploited in some fashion by a third-party: The security testing, therefore, focused on the strength of a browser's anti-exploitation measures after-the-fact—"the software with the best anti-exploitation technologies is likely to be the most resistant to attack and is the most crucial consideration in browser security," Accuvant wrote.
While Google's Chrome browser won the day in Accuvant's research, the browser didn't sail through with a perfect score. Accuvant noted that Chrome, along with the other two browsers in the test, failed to adequately offer up strong enough URL blacklisting to pass Accuvant's examinations—a daily comparison of roughly 6,000 malware-related URLs against either Microsoft's URL Reporting Service or Google's Safe Browsing List.
"Gathering intelligence about malware URLs is generally performed by running honeypots and spamtraps, and harvesting URLs from malware captured in the wild. Since no authoritative source exists, it is likely that each organization gathering data is getting one part of the overall picture," Accuvant wrote. "Based on Accuvant's analysis, no party is performing this data collection comprehensively."
And while all three browsers employ address space layout randomization (ASLR), data execution prevention (DEP) and stack cookies (GS), Firefox does not implement sandboxing (the separation of running programs), plug-in security and Just-In-Time hardening (preventing javascript located on websites from compiling code that can be run on the target system).
That said, Chrome's apparent excellence in sandboxing, plug-in security, JIT hardening, and Address Space Layout Randomization, among other features, was enough to win it top honors. But Mozilla isn't letting Accuvant have the last word regarding the security of its browser.
"Gathering intelligence about malware URLs is generally performed by running honeypots and spamtraps, and harvesting URLs from malware captured in the wild. Since no authoritative source exists, it is likely that each organization gathering data is getting one part of the overall picture," Accuvant wrote. "Based on Accuvant's analysis, no party is performing this data collection comprehensively."
And while all three browsers employ address space layout randomization (ASLR), data execution prevention (DEP) and stack cookies (GS), Firefox does not implement sandboxing (the separation of running programs), plug-in security and Just-In-Time hardening (preventing javascript located on websites from compiling code that can be run on the target system).
That said, Chrome's apparent excellence in sandboxing, plug-in security, JIT hardening, and Address Space Layout Randomization, among other features, was enough to win it top honors. But Mozilla isn't letting Accuvant have the last word regarding the security of its browser.
