Web Application Security

Web Browser — The Single Most Important [Online] Security Decision You Make

If you are reading this post chances are good that you are doing so with a Web browser. And if you are like most people, you use that very same Web browser to bank, shop, book airline tickets, find directions, read news, keep up with friends and family, and so on. These online activities are extremely important to everyday life and the reason why the Web browser you choose may be the single most important [online] security decision you make. If you are using anything except the one latest browsers, you are putting your computer at risk, and by extension the most intimate details of your life, to viruses and the criminals who author them.

Microsoft understands this better than most, and is launching a program encouraging people to upgrade their Web browser and protect themselves. The next important thing to understand is not all Web browsers are created equal and how safe they keep you online is difficult to compare, even for the experts. For consumers making a good Web browser choice can be even more daunting, even after becoming aware at just how exposed they may be on an outdated platform. To address this predicament, Microsoft  is releasing a scoring methodology to assist people in selecting a Web browser that’s right for them.

Microsoft’s approach to this problem is interesting and novel. The score hinges on the presence of browser security features, comparing everything from URL filters to additional security functionality that web application developers can enable. Such a methodology is useful because it allows people to distinguish between Web browsers by which security features are available and most important to them. Packaging up the enhancements into an easy-to-understand score also helps demonstrate why upgrading makes sense — if nothing else it becomes obvious that newer browsers have better security features.

This effort by Microsoft’s is a huge step in the right direction and will serve to help make the Web just that much safer for everyone. For those curious, head over to YourBrowserMatters.org and see how the Web browser you are currently using scores.

  • http://www.wolmarans.com Brett Wolmarans

    Opinions stated as facts, Cite sources please

  • spynaej

    Jeremiah,

    Did you notice that “http://yourbrowsermatters.org” was made by micro$oft (see bottom of the page) ? Internet explorer ranks first with 4/4, when firefox only reaches 2/4 and opera and chrome can’t even have a note !

    I suggest you might update your article.

    • http://www.whitehatsec.com/ Jeremiah Grossman

      @spynaej I take it that you believe that Firefox, Opera, and Chrome should at least score as well as IE in terms of security. The thing is, this is MS’s scoring methodology and it should be seen as opening the door to others to make a go at one that’s “better.” For me, I’m supportive of this effort because it finally elevates browser security to a important consumer-level issue.

      @Brett What “fact” should I be citing a source on?

  • RichieB

    I just visited YourBrowserMatters.org using IE8. It get’s a score of 3 out of 4. A large banner tells me to download IE9. In small print there is a link that says “See how other browsers scored”. On that page, all “security” features are worded so that IE9 ticks the box. There is no explanation given why other browsers fail (or why IE9 complies). This is a marketing site, not a security effort. Shame on you for falling for it and promoting these practises.

  • http://www.whitehatsec.com/ Jeremiah Grossman

    @RichieB: No doubt this is a marketing effort, designed to push people to a most recent browser version. I also had concerns about what features they scored and how much emphasis they put on it. At the end of the day, we felt since browser security is just THAT important, this site does more good than harm.

    And perhaps you didn’t see the tiny link to their methodology.

    http://www.yourbrowsermatters.com/docs/methodology.pdf