Friday, July 4, 2008

More on browser security

Yesterday I discussed browser security, and recommended using Firefox for day to day browsing and Opera for online financial browsing. There's a recent very interesting paper examining the security of different browsers that gives some more data supporting this. What is most interesting is their statistics about how many users of each browser type have the "latest and greatest" version of the browser. The latest version has the most security vulnerabilities fixed.

Notice that both Firefox and Opera score over 90% - in other words, over 90% of users running these browsers have the latest version, with the most security fixes. Just over half of Internet Explorer users are up to date. Also, Microsoft's update mechanism (Windows Update) has been known to probe around your computer for installed applications, report back to Microsoft even if you're not running their updates, change their terms of service without your consent, and install fixes when it wants without telling you even if you have configured it to require your approval. Not cool.

Personally, I've noticed that Firefox is very aggressive about getting security updates. Good for them.

So here's more support for the two simple rules to increase your browser security:

Rule #1: Don't ever use Internet Explorer.

Rule 2: Use Opera for important financial transactions. Use Firefox for everything else.

Note: I used to work at ISS before they were IBM ISS.

No comments: