Which Web browser is guaranteed to make your Internet browsing experience perfectly safe? The answer is none, of course. If you have the need for high security on a computer you manage, then you shouldn't allow it to surf on the public Web. It's that simple. But if your need for security is not extreme, there are a number of things you can do to make your Web browser more secure and your Web surfing safer. Let this Deep Dive be your guide.
Internet browsers are highly complex pieces of software that interact with highly complex programming code, much of it not so friendly. There is no "super secure" browser. The number of known exploits against a particular browser exactly tracks to its popularity. No surprise there. Even secure alternatives to Internet Explorer, which all new browsers seem to claim to be, generally have been targeted by dozens of exploits. (Even the newest of these, Google Chrome, already has a dozen.)
Today, a significant portion of computer attacks comes from legitimate websites that have been maliciously modified. In short, limiting your surfing to only well-known, legitimate websites does not ensure a safe Internet browsing experience. And the problem will only get worse, not better, for the near-term future.
Browser security wars
About a year ago, I spent several months running the five most popular browsers -- Internet Explorer, Firefox, Google Chrome, Safari, and Opera -- through a battery of security tests. Much to my surprise, none of the browsers allowed malware to silently install on my test systems. In other words, if a fully patched browser is running on a fully patched Windows system (Windows XP Professional SP3, in my tests), then malware's best chance of success is fooling the user into willingly executing it. This is why socially engineered Trojan horses -- fake browser plug-ins, fake antivirus programs, etc. -- are so common. Beware.
Yes, there will always be zero-day exploits that can silently infect through a browser, but in testing, I found out that on every malware site that I visited (and I am confident that it was a good representative sample) each offered up an executable to install or tried to use an exploit for software that had already been patched. Using a fully patched system (all software, not just the browser) prevented all silent attacks in my real-world tests.