The Mac Observer

Skip navigational links

Choose text size: Select small text. Select medium text. Select large text.

Featured Article: TMO Quick Tip - iCal: Auto Open Files

Study: Firefox Most Secure Browser

by John Martellaro, 4:10 PM EDT, July 1st, 2008

One way to evaluate the security of a Web browser is to determine what percentage of its users are using the latest version. In a study released on Tuesday by S. Frei et al, it was found that Firefox users are most likely to be up to date.

Now that modern software and hardware firewalls have blocked incoming intrusions via TCP/IP ports, the most favored method of attack on computers connected to the Internet is via data returned to the Web browser that exploits browser code or plug-in vulnerabilities. As a result, keeping the browser updated to the latest version these days is paramount.

The authors, in their paper, "Examination of vulnerable online Web browser populations and the 'insecurity iceberg'" look at the rates of adoption of the latest browser versions and the impact it has on users.

Their definition of the most secure browser was as follows. "...the most secure browser designates the latest official public release of a vendor's Web browser at a given date. Beta versions are not considered an official public release."


From the Authors' Paper

The chart above shows the rate of adoption of the latest major version of each browser, for example Firefox 2 or IE 7.

By this standard, Firefox is the most secure browser because 83.3 percent of the users have the very latest version. Safari was ranked second at 65.3 percent, Opera third with 56.1 percent and IE 7 last at 47.6 percent. Note that, unlike the chart above, these numbers speak to the very latest version, for example Safari 3.1.2.

The paper raises some interesting questions. It's understandable how IE could lag thanks to corporate rules and compatibility testing with internal products. That can slow dow the rate of adoption. However for users who can use automatic update notifications, like Safari, Opera and Firefox, there are key difference in the methodology.

For example, the update mechanism of Firefox was considered noteworthy: "We believe the auto-update mechanism as implemented within Firefox to be the most efficient patching mechanism of the Web browsers studied. Firefox's mechanism regularly polls an online authority to verify whether a new version of the Web browser is available and typically prompts the user to update if a new version exists....

"With a single click (assuming that the user has administrative rights on the host), the update is downloaded and installed. Just as importantly, Firefox also checks for many of the currently installed Firefox plug-ins if they are similarly up to date, and, if not, will prompt the user to update them," the authors noted.

In contrast, the authors pointed out that "While Firefox and Opera check for updates when the browser is used, Safari relies on an external Apple-updater that appears to only poll for new updates at scheduled regular intervals while Internet Explorer gets updated as part of the monthly distributed Windows patches."

This scheduled updates for Safari can be as seldom as "never" if the user elects to uncheck the "Check for Updates box" in the Software Update. In addition, the Adobe Flash plug-in has no automatic update feature, and users must attended to that update manually. TMO notes that all this could explain the lag Safari has compared to Firefox.

There is much more detail in the paper, including a discussion of plug-in vulnerabilities. While some of the content is quite technical, any user interested in browser security should take a look at this report.

Observer Comments

Show: Subjects Only | Full Comments
Close Name:Mikuro Posts: 448 Joined: 15 Jun 2002
Tue Jul 01, 2008 5:29 pm Subject:

It's an interesting way of looking at it, but it seems like a stretch to equate it so directly with "security". Who's to say the newest version of Firefox has fewer vulnerabilities than the previous version of Safari, or vice-versa? If Mozilla releases an update to Firefox tomorrow, that will not suddenly make the current version of any other browser more secure than today's version of Firefox.

I'll bet a VERY high percentage of IE for Mac users are using the latest version. That doesn't make it secure.


Reply | Quote
Comment on this Article

Show:   comments per page.   Save Settings
Guest Posts Hidden. View Them.
Back to top  Page 1 of 1    

You cannot edit your comments.   You cannot delete your comments.
Log in | Register | Having Problems? Reset TMO Cookies & Try Again
Username:   Password:   Log me on automatically each visit   

You are not logged in, and this post will appear as "Guest." Log in with your username and password from the TMO forums. If you do not have a username, you can register here.
Please note that guests are limited to including a maximum of two URLs per post.

Post A Comment
  Subject


  Your Comments



Please enter the word exactly as you see it in the image above. Registered users aren't prompted for this. Having trouble reading the image get a new one.

Recent Headlines - Updated Tuesday, July 1st, 2008

Tue., 4:45 PM
Mac Gaming News - Feral Interactive Posts Universal Patch for Chessmaster 9000
4:10 PM
Study: Firefox Most Secure Browser
3:00 PM
PowerSet Poised to Change Internet Searches
2:45 PM
Study Shows 12,000+ Laptops Lost at Airports Each Week
1:55 PM
Intel: Developers Should Face up to Hundreds, Thousands of Cores
1:45 PM
Safari Hits New Market Share High in June
1:15 PM
iPodObserver - Owning an iPhone 3G will Cost More Than iPhone 2G
11:30 AM
iPodObserver - Apple Unveils iPhone 3G Guided Tour
10:55 AM
iPodObserver - AT&T Announces iPhone 3G Plans, July 11 Morning Launch
10:20 AM
Hot Forum Topic - iPhone 3G and the Apple Stock Guessing Game
9:55 AM
Savant Announces Open Developer Program
8:55 AM
Days Away 2 Improves iCal, Leopard Support
7:55 AM
Apple Releases Time Capsule, 802.11n Base Station Firmware 7.3.2
 

The Mac Observer Reader Specials

  • Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
  • OWC: NewerTech miniStack FireWire/USB 2.0 HD & Hub Up to 1.0TB of Performance Storage + FW/USB2 Powered Hubs - convenient & sleek 6.5" x 6.5" x 1.5" Featured: 500GB $169.99; 750GB $209.99; 1.0TB $339.99
  • MacBook/MacBook Pro / MacMini / iMac Intel Core2 DUO DDR2 667Mhz 4GB Kit $84, 3GB Kit $60, 2GB Kit $40 1GB $20. Click to Maximize your Macs...
  • Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
  • RamJet Memory: MacBook 1Gig $39, 2Gig $78, 4Gig $195! Mac Pro 2Gig $115, 4Gig $189! 500G Seagate SATA II $139! Click here

  • For the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.

  • Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.

Apple Stock Quote

  • AAPL: $174.68. Change Today: +7.24.
  • (Prices delayed up to 20 minutes.)
  • Discuss in our Apple Finance Board

Hot Topics

What's the buzz? These articles have TMO readers talking.

Top Deals From DealsOnTheWeb

sharedcopy.com

lanjackal says...

Nonsense. This is total misinterpretation of the data. The fact that FF users are the most up-to-date says nothing about the browser, but instead speaks about the nature of the user base. This is a BS article.