Linked by David Adams on Sun 11th Dec 2011 01:37 UTC, submitted by lucas_maximus
Internet & Networking Google Chrome offers more protection against online attacks than any other mainstream browser, according to an evaluation that compares exploit mitigations, malicious link detection, and other safety features offered in Chrome, Internet Explorer, and Firefox.
Order by: Score:
Comment by demosthenese
by demosthenese on Sun 11th Dec 2011 01:57 UTC
demosthenese
Member since:
2011-02-01

It seems that this report sponsored by google, cherry picked those security methods that Chrome is ahead in to show that Chrome is best, and ignored other security factors.

Reply Score: 7

RE: Comment by demosthenese
by Tuishimi on Sun 11th Dec 2011 02:04 UTC in reply to "Comment by demosthenese"
Tuishimi Member since:
2005-07-06

I saw the headline and knew I wouldn't be reading the report. These reports are often biased... just pick the browser you like and be done with it.

Reply Score: 6

RE[2]: Comment by demosthenese
by WorknMan on Sun 11th Dec 2011 03:29 UTC in reply to "RE: Comment by demosthenese"
WorknMan Member since:
2005-11-13

These reports are often biased... just pick the browser you like and be done with it.


And just like Javascript benchmarks, I have to wonder how much this really matters anymore. I mean, in the days of IE6, it mattered a lot. But really, are browsers still so insecure that the security of one over the other would be the deciding factor in which browser you choose? I'd guess that blocking Flash by default would make you a lot safer, no matter which browser you were using.

Reply Score: 3

RE[3]: Comment by demosthenese
by Neolander on Sun 11th Dec 2011 08:13 UTC in reply to "RE[2]: Comment by demosthenese"
Neolander Member since:
2010-03-08

And if people rely on something that is designed to display HTML documents in order to get strong security, something is deeply wrong with current OSs.

Only light software can be made truly secure. Modern HTML, CSS, and Javascript standards are anything but light, and logically their parsers are a bloated and insecure mess.

Reply Score: 6

RE[4]: Comment by demosthenese
by moondevil on Sun 11th Dec 2011 10:56 UTC in reply to "RE[3]: Comment by demosthenese"
moondevil Member since:
2005-07-08

Same opinion here.

Although I develop web business applications for living, I am the opinion that many applications only have a place as desktop applications.

The browser is to read documents.

Reply Score: 6

RE[5]: Comment by demosthenese
by Fergy on Sun 11th Dec 2011 11:11 UTC in reply to "RE[4]: Comment by demosthenese"
Fergy Member since:
2006-04-10

I am the opinion that many applications only have a place as desktop applications.

The browser is to read documents.

If all OS's would agree one a format so you could write once and run anywhere ;) and which has a solid update framework you would be right. BUT it will sooner snow in hell so html5 is the next best thing.

Reply Score: 2

RE[6]: Comment by demosthenese
by moondevil on Sun 11th Dec 2011 14:16 UTC in reply to "RE[5]: Comment by demosthenese"
moondevil Member since:
2005-07-08

This is a fool's dream.

Just try to create a web application that works the same way across multiple browsers and operating systems, without being full of browsers and operating systems specific hacks scattered around JavaScript and CSS files.

Reply Score: 3

RE[3]: Comment by demosthenese
by lucas_maximus on Sun 11th Dec 2011 11:49 UTC in reply to "RE[2]: Comment by demosthenese"
lucas_maximus Member since:
2009-08-18

Actually Blocking the Java plugin is more important than Flash, but Flash gets all the hate.

Chrome and IE have better Sandboxing ... Firefox's seems to be non-existant.

JS really isn't insecure anymore, you may still get annoying popup windows but that is really the worst that it can do, even trying to spam the window all of the browsers will pick up and ask whether you want it happening.

Reply Score: 1

Bill Shooter of Bul Member since:
2006-07-14

Not sure where you are getting your information, but there are pleanty of JS related exploits out of there that are very much a threat.


I'm guessing you meant JS based attacks on the OS, which have been pretty rare as of late. Most are actually focused on hijacking the session to launch Cross Site Request Forgeries (CSRF) and such.

https://www.owasp.org/index.php/Top_10_2010-Main

I would be more upset personally, if my bank account were accessed without my permission than my locked down PC.

But I thought the previous poster was referring to how little the differences between different JS implementations mattered simular to how the differences in other areas of browser security didn't matter.

Reply Score: 2

RE[3]: Comment by demosthenese
by Lennie on Sun 11th Dec 2011 21:47 UTC in reply to "RE[2]: Comment by demosthenese"
Lennie Member since:
2007-09-22

I think you should look at the Javascript benchmarks in a different light.

Most of the "well known" Javascript benchmarks have been created by the same teams which work on the browsers. It is a tool they use to measure the performance of their own browser and to help determine what and how to improve it.

Because it was created by the developers of the browser it represents what they think is important performance-wise.

So they will optimize the parts of the browser that their benchmark tests. Obviously they would do really well in their own benchmark because of it.

This is a very important difference from a benchmark created by a third party.

Reply Score: 2

Comment by zima
by zima on Sun 18th Dec 2011 23:58 UTC in reply to "RE[3]: Comment by demosthenese"
zima Member since:
2005-07-06

Worse - it's a symptom of fascination with easy to digest numbers ...which present only a part of the picture of comfort, responsiveness, etc.

(not the first such fascination of course, witness the cult of fps ...for most of the time ignoring the endemic "micro- stutter" which only recently seems to get some slight attention; resolutions and processing levels which looked "good" only on magazine screenshots; or mpixels ...the cult of simple number, generally)

Edited 2011-12-19 00:05 UTC

Reply Score: 2

RE[2]: Comment by demosthenese
by lucas_maximus on Sun 11th Dec 2011 11:50 UTC in reply to "RE: Comment by demosthenese"
lucas_maximus Member since:
2009-08-18

The report was commissioned by Google, but the authors insist they had complete autonomy in deciding what metrics to use and what conclusions they made. The researchers have released more than 20MB worth of data, software tools, and methodology so peers may review or build upon the research.

Reply Score: 1

RE: Comment by demosthenese
by lucas_maximus on Sun 11th Dec 2011 11:46 UTC in reply to "Comment by demosthenese"
lucas_maximus Member since:
2009-08-18

The report was commissioned by Google, but the authors insist they had complete autonomy in deciding what metrics to use and what conclusions they made. The researchers have released more than 20MB worth of data, software tools, and methodology so peers may review or build upon the research.


From the article. It can be peer reviewed. Hardly Biased.

Reply Score: 2

RE[2]: Comment by demosthenese
by KLU9 on Sun 11th Dec 2011 13:48 UTC in reply to "RE: Comment by demosthenese"
KLU9 Member since:
2006-12-06

It can be peer-reviewed AND still be cherry-picking *which* criteria to examine.

The peers would just check that the data chosen is correct; they wouldn't able to force the original researchers to start measuring other criteria.

Reply Score: 5

RE[2]: Comment by demosthenese
by tylerdurden on Sun 11th Dec 2011 19:52 UTC in reply to "RE: Comment by demosthenese"
tylerdurden Member since:
2009-03-17

That is not how peer reviewing works.

Something is not deemed unbiased because it can be reviewed by peers. See, we all have the potential superstars, but you have to sell a million records to be considered one.

Reply Score: 3

RE[3]: Comment by demosthenese
by lucas_maximus on Sun 11th Dec 2011 20:36 UTC in reply to "RE[2]: Comment by demosthenese"
lucas_maximus Member since:
2009-08-18

Yes it is. It cannot be called Bias until it has been peer reviewed ... the whole process of peer review is to how valid it is.

Calling Google names and saying it is Biased btw doesn't cut it.

Reply Score: 1

RE[4]: Comment by demosthenese
by tomcat on Thu 15th Dec 2011 02:29 UTC in reply to "RE[3]: Comment by demosthenese"
tomcat Member since:
2006-01-06

Yes it is. It cannot be called Bias until it has been peer reviewed ... the whole process of peer review is to how valid it is.

Calling Google names and saying it is Biased btw doesn't cut it.


Uh, yeah, it's fine to call them biased. Because the "researchers" commissioned by Google completely ignored the larger issue of how MANY vulnerabilities have been seen, severity, etc, among the various browsers. They cherry-picked the criteria that they chose to evaluate and, so, peer-reviewing their conclusions is a waste of time, because the CRITERIA are the problem, not the DATA.

Reply Score: 2

RE: Comment by demosthenese
by _xmv on Sun 11th Dec 2011 22:32 UTC in reply to "Comment by demosthenese"
_xmv Member since:
2008-12-09

It seems that this report sponsored by google, cherry picked those security methods that Chrome is ahead in to show that Chrome is best, and ignored other security factors.

yep
just like MS did before
and people usually fall far it. sad.

seems optin's Chrome, making websites Chrome only, and publitizing it everywhere isn't enough.

Google has changed.

Reply Score: 2

So what?
by pysiak on Sun 11th Dec 2011 10:54 UTC
pysiak
Member since:
2008-01-01

Every browser is more or less the same secure...
Privacy-wise, Chrome is worst.
I had a fling with chrome for performance but I got back to Firefox for plugins, some of which don't have chrome versions because it's not possible.

e.g. HTTPS-Everywhere is not possible in chrome due to limitations in address rewriting.

So I'm sticking with FF + Ghostery + BetterPrivacy + HTTPS-Everywhere + Adblock.

Reply Score: 3

Is it same browser
by Nicram on Sun 11th Dec 2011 11:08 UTC
Nicram
Member since:
2006-01-31

that use Windows proxy settings, and not it;s own? Thank you, i will stay with something better.

Reply Score: 1

RE: Is it same browser
by Fergy on Sun 11th Dec 2011 11:16 UTC in reply to "Is it same browser"
Fergy Member since:
2006-04-10

that use Windows proxy settings, and not it;s own? Thank you, i will stay with something better.

If you are talking about Firefox: http://support.mozilla.com/en-US/kb/Options%20window%20-~*~...
If you are talking about Opera: http://help.opera.com/Windows/11.60/en/network.html

Reply Score: 2

RE[2]: Is it same browser
by Nicram on Sun 11th Dec 2011 11:21 UTC in reply to "RE: Is it same browser"
Nicram Member since:
2006-01-31

Haha, thank You ;) I'm already know this, and i'm using firefox (with noscript+adblock+firebug) with ads enabled on OSNews:) But Your post may be informative for other, chrome browser users ;)

Reply Score: 1

RE[3]: Is it same browser
by daedalus on Mon 12th Dec 2011 08:28 UTC in reply to "RE[2]: Is it same browser"
daedalus Member since:
2011-01-14

Perhaps you'd also like to share with those Chrome users why using the Windows proxy settings is a bad thing...

Reply Score: 1

RE[4]: Is it same browser
by Nicram on Mon 12th Dec 2011 10:18 UTC in reply to "RE[3]: Is it same browser"
Nicram Member since:
2006-01-31

Perhaps you'd also like to share with those Chrome users why using the Windows proxy settings is a bad thing...


Because setting up proxy settings with Windows make it work for many other applications besides Chrome. For example i want to use proxy settings for my browser because i can't access some website. But same time i want my messenger software to do not use it. If both apps use Windows configuration, then both will use it, and i can do nothing about it in such situation. And this is real problem that i had when trying Chrome some time ago, also when last time i try to make it work for my friend, and other networking apps start to use proxy (and some didn't work because it was really web proxy, so they just inform about problem with connection).

That is why web browser should use own proxy settings, which is in my humble opinion, fundamental for nice and customizable web browsing.

Reply Score: 2

Opera
by kenji on Tue 13th Dec 2011 21:00 UTC
kenji
Member since:
2009-04-08

I will stick with Opera, thank you. Take that, Google overlords.

Reply Score: 3