The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Study: Firefox Most Secure Browser

Study: Firefox Most Secure Browser

by , 4:10 PM EDT, July 1st, 2008

One way to evaluate the security of a Web browser is to determine what percentage of its users are using the latest version. In a study released on Tuesday by S. Frei et al, it was found that Firefox users are most likely to be up to date.

Now that modern software and hardware firewalls have blocked incoming intrusions via TCP/IP ports, the most favored method of attack on computers connected to the Internet is via data returned to the Web browser that exploits browser code or plug-in vulnerabilities. As a result, keeping the browser updated to the latest version these days is paramount.

The authors, in their paper, "Examination of vulnerable online Web browser populations and the 'insecurity iceberg'" look at the rates of adoption of the latest browser versions and the impact it has on users.

Their definition of the most secure browser was as follows. "...the most secure browser designates the latest official public release of a vendor's Web browser at a given date. Beta versions are not considered an official public release."

From the Authors' Paper

The chart above shows the rate of adoption of the latest major version of each browser, for example Firefox 2 or IE 7.

By this standard, Firefox is the most secure browser because 83.3 percent of the users have the very latest version. Safari was ranked second at 65.3 percent, Opera third with 56.1 percent and IE 7 last at 47.6 percent. Note that, unlike the chart above, these numbers speak to the very latest version, for example Safari 3.1.2.

The paper raises some interesting questions. It's understandable how IE could lag thanks to corporate rules and compatibility testing with internal products. That can slow dow the rate of adoption. However for users who can use automatic update notifications, like Safari, Opera and Firefox, there are key difference in the methodology.

For example, the update mechanism of Firefox was considered noteworthy: "We believe the auto-update mechanism as implemented within Firefox to be the most efficient patching mechanism of the Web browsers studied. Firefox's mechanism regularly polls an online authority to verify whether a new version of the Web browser is available and typically prompts the user to update if a new version exists....

"With a single click (assuming that the user has administrative rights on the host), the update is downloaded and installed. Just as importantly, Firefox also checks for many of the currently installed Firefox plug-ins if they are similarly up to date, and, if not, will prompt the user to update them," the authors noted.

In contrast, the authors pointed out that "While Firefox and Opera check for updates when the browser is used, Safari relies on an external Apple-updater that appears to only poll for new updates at scheduled regular intervals while Internet Explorer gets updated as part of the monthly distributed Windows patches."

This scheduled updates for Safari can be as seldom as "never" if the user elects to uncheck the "Check for Updates box" in the Software Update. In addition, the Adobe Flash plug-in has no automatic update feature, and users must attended to that update manually. TMO notes that all this could explain the lag Safari has compared to Firefox.

There is much more detail in the paper, including a discussion of plug-in vulnerabilities. While some of the content is quite technical, any user interested in browser security should take a look at this report.

Recent TMO Headlines - Updated October 2nd

Fri, 3:11 PM
Apple's New 'Chase' Ad Highlights the New iPhone 14 Pro Series Camera
Fri, 2:16 PM
Apple TV+ Announces Premiere Date, Gives First Look at Action Thriller 'Echo 3'
Fri, 1:51 PM
Apple Music Live to Stream Exclusive Billy Eilish O2 Arena Concert: Here's How to Watch
Fri, 1:07 PM
Apple TV+ Confirms Shows Getting Another Season This Fall, Including 'Mythic Quest' and 'Slow Horses'
Fri, 12:36 PM
Apple's VP of Procurement Tony Blevins Departs Company After Lewd TikTok Comment
Fri, 12:00 PM
[U] Tests from 'Wall Street Journal' Indicate Apple's Crash Detection May Have Flaws
Fri, 3:00 AM
Bad Vibes on Wall Street and Good Vibes "As Seen on TV" - TMO Daily Observations 2022-09-30
Thu, 5:41 PM
Display Panel Orders Show iPhone Sales Higher Than Last Year
Thu, 3:46 PM
Adobe Launches Photoshop Elements 2023 and Premiere Elements 2023: Apple Silicon Upgrades, New AI Features and More
Thu, 2:58 PM
Ad-Free Instagram Experience 'OG App' Removed from Apple App Store
Thu, 2:17 PM
Apple Announces 4Q22 Earnings Call on October 27
Thu, 2:10 PM
iOS 16.1 Beta 3 Allows Users to Preload In-App Content After Install
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Daily Observations
  • TMO on Twitter!