Feeds

Microsoft flags Firefox and Chrome for security failings

Guess what it says about IE 9

Top 5 reasons to deploy VMware with Tegile

Microsoft has unveiled a website aimed at raising awareness of browser security by comparing the ability of Internet Explorer, Mozilla Firefox, and Google Chrome to withstand attacks from malware, phishing, and other types of threats.

Your Browser Matters gives the latest versions of Firefox and Chrome a paltry 2 and 2.5 points respectively out of a possible score of 4. Visit the site using the IE 9, however, and the browser gets a perfect score. IE 7 gets only 1 point, and IE 6 receives no points at all. The site refused to rate Apple's Safari browser in tests run by The Register.

The page is designed to educate users about the importance of choosing an up-to-date browser that offers industry-standard features. The ability to automatically warn users when they're about to download a malicious file, to contain web content in a security sandbox that has no access to sensitive parts of the computer's operating system, and to automatically install updates are just three of the criteria.

Microsoft's Your Browser Matters gives Firefox 7 running on a Mac 2 out of a possible 4 points

screenshot of internet explorer score

The site gives Internet Explorer 9 a perfect score of 4

The site dings Firefox for a variety of omissions, including its inability to restrict an extension or a plug-in on a per-site basis, its failure to use Windows Protected Mode or a similar mechanism such to prevent the browser from modifying parts of the system it doesn’t have access to, and its lack of a built-in feature to filter out malicious XSS, or cross-site scripting, code. Among other things, Chrome lost points for not using Windows features that protect against structured exception-handling overwrite attacks.

Reg readers still stuck in the rut of critiquing Microsoft security based on products released a decade ago are likely to be unimpressed. The reality is that over the past few years, Redmond has endowed Windows and IE with measures such as ASLR, or address space layout randomization, and DEP, or data execution prevention, that significantly reduce the damage attackers can do when they exploit buffer overflows and other bugs that are inevitable in any large base of code. Apple didn't pull ahead of Microsoft on this score until earlier this year with the release of its Mac OS X Lion.

It didn't take long for Mozilla developers to take issue with the critique.

"Microsoft's site is more notable for the things it fails to include: security technologies like HSTS, privacy tools like Do Not Track, and vendor response time when vulnerabilities are discovered," Johnathan Nightingale, Mozilla's director of Firefox engineering, said in a statement. He said: "Mozilla is fiercely proud of our long track record of leadership on security.

Partners throwing their endorsement behind the new Microsoft page include the Anti-Phishing Working Group, the Online Trust Alliance, and the Identity Theft Counsel. ®

This article was updated to add comment from Mozilla.

Beginner's guide to SSL certificates

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.