Which Web Browser Has the Best Security Performance?
May 29th, 2018
Browsing the Internet has become a minefield, where nearly any web page has the potential to infect a visitor’s endpoint (i.e., the user) and the endpoint's entire internal network (i.e., the organization). If users are not careful, they can trigger malicious malware downloads or get fooled by a phishing website.
As a result, it is the CISO’s responsibility to define proper security policies and design a secure architecture to support the organization’s goals and needs, including which web browser the organization should standardize on. There’s a lot to consider when selecting a web browser, such as vulnerabilities, privacy, and other security capabilities, like spam filters, phishing detection engines, and URL security inspection. So how do you ensure you select the right browser that meets the functionality and protection standards that your users require?
What Constitutes a “Secure” Web Browser
There’s a lot to consider when choosing a web browser for your organization. Users often have their own personal preferences too, so it’s important to make the right decision that allows your team safe and easy access to the Internet. Here are some key criteria to test when evaluating web browsers:
- Built-in Security Features (Phishing and malicious site detection, SSL certificate verification etc.)
- Frequency of Security Updates
- Number of Vulnerabilities
- Privacy Settings and Level of Customization
How to Test a Web Browser’s Security
If you’d like to test web browsers on your own, there a few good ways to do so. However, make sure to test their functionality in an isolated environment, like a virtual machine on your computer. This will ensure you don’t risk your data when testing malicious URLs.
Once you have a virtual machine or isolated environment setup, try visiting a known malicious URL and see if the browser blocks or warns you before you visit that site. This can be tough though, since most malicious URLs are shut down if they’re deemed to be unsafe or deliver a malicious payload, so you’ll need access to fairly new malicious URLs.
You can do a similar test with known Phishing sites and compare how well various browsers identify and warn you to potential Phishing schemes.
Web browsers also provide a range of customization options, so it’s good to evaluate what these options are and how much flexibility the user has to customize the data that’s collected on them. This may factor into your decision, based on how much or little customization you want to provide to your users.
A Comprehensive Web Browser Security Comparison
At IntSights, we recently completed our own analysis, where we evaluated the security performance of the most popular web browsers in use today (Chrome, Firefox, Safari, Edge and Opera). In this analysis, we tested various security functionality for these different browsers, including Malicious URL detection, Phishing site detection, SSL Certificate verification, built-in security features and more.
Download our report today to see which browser performed the best!
Web Browser Security Comparison: Popular Is Not Necessarily Secure
Orin Mor is a Security Researcher at IntSights, focused on hunting for new threats and threat actors on the Dark Web, and working to identify new attack strategies and vectors. Prior to IntSights, she served for 5 years as a Security Researcher in an elite intelligence unit in the Israeli Defense Forces, specializing in cyber operations, data mining and threat research.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.