Firefox 3.5 vs. Internet Explorer 8: Which is Safer?: Page 2
Safe browsing features. This is a new category this time around. Both browsers have touted new safe browsing features recently, so I wanted to give them both a test run. Theres good and bad news to report for both.
Both browsers provide features that are meant to protect users from going to (arguably) dangerous sites. Both browsers optionally protect the users privacy by not storing browser histories when asked not to.
IE has a Content Advisor feature that lets you define by policy what sites or types of sites the user shouldnt visit. These settings are entirely at the discretion of the user, but could be helpful in preventing inadvertently visiting a site that could be objectionable. I admit Im not a big fan of this sort of protection, as it is invariably easy to bypass.
Firefox goes one step farther in content protection by providing a site blacklisting service that prevents the user from visiting sites that have been flagged for serving malware, phishing, etc. Theres a bit of a performance hit to this, however, as each newly visited site must first be (externally) compared against a blacklist of known bad actors. Again, this can be useful, but easy for a determined user to bypass.
In the end, I have to say I find both browsers safe browsing features to be largely for show, and not all that helpful in providing real security to the end user. Perhaps these features will improve in subsequent releases.
Qualitative score: IE gets an C- while Firefox gets a C+.
Security-minded plug-ins. This one is mostly unchanged. As I wrote previously, this is where Firefox really shines, at least for my needs. Im a huge fan of the popular and free plug-in, NoScript (available from noscript.net). NoScript provides a script whitelisting capability in the entire Mozilla family of browsers, including Firefox.
With NoScript, I can allow individual sites that I have some level of faith in to run script content in my browser, while defaulting to disallowing scripts for all others. I find this approach to be very workable, as I only have to teach NoScript once per site I visit.
To be fair, however, some people find NoScript to be very annoying for the same reasons that I find it liberating. And its certainly not perfect. It provides trust per domain, not per IP. That means that, for example, I could allow, say, me.com to run scripts in my browser, and anything within that entire domain space would be allowed to run clearly something that I want to avoid.
My only complaint about NoScript is that it isnt included and enabled by default with Firefox. (I also wish it were available for other browsers, like Safari.)
Qualitative score: IE gets a D while Firefox gets an A-. Unchanged.
So I remain a Firefox (+ NoScript) guy. In fact, on my Macs, it is pretty much the only browser I use, despite the fact that it does a lousy job at integrating into the operating system features in the same way that Safari (and other Apple software) does. Were there a NoScript for Safari, Id jump on it. But to my knowledge, there isnt, so I stick with Firefoxand I feel pretty confident in my browsing security on the Internet.
Im still careful about the sites I visit, of course, but I have a lot of faith in NoScript stopping nasty stuff from happening if I stray from the sites Im familiar with.
ALSO SEE: Seven Firefox Add-Ons for Security