Firefox 3.5 vs. Internet Explorer 8: Which is Safer?
A security expert provides a point-by-point comparison of today's two leading browsers.
Editor's Note: With the release of Firefox 4 and IE9 almost together we've decided to revisit this issue in a new article Firefox 4 vs. Internet Explorer 9: Which is Safer? (Original, I know, but if the shoe fits ... !) Thanks for reading!
Its been nearly 2 years since I wrote Mozilla Firefox vs. Internet Explorer: Which is Safer?, and much has changed in that time.
Major releases from both popular browsers are out, and its time for a rematch.
This month, I went into my lab and installed the latest version of each browser Firefox 3.5 and Internet Explorer 8 and have revisited the statements I made in September 2007. What I found is that although much has changed, a lot of things have remained the same.
I have to say I still firmly believe Im safer using Firefox than IE, and thats not just because Im principally a Mac user. I believe Firefox is a more secure choice for the average user, especially with just a little bit of tweaking.
So, lets revisit my earlier conclusions and see how theyve changed with the latest releases.
Lower profile target. This remains largely true. Even with Firefox gaining significant market share recently, its still a lower profile target than Microsofts Internet Explorer. At some level, that fact does buy a modicum of security, at least from the perspective of how safe (or unsafe) an end user is. Note, however, that this does not make either browser more secure per se.
Further to that, Firefox is an add-on for any operating system. That means that there are naturally more users of IE than Firefox on any platform.
And the fact remains that malware authors, just like other software authors, are in large part writing software to market share. That makes Microsoft/IE popular targets by the bad guys. There is indeed a bit of safety in small numbers.
Qualitative score: IE gets an F while Firefox gets a B+. Unchanged.
Configurability. This remains one of the toughest criteria to compare between the two browsers. And Im limiting my comparisons here to the base browsers, without any plug-ins installed.
IE truly provides a hugely rich set of security features that can be configured and tweaked. Microsoft defines security zones such as Internet, Local intranet, Trusted sites, and Restricted sites. Although each of these categories is fairly loose, each can be finely tuned to suit the users needs.
In fact, the level of tuning options in IE is almost daunting. I dont like to penalize a product for having too many security options, but I think this is a case of menu-itis in giving the end user too many options.
Despite IEs sea of choices, I have to give it the nod here. Theyve helped obfuscate the confusion by creating the security zones, and its pretty darned easy to put sites into one of the zones based on how much trust they should get. Businesses you want to trust, for example, should go into Trusted sites, while all unknowns should fall into the Internet or even Restricted sites zones. Further, the default zone should be fine tuned a bit to disallow all active content.
The average user should be able to do that without too much fuss. One fairly easy way to achieve this is to set Restricted sites as the default, and then add trustworthy sites to either the Internet or even Trusted sites zones on a case-by-case basis. I just wish this had been the default setting.
Qualitative score: IE gets an A- while Firefox gets a C+. IE gains some ground, while Firefox has remained largely stagnant.