Friday, 9 December 2011

Your Browser Really Does Matter! fail?
So Microsoft recently launched a new website, to make users aware of the need for browser security; This happened some time ago, I just didn't think to publish a blog post about it. But whilst at work today, as part of my organisations state of security, I investigated into the site a little to see how it worked and what it showed.

I have to admit I found the website a little preposterous (a little, really? ha! infact it was very preposterous). First off, the website only rates the most popular web browsers that run on the Windows platform. Visiting  the site in Apples Safari browser gave me an apologetic message indicating that the site didn't support that browser.

However visiting the site on a browser within the Windows platform, gives your current browser a rating out of 4, based on various factors, such as whether the browser prevents phishing attacks, provides a sandboxed environment for your tabs, whether the browser prevents malicious file downloads and finally it covers security issues like whether the browser alleviates cross-site scripting and prevent non-secure content viewing on secure HTTPS pages. 

Opera: small fish
Whilst testing it appears that microsoft doesn't provide ratings for the Opera web browser either, this is most likely due to its small market share and  Microsoft has no reason to pursue Opera's userbase.

The ratings for Mozilla Firefox, Google Chrome and Internet Explorer 9 are shown below:

Firefox: Noob!
Chrome: L00ser!
Mozilla Firefox and Google Chrome both scored a measly 2.5 out of 4, according to Microsoft, and users interested in seeing why can click through the site on various links to compare the browsers results compared. (Edit: This link should take you directly to the page.)

Microsofts own browser Internet Explorer blows the competition out of the water with an amazing 4 out of 4 (pfft...)!

The points it heralds itself with are best avoided with safe browsing and smart thinking, no need for bloated browsers slowing my life down.

I do, remain a little sceptical about microsofts research and reasoning. True, I dont have a research and development department with millions of dollars of funding, but a quick look at wikipedia (not the most reliable, but fairly accurate in this case) and then following the links from there to securityfocus, show Internet Explorer 9 infested with 24 security flaws, Firefox with 2 vulnerabilities and Chrome with none!
Just out of interest Opera had 1 vulnerability, and Safari had an astonishing 0. These statistics are accurate as of today (09/12/2011).

As a sidenote, November 2011 saw Chrome overtake Firefox's userbase for the first time.

It should be clear that the site is nothing more than a marketing gimmick devised to conceal the truth from non tech-savy users, as has been the tradition in business practice from the big boys. US users can also get vouchers and various other rewards from microsoft just by downloading and using IE9 (I wont point out how desperate this seems to be coming from the browser that once occupied 80% market share).

I shall bid you farewell, with this closing thought, its just a matter of time before someone uses some Javascript or server side code to exploit any number of these 24 exploits on IE9 (as they have been doing for years) and install some malware or adware on your computer, so I will take my chances with Firefox or Chrome (as I have been doing for years, without any incidents).