

Google funded browser study declares Firefox less secure than both IE and Chrome - suprgeek
http://www.forbes.com/sites/andygreenberg/2011/12/09/browser-study-sheds-light-on-firefoxs-insecurity-and-google-approves-this-message/

======
magicalist
_Despite the potential for a conflict of interest, Accuvant is a well-
respected firm, and its researchers have performed a thorough and fair study,
even making the tools they used to test the browsers publicly available [1]...
Nor are Accuvant’s findings entirely positive for Google. It points out that
Chrome fails to effectively blacklist malicious URLs, though neither of the
other browsers fared better on that front._

...but as a journalist, I can't let that get in the way of my constructed
narrative! Mozilla and Google are totally in a fight. Seriously guys, if you
could argue a little in the comments section, that would be great for our page
views.

[1] [http://www.accuvant.com/capability/accuvant-labs/security-
re...](http://www.accuvant.com/capability/accuvant-labs/security-
research/browser-security-comparison-quantitative-approach)

~~~
rplnt
Google basically made Firefox. And they make money from them as well. I don't
think they hate it that much. Maybe they just don't like being held back and
want to pursue their stu..eh dart ideas.

~~~
zobzu
Firefox existed before Google funded it through the deal. If anyone, Netscape
made Firefox. Heck, they actually _made_ it, with no ones help and they
actually created one of the first successful, fully open browser. They're also
the reason you have even Chrome today. Let's not change history too much.

Now that's true Firefox today is sustained by Google's money primarily (but
I'm sure it would be fine with Bing's money - its all about money for
corporations, and Firefox still has a large user base).

I also doubt they hate Firefox. But Chrome's advertisement budget alone is 20
times higher than what they pay to Firefox. That's quite a bit.

Certainly there are interests in Firefox's demise for Chrome (and for IE).
You'll notice IE's marketing study was _exactly_ the same at Chrome's one.

Put IE on top, Chrome behind (it would be make the study looks too fake if
they're all put too low and Chrome is the cool kid right now), then Firefox
last, and no one cares for Opera, Safari, etc.

Why? Because it has nothing to do with technical details. It has everything to
do with advertisement (or FUD, like we called it back in the days.)

~~~
gcp
_If anyone, Netscape made Firefox._

This. There's an actual documentary about it: "Code Rush"
<http://www.youtube.com/watch?v=u404SLJj7ig>

~~~
cpeterso
For those without Flash, get your HTML5 WebM <video> here:

<http://coderush.tv/>

~~~
abraham
YouTube also has an HTML5 version once you enable it.
<https://www.youtube.com/html5>

------
evilpie
We actually have the code for JIT hardening already for Firefox, but we had
some problems with Win32 that need investigation. If you want to follow along
<https://bugzilla.mozilla.org/show_bug.cgi?id=677272>.

BTW much of this is similar to a study, but only about JIT security
<http://www.matasano.com/research/jit/>.

------
kermitthehermit
Firefox remains the best choice. It doesn't send data to Google or someone
else to monitor what sites you visit and other things which Chrome might be
doing.

Firefox also allows you to use AdBlock Plus, NoScript, Ghostery and a few
other addons to improve security, lower bandwidth usage and improve
performance.

I really hate these studies paid by other companies. Where's the "don't be
evil", Google? Are you afraid that Firefox will kill your beloved monitoring
tool Chrome?

Why does Chrome have a unique ID? Isn't this meant to identify you in a very
precise way by attaching the browser unique ID to the gmail account?

~~~
GiraffeNecktie
According to this article, the unique ID is removed after the first update
[http://www.theregister.co.uk/2010/03/16/google_chrome_unique...](http://www.theregister.co.uk/2010/03/16/google_chrome_unique_identifier_change/)

~~~
kermitthehermit
It's still there.

I recall looking up a way to remove it and found something for Chrome 8-9.
However, that "field" has now been merged into some other field and you can't
remove it without losing all the data.

------
Zirro
As long as Firefox is the only browser where complete versions of add-ons such
as NoScript, RequestPolicy and many others are offered, it is with no doubt
the safest for me.

~~~
luriel
I would give an arm and a leg for a decent implementation of NoScript for
Chrome.

~~~
simonbrown
Which parts of noscript do you want? If you want to block javascript fully on
certain sites, Chrome can do that without an extension. If you want to block
external scripts from certain URLs, that should be possible soon through the
webrequest API. I can't see any equivalent of the clickjacking protection,
though.

~~~
lukeschlather
I want whitelisting with a little dropdown that gives me the option to
temporarily or permanently whitelist domains as I see fit. I'm not really
interested in blacklisting, which is I think what you're describing.

------
cfq
Nice. No attribution for the "Browser Wars" comic at all. This small link
could've helped maybe: <http://shoze.deviantart.com/art/browser-
wars-215022942>

This is the sort of thing you'd expect from a respectable publication.

~~~
maw
It is, but where does the idea that Forbes is respectable come from? It's not;
maybe it was once, but it hasn't been so for years.

------
jpcosta
AFAIK there are not many comprehensive studies of this kind done without some
sort of corporate\company backing. In the industry its the reputation of the
company doing the study that is at stake, so what most companies do is they
fund a research but reserve the right to decide in the end if the study will
be published or not. If the results end up reflecting positive view on the
company that funded it they publish it, otherwise they use the information
collected by such study to improve the product

------
AshleysBrain
Just wondering: why do browser makers fund studies like this? You always hear
MS have funded a study that shows IE is more secure, Google funded a study
that shows Chrome is more secure, etc. etc. Doesn't seem to really help
anything.

~~~
rplnt
Publicity. Simple as that. It's news-worthy article (as you can see here) and
they gain users or at least a good name from it. Chrome's campaign value is in
billions of dollars. Why does it surprises anyone they want to spend some
more?

------
known
[http://www.chromium.org/developers/design-
documents/sandbox/...](http://www.chromium.org/developers/design-
documents/sandbox/Sandbox-FAQ) is the USP for Chrome.

------
jenhsun
When I saw "Google funded browser study..." I already know the answer of
browser war on security.

------
SODaniel
In laymen's terms I will definitely not claim that Firefox is less secure. BUT
what is up with the damn RAM leaks and crashes?

I love FF but it's a very one sided relationship from a user perspective that
is about to end if FF and MOZ does not fix the mem leaks that have been
sucking since 2007!

~~~
jezclaremurugan
how about upgrading to the latest version?

~~~
mrleinad
I have the latest version, and still have to restart the browser from time to
time. Otherwise, it becomes impossible to use. When I check Process Explorer,
the browser is using up to 1.6 GB regularly. Doesn´t sound right to me at all.

~~~
pcwalton
The next time you see that, please open about:memory and paste the contents
into a bug. Or you can even email me directly (pcwalton at mozilla dot com)
and I will forward it to the relevant people.

We are serious about cutting down Firefox's memory usage.

