
Chrome sandboxing makes it the most secure browser, vendor study claims - llambda
http://arstechnica.com/business/news/2011/12/chrome-sandboxing-makes-it-the-most-secure-browser-vendor-study-claims.ars
======
zobzu
Firefox's plugin run in containers (who know what they mean by "plugin
security" anyway, does that mean click to play on java?)

and Firefox manages its own memory and has different memory segments for each
tab (some kind of sandboxing).

It's also hard to argue what's industry standard in this area, and whats not,
because well, there's no real industry standard. Proof of it is that the 3
leaders with close enough market shares implement different things.

Finally, where's Opera, as usual.

~~~
scott_s
What you described is not sandboxing by any definition I've heard. For me to
consider something "sandboxing," the thing being sandboxed must be executed
with restricted privileges so that it cannot modify the surrounding system,
and it cannot interact with other things being sandboxed.

------
kiloaper
... commissioned by Google.

While sandboxing is great, I judge my browser by other factors as well
especially privacy protection and customisability. Edit: Spelling

~~~
m0nastic
While it's useful to be aware of where a study comes from, at least in this
case, I more than trust Accuvant.

They're as good a team of security researchers as you're going to find.

~~~
kiloaper
I wasn't questioning their creditionals. The fact they supply a comprehensive
report and make the data behind it available puts them leagues ahead of most.
As you say it's just good to know where studies come from.

------
badkins
Kinda cool. My startup makes a sandboxing plugin for Firefox, but we plan to
extend it to Chrome and IE later. Our sandbox works by doing all the browsing
on a completely different computer - sort of a super sandbox.

------
zyb09
Doesn't really matter anyway, since the worst offender are always Flash & Java
plugins. You should disable Java right away if you haven't done yet.

~~~
scott_s
Yes, it does matter, since successfully sandboxing the processes that execute
the malicious Java and Flash programs will prevent them from being able to do
any damage.

------
martingordon
Seems like a thorough study:

 _Accuvant focused only on Chrome, IE and Firefox, leaving out Safari and
others for the sake of time. It also tested the browsers only on Windows 7,
32-bit edition._

~~~
esrauch
Safari's market share is notably lower than the big 3, even if they included
that then why not Opera? Why not Android's browser? Why not GNU Icecat? You
could play this game all day.

~~~
martingordon
It's not just that Safari is excluded, but that it was only tested on Windows
7 32-bit. Why not test on at least Windows 7 64-bit? Aren't most of Intel's
chips 64-bit by now (Core 2 Duo, Core iX)?

And why not Android or iOS? A quick search shows that Microsoft sold 400
million licenses of Windows 7 (32 and 64-bit combined). Apple has sold 250
million iOS devices and there have been 200 million Android devices sold.

------
gcp
This is obviously incorrect, as this study from another vendor points out the
opposite: <http://www.yourbrowsermatters.com/#browser-compare>

Internet Explorer: 4.0 Chrome and Firefox: 2.5

That said, it does seem to acknowledge that "Does the browser extend the
sandbox such that it cannot read data from parts of the system that it doesn’t
have access to?" is a Chrome feature that is not in IE (of Firefox).

~~~
zht
The other "vendor" is Microsoft:
<https://news.ycombinator.com/item?id=3103345>

