Sophos Cloud Optix
We are used to choosing utility software based on simple, measurable, yardsticks. We choose things like word processors, video editors, IDEs and email clients based on what they can do and at what price.
For a long time this is how web browsers were selected too; we concerned ourselves with questions like is it free? Can it render tables, fonts and frames? Can it understand layer tags or ActiveX components? Will it render my favourite website or my intranet? Does it have tabs? Is it fast?
Over the years, as our dependency on the web has grown and the incidence and seriousness of cybercrime have increased, things have changed.
These days browsers compete on their ability to safeguard our privacy and security and choosing the right one is more about how we feel than about what they can objectively do. In a word, it’s about trust.
Trust
firm belief in the reliability, truth, or ability of someone or something
Where you choose to put your faith is a big deal because everything you do on the web passes through your browser.
Amongst other things your browser tells you which websites can be trusted, runs unknown code for you, negotiates encryption, remembers passwords and cleans up behind you if you want to be incognito.
It goes everywhere with you in the virtual world and, more often than not, it knows exactly where you are in the real world too.
And of course it isn’t simply a matter of trusting the code – there is also the matter of trusting its creator.
Web browsers are very large and complex pieces of software under almost constant development. Despite this they are given away completely free.
Such is the cost of producing a competitive product that there are relatively few major browsers and all of them have some kind of technical or financial link with at least one of the great web behemoths.
Google, Microsoft and Apple all produce their own browsers and which of them hasn’t given us reason to be circumspect at one time or another?
Internet Explorer is not the lightning rod for exploits it once was and it is the only browser on our list with Do Not Track switched on by default. It is also the only one on our list with an entirely secret, closed-source, codebase.
Google and Apple are much more fashionable and desirable brands than Microsoft but behind the gloss they are corporate goliaths too and their reach into our modern lives is extraordinary.
The rendering engine of Apple’s Safari browser, a significant component that it shares with Chrome, is open to inspection but the rest of it is not.
Chromium is an open source project created by Google and it used to build both the Chromium and Chrome browsers. All of the code, including the updater and RLZ library that only exist in Chrome, is open-source and publicly available.
That limpet-like maverick Opera is now also based on Chromium.
Firefox has an independent codebase that is entirely open to inspection but the Mozilla Foundation that produces it is almost entirely funded by revenue from search partners like Google, Microsoft and YAHOO! The vast majority comes from Google.
Please take a moment to fill in our poll and tell us about your choice in the comments. Don’t forget that you are not necessarily voting for the browser you like the most, or even the one you use the most. We’re asking to to think carefully about which browser you trust the most.
Years past I used FF but when they went to their RapidRelease program they started to become a memory hog & sent out more patch updates then Windows.. I just wanted to be an end user not a programmer so I switched to Chrome & never looked back.. However, in addition to Chrome I use one of their add-ons HTTPS Everywhere www.eff.org/https-everywhere & turned on the DNT option in Chrome as soon as it became available.. I just wish Chrome used the same 'favorites' method as FF does that is definitely one feature I miss.. I did learn how to work around that issue & massage the FF favorites I brought over on my switch to Chrome, it just becomes a multiple step process for me.. Any hints on that would be appreciated..
"more patch updates"
This is a bad thing now? And just because you don't see an update don't mean Google Chrome don't have those too.
I would not trust Chrome mate, last time I checked, there was no settings for clearing all cash and history and data you had entered into the browser! So, google made a product out of you, and is selling you. But enjoy chrome, hey ho…
Last time I checked, there IS a way to do that. Get your facts straight, friend.
I may be alone in this, but my browser choice is based on non-security-related factors – I like the idea of chrome, it sounds like it does have better safety features (like each tab being a separate process I think), but I just find it too flaky, especially the iPad version which crashes every 20 minutes.
As a tab junky who rarely has less than 20 open, chrome's memory use can go crazy too at 50-80mb per tab. Also, worry a little about what google's watching when I use chrome.
So, I mainly stick with FF on PCs and Safari on iPads.
Hello,
The browser landscape looks quite hopeless! Chrome/ium (Google), IE (Microsoft), Safari (Apple) are all big US companies, who actually get paid from the black budgets of NSA to facilitate easier spying.
Opera is a norwegian company. Norway is a NATO member and an enthusiastic lap dog of USA, because they are migthy scared of russians invading them and seek a Big Daddy to protect them. NSA therefore holds a blank ticket to ride Norway.
That leaves us with Firefox, a remote descendant of Netscape Navigator. Firefox is developed by amateurs of the Mozilla Foundation, a slow and buggy product that east CPU cycles as if they were birthday cakes. However, it is open source and probably the best for privacy as their team is less financially inclined to get in bed with the NSA.
Sorry but a lot of what you just said is nonsense. Norway does not live in fear of a Russian invasion and Opera do not design their browser to appease the US because of a possible Russian invasion.
Hi,
I'm using multiple browser but just trust Google Chrome.
Mac: Safari, Google Chrome
PC: Comodo Dragon
Other devices, just Google Chrome
FF hands down. They supported DNT, They seem to have a very TMO ( trust No One) philosophy, they do not make every right choice but they do better than the others. It is nowhere near as slow as back in the 3.6 timeframe of the browser.
IE 10 spoofs the EV certificates ( listen to security now Podcast) BY design
Safari is very slow to update for security although better than they used to be
Chrome sadly bundles flash within the browser ( so does IE 10) but frankly I trust geogle the least, as they have too many data points for comparison. Chrome is bloated just like FF used to be runs much slower than FF for me at least.
Opera, never used this one.
Don't forget, Chrome does NOT allow the use of a master password to protect saved passwords, so if anyone gets access to your computer they have instant access to all of your saved passwords!
Mike,
You seriously don't WANT your browser to be saving passwords, so you should never NEED a master password for a browser.
Use a third party password vault with 2-level security and at least 256-bit encryption. They're far more secure than a brower.
I use LastPass and YubiKey and they work great for me, but if you really feel comfortable storing passwords in your browser, then best of luck!
I have used Opera since I found it was the ***only*** browser to offer the option to deny scripts access to the History. It was also one of the first to off customizable Personal Data deletion of history/cache/cookie/passwords/plug-in/geolocation/camera permisions and deletetion of persistent storage.
(versions 15+ ***do not yet*** have all these options.)
I do not believe in DNT… Just because one has it toggled does not mean that one’s wishes will be honoured.
I never let the browser or any other application store my passwords.
For now I have to rely on TBB or the hardened Operating Systems of Liberté or TAILS when I need secure browsing.
The browser market for Windows is now a pretty sad place. I am actually considering a switch to Linux where there is a bit of diversity.
I have used Opera for a good 14 years, but version 15 looks like they want to concentrate on mobile devices with a Chrome foundation. Unless they fix 15 I will have to move or hope 12 is supported in the future.
I can't blame them for wanting to emphasize support for the smaller devices but would like to see them keep the version 12 look.
All the other browsers now have the same features you mention (except Opera 15 😉 ).
Trusting an OS let alone a browser to be perfectly secure seems a tad wishful to me.
OPERA & COMODO
What? No Lynx option? ;p
"…lightening rod…"???
Is that the opposite of a darkening rod?
I suspect that the word you were looking for is "lightning".
Thank you Mr. Language, corrected.
Used nothing but Internet Explorer for 14+ years now with NP 😉
I think security is only part of the decision. I find the web increasingly fragmented such that I can't rely on any single browser to make full use of the web.
Primarily I use IE, with Chrome as a fall back. IE seems to have fewer compatibility problems with banking websites, etc. Security wise I also feel the spectre of Google potentially using me as a source of income despite not really using much google services a little unsettling.
IE is easy to keep patched and to monitor the update status through WSUS on the corporate network which is also a bonus.
Mozilla Firefox in conjunction with ghostery.
<>em>? Is that HTML 6?
Fixed! Thanks for reading all the way to the last sentence.
Where is the "none of the above" option?
Ubuntu is the way to go !!!!!
Chrome on one monitor, FF on the other monitor. I like the way each works for certain bits. Safari on my iPhone, because that's what's available, but rarely surf the net from my Phone, simply because I cannot see it to read it properly.
ffox for unblocking sits and srware for general surfing chrome for convenience and slim browser for speed. ie for all secure work with settings tailored to my security settings for secure banking and online transactions. just learning about tails though so i guess my overall vote goes to srware iron. i know it is chrome really, but it has less invasive daily workings that can work on about 95% of the sites i visit
I don't trust Google as far as I could throw 'em. As a company, it's entirely uninterested in my security or privacy, especially if it can make money by selling my personal information. No respect for Google AT ALL.
Mike – why are you storing passwords in a browser at all? Don't do that.
I use Chrome, but mostly from an ease-of-use standpoint… not security. Firefox was my favorite for years, but as stated as above, has become too much of a resource hog for me to enjoy.
Firefox is no longer a resource hog, in fact, in won the recent Tom's Hardware Browser Grand Prix, taking the crown from Google Chrome.
Though, resetting your profile first may help you experience the changes better: https://support.mozilla.org/en-US/kb/reset-firefo…
Unfortunately there wasnt a "none of the above" option.
Trusting any software completely is a bit foolish, but anyone who actively trusts Chrome is a good subject for psychological study.
Chrome is hipster-approved spyware.
I use multiple browsers, but Chrome is one I trust and is my favorite. However, I’ve taken to using Chrome based, Comodo Dragon, as it uses far less resources than Chrome.
Browzar is my browser and DuckDuckGo is my search engine. I’m good.
going to look in to Browzar, never heard of it but I DO use DuckDuckGo exclusively! Thanks!
I hate polls like this. Why is there not an option of NONE?
If there was a 'NONE' box I would tick that one
I don’t trust any of them. Even TOR can be compromised. I use them knowing they can be corrupted. I will say again though, IE is the least secure browser. It has a larger attack surface in it’s native install (ActiveX) and as it is embedded in the OS, a compromise of the browser is a potential compromise of the OS.
Today, I switch between Torch and Chrome.
i know i have already posted, and if it gets accepted good. but i just wanted to say sophos. you are the business. i rely on you for keeping me smack up to date and many people who's software i come into contact with have more of a secure online experience as a result of your hard wok. thank you
Excellent post. I totally agree!
Personally, I use CoolNovo (Chromium based) and Waterfox (Firefox based)
Also,there is a grammer error on this article. "Where you choose to put your faith is a big deal because everything you on the web passes through your browser." You are missing "do" between you and on.
Thanks. It's fixed now.
… and that would be 'grammar'
FF with NoScript for most secure stuff, but on my Mac some sites don'r render properly for printing, so it then has to be Chrome.
Your poll is flawed! I cannot select 'None of these'.
In my view no browser is perfectly trustworthy, but some I trust a lot less than others and a few are reasonable but still have issues. So my answer would be 'None of these' but I would consider Firefox as being reasonably secure, Safari and Chrome rather less so and IE is nowhere near any of those. Opera can be a useful alternative but has had issues in recent past so is still not entirely trusted until it shows itself to be so.
We've had this question before and I make the same comment – how does the ordinary user know if the browser is safe or not? I use Chrome and Opera because they seem reasonably fast and easy to use, but that's it – I don't have a clue about their safety on the net. Can someone give me an example of how a browser can be unsafe and be able to identify the threat? I don't see my Anti Virus Identifying a threat specifically from a browser, so: how do we know?
Hi Bob,
Last time we asked 'which web browser do you recommend?' which isn't the same question and you'll see from the poll results it also got a different answer (even if you ignore the love bombing for Opera). http://nakedsecurity.sophos.com/2012/09/03/which-…
People recommend browsers for all sorts of reasons but I wanted to get people to think about the trust they put in their browser and its vendor.
I asked this particular question precisely because there isn't an objective criteria for trustworthiness. If you were judging the browser on speed then you could conduct a speed test, or aggregate others' speed tests and get something like an empirical answer. Trust is different.
My personal criteria is:
The code for Chrome, Chromium and Firefox is all completely open source, which means anyone can look at the code. They are all popular and the code has been under scrutiny for at least five years. They all have aggressive release cycles and the bodies that create them generally care about fixing security issues quickly.
It would be very hard for Google to hide anything nefarious in Chrome but your data is their business so they have an interest in you personally that the Mozilla Foundation don't. Mozilla Foundation is basically not-for-profit although I think they are setup as a for-profit company.
For those reasons Firefox narrowly trumps Chrome and Chromium for me.
Thanks for that Mark, now I get it – I suppose for me then it must be Chrome, partly because Google's (good?) name rests on its performance and it seems to work well with my Avast Internet Security.
None of the above! Or rather, I use 5 different browsers (SeaMonkey, FireFox, Chrome, Safari, IE) for different reasons (some of which have to do with multiple accounts so I can be logged in all of them at once), but my main one (SeaMonkey) is not one of the ones listed.
Firefox. IE as a backup, and Chrome if I'm desperate.
I have FF configured just the way I want it with just the right add-ons and such.
No option for Seamonkey?
Emphasis was made to vote for which browser I trust the most. OK but you failed to provide a choice for "other", "none of the above" or "I don't trust any of them one iota" so the survey is fundamentally flawed. People will almost inevitably vote for the browser they use habitually, for whatever reason. More information regarding trust might have been gleaned by also asking which browser extensions are allowed/trusted by default, such as Javascript, ActiveX and Java applets.
I don't use any of the ones that you listed. I prefer not to give out that information because the less people who know about it and use it, the less likely hackers are going to spend time trying to hack a little used browser. One feature is that I cannot download anything directly, I can only save it to a folder of my choice where I then run antispyware software on that file before I install it.
I like Firefox because it has an open code base, seems to have a "Trust No One" philosophy, and offers many useful security-related plugins, one of the most important being NoScript.
Traditionally, I have thought of Firefox as being an inefficient resource hog. At least as of right now, recent releases of Firefox are thought by many to be the fastest among common browsers while using a sensible level of resources on OS X.
I had used Safari for years. However, the current version is intolerably slow and buggy.
Started with Firefox 1 and have stayed with Firefox. Yes, some of the new releases threw us a curve-ball, but overall it's been pretty intuitive for me. I like it's features and add-ons. IE has changed so much I can't figure out how to use it. I haven't liked Chrome from the get go. I can't compare their speed, but the test results I've read aren't that impressive. Example: Firefox took 3.9 seconds, IE took 4.0 seconds, Chrome took 3.5 seconds to perform some function. I made up those numbers but they're similar to some test results and they make my point. If I saved 0.4 seconds 600 times a day, (theoretical), I'd save a whopping 4 minutes a day. WOW !!
To the point of trust, I say use whatever is most productive for you and use an updated security suite, clear your history regularly, don't let your browser remember passwords, only accept third party cookies from trusted sources, and be proactive about privacy. Nothing is fail-safe, so trust isn't the main consideration. It's only one factor.
Simply voting in this poll, and posting a comment, are risks as well.
Where’s the “none of the above” option?
On Mac OSX and Linux, I trust Opera – with the NotScripts addon enabled. For Windows, the only browser I'll trust is Comodo Dragon in fully Virtualised (sandboxed) mode.
I started using Maxthon for some things. I actually use IE, Chrome, FF, and Maxthon, depending on what site I’m going to.
My FF has so many security extensions, most of the web is broken -by choice.
Maxthon supports socks5 encrypted proxy with username/password.
Might try Arora too.
Anything open source that the user compiles himself is the most secure in my opinion.
@Pat: Yeah, the Ff rapid release sucks, but let me introduce you to Firefox's best keps secret: The ESR edition .http://www.mozilla.org/en-US/firefox/organizations/
Security will always be an issue for all software used to access the net BUT usability and function will always be my top priorities as well as speed. Chrome is a nice quick – slick browser but it is still a bit user-unfriendly. MSIE was, is, and probably always will be, the most useless pile of junk ever written. Slow, non-standard and now since v10, forcing features on people that they may not want and in the process harming useful non-profit website that rely on a small amount of advertising to pay costs. For me the best pick for a long while has been Firefox. I use that and Chrome depending on what I want to do. I have to use MSIE10 to check for HTML formatting issues as Microsoft have never understood what ‘industry standard’ means.
Mine is Dragon, which is a Chrome base tweaked by Comodo the security people and thus getting the best of both Worlds. 🙂
I trust only in the completely open-source ones, in this case: Firefox. Others are partially or completely closed-source, and created by profit-oriented companies.
How do people trust Google Chrome when we already know Google "tracks" us.
I don't have anything like the information or the expertise to analyse the information to make a decision on which (if any) of these browsers is trustworthy at all. I quit Firefox when it started chewing up all my memory and now use Chrome. So far I've been lucky, is all I am prepared to say about safety.
For those who like Chrome, but not the data gathering of Google products, there’s SRWare Iron, a German clone.
Same engine, as Chrome. In fact CCleaner identifies it as Chrome.
I switched to Iron quickly, leaving the Google Chrome spyware behind.
Extensions: Ghostery, Disconnect, etc.
Search engine: Startpage
Well, Explorer protects you more than others web browsers online, firefox is no.1 for me
becouse it starts faster than chrome 2x .
Firefox mostly, Pale Moon some. The rest virtually never. I don't trust Google, too big, too ubiquitous for me and Chrome is not readily customizable at all. Not to mention it rats out everything you do to Google on any platform.
I use two browsers.
I use Comodo for Facebook, because I trust Comodo, and it balances my extreme distrust of FB.
I use FF for everything else. I do prefer Comodo though. It's a lot faster than FF too.
Chrome!
I'm on FF24.0 with W.O.T, DNTM, ABP, private automatically (switched value from false to true in config) , disabled website tracking, Flagfox, Spybot v2.1 (Internet Protected) and MSE v4.3. (PC Protected)
😉
The least secure browser is Chrome. Read the wiki, they took Chromium and added different things to track you, your data, and all kind of stuf. Even if it would be the most stable unhackable browser, it starting base is google spyware – least secure browser.
If a browser has any connection to google, it simply can not be trusted. Sadly I haven’t yet found a browser I can trust. Google has infiltrated the entire web, this doesn’t help. The web now is just Big brother watching. I hope someone clever designs a browser that is impenetrable and doesn’t seek to take info is shouldn’t need.
2021 we’re way past brave new world/1984 hybrid hellish dystopian society. i’m going to lose some of my social credits for this comment.
this is totally hilarious to read i 2021