A new study recently released by Accuvant has raised the bar for Microsoft and Firefox. Google’s chrome has recently been awarded the top prize. Internet Explorer beat out firefox when it came to protecting systems which had already been partially compromised, but Chrome kicked them both to the curb.
The results were acheived by analyzed the security features of the 3 most popular browsers. However, they chose not to employ the usual metrics, but rather assumed that hackers had already gained access to the machine via an exploited vulnerability. In essence, they wanted to see what techniques the browsers employed to mimimize potential damage.
Even though all three (3) browsers used Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and Stack Cookies (GS), it was found that Firefox did not utilize any of the following:
- Sandboxing (the separation of running programs)
- Plug in Security
“As with antivirus, the question is not whether the pattern-based detection will fail, but when and how,” pointed out the researchers. “As such, blacklisting services should be considered a part of the overall browser defense model, rather than the only perimeter an attacker must traverse.”
The conclusions shown above are the result of a study performed by the security company on behalf of Google. Many people might dismiss these findings based on that info alone, however Accuvant is a respected firm that is unlikely to sully its reputation by letting the results be affected by the fact that Google asked for the analysis.
You can view the 102-page report by going to issued by Accuvant.