The Definitive Guide to Browser Security 2016

Web Browser Profiles and Security Rankings

Browsers are Critical for Maximizing Security Protecting a network from today’s cyber threats is an important and daunting task. Many phrases and acronyms are thrown around SWG, UTM, SEIm and the like. There are dozens and dozens of tools to help security managers secure the enterprise. But it should not be forgotten that web security begins with the web browser; the basic tool that makes web surfing possible. The way a browser is set up to communicate with the web is the place to start to implement a lock-down security policy.

The Browser Market

However, this does not tell the whole story as it’s important to consider the amount of time it takes for each browser to create a patch for their security vulnerabilities because that information allows you to know how long each browser will be vulnerable to security threats that are identified. Google Chrome has the fastest response time to browser vulnerabilities with an average patch release date of 15 days from the time the vulnerability is identified. Mozilla Firefox is the second fastest with 28 days and Internet Explorer is in third with 30 days taken to create and install a patch to fix security vulnerabilities. Safari is last in terms of the time it takes them to fix security issues with a patch, it takes them 54 days to complete. To summarize, while Safari has the least amount of vulnerabilities, it takes the most time to fix these issues, almost double the amount of time Firefox and Internet Explorer take and over 3 times as long as Google Chrome. Google Chrome has the second most security vulnerabilities but has the fastest turn- around time for fixing these issues.

During 2015, Google Chrome was dominantly the most popular browser with around 65% of the web traffic. The closest browser in terms of web traffic was Firefox which had 21% of the web traffic in 2015. Internet Explorer had around 7.2% of the web traffic and Safari averaged 3% of the web traffic. The trend during 2015 for browsers was an increase in web traffic for Google Chrome, a decrease for both Firefox and Internet explorer and consistent web traffic for Safari. In the beginning of 2011, Firefox was the dominant browser with around 43% of all web traffic with Internet Explorer in second place with around 27%, Google Chrome in third with 23% and Safari in last with 4% of web traffic.

Security Profile Rankings These rankings were determined by evaluating four different security areas of the major four internet browsers. These four security areas are vulnerability, vulnerability response, available security plug-ins and average web traffic. The reason why these four areas were chosen is when all four are combined together they give you the most reliable security profile for each of these browsers. Using only one or not using all four in unison can lead to a less reliable security profile for these browsers.

The trend from 2011 to 2016 has been a significant increase in web traffic for Google Chrome increasing from 23% of the web traffic to an average of 65% of all web traffic. Firefox and Internet Explorer did not fare as well with a decrease in Firefox’s overall web traffic of 22% and a decrease in Internet Explorer’s web traffic of 20%. Safari on

Vulnerability measures how exposed a browser is to security issues and uses the number of security issues each browser is exposed to as a metric for determining how secure a browser is from outside security threats.

the other hand has remained consistent throughout the years remaining close the 4% mark in terms of the web

Vulnerability Response is the length of time it takes for a browser to provide a security patch for an existing

traffic it receives.

security issue. This is used to determine how long a browser is vulnerable to existing security threats.

Most Vulnerable Browsers

Available Security Plugins are used to strengthen the overall security of your browser and lower the risk of exposure to security threats. They allow the user of the browser to customize their security and privacy in

Based on vulnerabilities identified in last few years, Firefox is the most vulnerable web browser out of the four

their browser.

major browsers (Google Chrome, Internet Explorer, Firefox and Safari). Google Chrome had the second most

Average Web Traffic is the measurement of the average number of users for each browser. This is used

vulnerabilities identified in this time, Internet Explorer had the second lowest amount of vulnerabilities, with Safari having the least amount of identified vulnerabilities in this time period.

to determine how well security is handled in relation to the amount of traffic that a browser is receiving on a regular basis.

Google Chrome

Firefox

Vulnerabilities: C

Vulnerability response time: A

Vulnerabilities: C

Vulnerability response time: B

Google Chrome has the second most vulnerabilities, which means there are a large number of security issues this browser could potentially be vulnerable to.

Out of the four major browsers, Google Chrome has the fastest vulnerability response time at 15 days. It provides a quick turn-around time for fixing security issues with its browser.

Out of the four major browsers, Firefox has the most vulnerabilities which means it is exposed to many more security threats.

Firefox has the second quickest response time for vulnerabilities at 28 days, this is 2 days faster than Internet Explorer and twice as long as Google Chrome.

Available Security Plug-ins: A-

Average Web Traffic: A

Available Security Plug-ins: A

Average Web Traffic: B

Google Chrome has a few more security plug-ins than Safari and Internet Explorer but is missing one of the plug-ins available in Firefox, which is the No Script Security Suite.

With the most web traffic of the four browsers, Google Chrome has the hardest job in terms of securing its browser because it has three times more average traffic than the rest of the browsers.

It has the most security plug-ins available, including the No Script Security Suite which no other browser has. This security plug-in gives the user control of which sites are allowed to use Java, Java-script and other content.

Firefox is second in terms of its web traffic, with a third of the traffic of Chrome but close to three times its nearest competitor, Internet Explorer.

Overall Rating:

A

The wide variety of security plug-ins, its fast response time to security issues and the amount of web traffic it gets trumps the number of vulnerabilities the browser could possibly be exposed to because the plugins allow countering for some or most of the vulnerabilities faced plus the quick vulnerability response time ensures the browser will not be exposed to threats for an extended period of time.

Overall Rating:

B

With the most security plugins, the second most average traffic and the second fastest response time, Firefox makes up for its number of vulnerabilities by giving user’s the most plugins to counter them and fixing those vulnerabilities in a reasonable amount of time.

Internet Explorer

Safari

Vulnerabilities: B

Vulnerability response time: B-

Vulnerabilities: A

Vulnerability response time: F

With the second lowest amount of vulnerabilities Internet Explorer provides users with less potential security issues to worry about then Chrome and Firefox.

With its response time being only 2 days slower than Firefox but twice as long as Google Chrome’s response time, Internet Explorer has an adequate vulnerable response time.

Safari has the lowest number of vulnerabilities out of the four main internet browsers, with its small number of vulnerabilities, users have less potential security threats to worry about.

Its vulnerability response time is way too long, it takes almost four times as long as Google Chrome and it almost twice as slow as the browser it is closest to in terms of response time speed.

Available Security Plug-ins: C-

Average Web Traffic: C

Available Security Plug-ins: C-

Average Web Traffic: D

Internet Explorer is missing at least a handful of the security plug-ins that are available are both Google Chrome and Firefox means that it only has some of the tools necessary to help combat its potential security threats.

It has a small amount of web traffic when compared to Google Chrome and Firefox but still has more web traffic on its browser than Safari does.

Safari, like Internet Explorer, is missing a handful of security plug-ins that are available to users in Google Chrome and Firefox.

It has the least amount of traffic of all four of the main browsers, Internet Explorer has more than double the amount of web traffic and Google Chrome close to 22 times the web traffic levels that Safari has.

Overall Rating:

C

C Overall Rating:

Internet Explorer’s adequate threat response time, lower number of vulnerabilities, low web traffic level and missing security plug-ins are the reasons why it has this overall rating.

Safari’s very small amount of web traffic, missing security plug-ins, overly slow response time to security threats and its small number of vulnerabilities are the reasons why it got the overall rating it did.

Optimal Browser Security Settings Google Chrome Install security plug-ins: LongURL.org, Web of Trust, Don’t track me and Disconnect, Webutation and HTTPS Everywhere. Set-up browser alerts, Update regularly, Make updates automatic, Use smart-lock for passwords,

Overall Recommendations for Optimal Browser Security • Updating your browser regularly: As simple as this sounds, it’s easy to disregard a popup for a browser update or outright miss the update if update notification is turned off.

Leave the default settings for phishing, malware and pop-ups as they are. The plug-ins installed will take care of cookies, tell you about potentially dangerous websites and what websites are secure and which are not. Google Chrome also allows you to turn off the allowance of Java-script on the websites you visit and allows you to choose whether you want automatic downloads or if you want to activate them yourself, you can access these settings by going to the settings tab, clicking privacy and then clicking the content settings tab.

Firefox Install Security plug-ins: LongURL.org, Web of Trust, Don’t track me and Disconnect, Webutation, HTTPS

• Configure browser security and privacy settings: Any settings not covered with the security plug-ins previously mentioned can be found in your browser’s settings, usually though the default settings are the most secure after all the plug-ins have been installed. • Use both anti-virus and anti-spyware software- Using both an anti-virus and an anti-malware program is critical to the security of not only your browser but your entire computer as well. • Sign-up for Alerts: Have your browser instantly let you know when new information is available regarding your browser and keep up to date with this new information so you are best equipped to manage your browser(s).

Everywhere and the NoScript Security Suite. Set-up browser alerts, Update regularly, Make updates automatic, Leave the default settings for pop-ups, unsecure websites, phishing and malware as they are.

• Use caution when installing browser plugins: Although most of the security plug-ins are proven and good plug-ins, there is the possibility of a few of being fake or unreliable, there is also a larger pool of these types of

Internet Explorer

fake or unreliable plug-ins when dealing with all the plug-ins available for a browser. Before you install any

Install Security plug-ins: LongURL.org, Web of Trust, Don’t track me and Disconnect. Set-up browser alerts, Update

them, use the knowledge that is out there on the web to help ensure you get quality plug-ins that will not harm

regularly, Make updates automatic, Leave the default settings for pop-ups, unsecure websites, phishing and

your browser and your computer.

malware as they are.

Safari Install Security plug-ins: LongURL.org, Web of Trust, Don’t track me and Disconnect. Set-up browser alerts, Update regularly, Make updates automatic, Leave Safari’s default settings for dangerous or unsecure websites, pop-ups, phishing and malware as they are.

plug-ins check the reputation and ratings on several different rating websites and read customer reviews about

• Download and install trusted security plug-ins for your browser: Installing trusted and reliable security plug-ins for your browser will keep you from having to search for privacy and security settings in your browser which will save you time and keep you just as secure. • Avoid fake security warnings: There are a whole host of fake security alerts that can start running and appear legitimate but if you click on them they will infect your browser and computer with all kinds of malware and viruses. That is why it is critical to be up to date on these fake security warnings and know exactly what your real security alerts look like so you can avoid clicking the fake ones and exposing your browser and computer to harm.

Some of our customers:

Recognitions:

Did we get you interested? [email protected]

+91 8880220044

www.instasafe.com

facebook.com/instasafe

@instasafe

linkedin.com/company/instasafe