Henry Dalziel | Concise Courses, General Hacking Posts, Hacker Hotshots, Product Reviews | September 15, 2013
Quick overview of this post: Chrome is a safer browser (skip to the bottom of the post for more on that) but due to nostalgia, we will always be faithful to Firefox. Sorry Chrome.
My Internet browser is an extension of me. We (and Concise Courses would like to speak on your behalf) spend way more time looking at our browsers that we do our wives, husbands, partners, friends, pet Iguana’s etc. Whilst researching this post we discovered that on average, in the USA, we each spend 27 hours a week online. Obviously this depends on our professions: clearly a beekeeper or a chicken farmer in North Dakota is likely to spend less time online than a hacker in a basement or a information security professional conducting a black box pentest. Anyways, chances are, that even if you are staring at a terminal or a command line, you’ll also have a browser open, and personally speaking, my preferred is still Firefox. Always has been, always will be.
Why Firefox became so popular
The primary reason why Firefox did so well was because of their creation of ‘Addons’ which have made our life easier. Just as much as ‘there’s an app for that’ – a strap line that Apple marketing kept telling us, so there is an ‘AddOn’ for Firefox. Sure, other browsers allow AddOn’s, but Firefox pioneered it. (Side note, you might be interested in our “World’s Best 50 Firefox Pentesting AddOns” blog post). A later development of the customization of the browser was ‘Firefox Personas’, which was released in 2010; allowing users to change Firefox’s appearance with a single click.
When Firefox first hit the scene it was a cooler (and open-source) project that rebelled against a poorly-built browser that Windows users were ‘forced’ to use. No-one likes being told or forced what to use – especially when we have choices, and with Microsoft’s decision to bundle IE with their operating systems, the opportunity for other browsers to gain market share became apparent. The “Browser Wars” of the mid-1990’s was essentially caused by Microsoft Windows, with 90% share of the desktop operating system market, insisting on Internet Explorer being included with every copy of Windows. Clearly this was an uncompetitive advantage and legal cases followed.
The main difference between Chrome and Firefox (as at September 2013): CPU Cores!
Chrome allows for multi-process architecture if you have a multi-core CPU. Chrome does manage efficiency better than Firefox since it places processes within their own cores. What that really means is that Chrome can do many things at once and the interface should never lag as pages, for example, load in the background.
Firefox on the other hand uses single-process architecture, so for example, if you open six browser tabs, the main Firefox processor has to load and render them individually as well as control the interface. As a result Firefox can crash more often and can lag a little bit more.
Firefox Doesn’t Use a Security Sandbox
Chrome and Internet Explorer have both implemented a feature called “low integrity mode” or “protected mode” to run browser processes with as few user permissions as possible. If a browser vulnerability, or XSS attack for example, was discovered and exploited in Chrome or IE, the exploiter would also have to use some sort of additional vulnerability or unpatched hole to escape the security sandbox and get root access to the operating system. This is clearly the most glaring security problem for Firefox.
Which is your favorite browser and why? We only just scratched the surface but please chime in if you can see a major security difference between the browsers. Also, it’s worth mentioning here an excellent Hacker Hotshot web show we had last year titled: “Zombie Browsers Spiced With Rootkit Extensions” with Zoltan Balazs. Zoltan answered questions like: “Which is the safest browser on the market in your opinion, and is there is one thing that we can do protect our browsers from being hijacked? ” which you can learn more about on that page.