Henry Dalziel | General Hacking Posts, Hacker Hotshots | February 10, 2013
We had an excellent Hacker Hotshot this week with Zoltan Balazs who in our opinion is one of the world’s experts on internet browser security.
The interesting thing about browser security is the falsehood that people have (especially those not familiar with information security) in that their browsers are immune to security risks such as malware, trojans etc. This could not be further from the truth. Zoltan confirmed during our Hacker Hotshot event that most anti-virus programs do not scan the browser itself – especially extensions and addons.
We had several questions during the show, one of which was: “Which is the safest browser on the market in your opinion, and is there is one thing that we can do protect our browsers from being hijacked?” Zoltan’s answer was that Chrome is one of the more secure browsers when compared to the big four, (being Firefox, IE, Safari and Google Chrome).
Zoltan’s reasoning was that Chrome is a safer browser because Google enforce the use of their official extension store, meaning that users are unable to simply install extensions and addons from anywhere – i.e. from third party sites. Clearly this is a safer way of protecting the integrity of a browser because Google can centrally audit whether any extensions contain malware. However, it is not that simple because we have seen cyber criminals being able to upload malicious extensions. For example, at the tail end of last year, more than 80,000 Google Chrome users became infected with malware when they tried to download fake versions of Rovio’s Bad Piggies from the Google Chrome Web Store. If you are familiar with Angry Birds then “Bad Piggies” was their latest release.
Another viewer asked what would be the best way to keep their employees terminals safe and whether they ought to adopt the No Script addon at an enterprise level. The answer was that it certainly is a good idea to limit the choice of browsers that employees can install and to absolutely restrict the fee download of apps.
So, which is the safest browser! We wanna know!
Well…drumroll….the answer is….Internet Explorer 10! Yes indeed! Zoltan, who created the “Zombie Browser Pack” available from github told us that in his opinion IE10 is safe browser to use.
As we all know, Internet Explorer used to be the undisputed champion of browsers, primarily as a result of the fact that they bundled their browser within shipped windows machines. The popularity, or rather the inherited browser forced into our windows machines was something that belonged back in the early 2000’s. Thankfully that has all changed with Safari, Firefox and Chrome all dividing up the market share. From a developers perspective IE sucks. Period. IE10 certainly works better with most HTM5 and CSS3 markup but don’t bet on it. Anyways – this article is about browser security and its’ interesting to note Zoltan’s comments about IE. If you disagree please drop a note in the comments below!
There is a good piece on this by PC Mag (Security Watch) which shows that according to their tests Internet Explorer 10 browser detected and blocked nearly every trace of malicious code without the help of a third-party antivirus program. Pretty impressive.
We all use Mozilla Firefox in the office – likely our allegiance and longevity is based upon having all used the browser since its’ inception. Also, Firefox pioneered addons – something which acted as a slingshot to the popularity of Firefox. On that subject of addons, and if you are interested in how to use Firefox as security tool for penetration testing and intrusion detection, take a look at our 50 most popular pentesting addons post. Do you agree with us? Do you think Firefox is legendary and like us you just can’t let it go? Or would you, ahem, make the switch to Internet Explorer 10! Let us know in the comments below!