Kamis, 18 Maret 2010
Mozilla Firefox vs. Internet Explorer: Which is Safer?
I am safer browsing in Mozilla’s Firefox browser than I am in Microsoft’s Internet Explorer. I firmly believe this to be the case. Yes, that’s right, Firefox is safer than IE.
In the same vein as my series earlier this year on Windows vs. OS X vs. Linux security, let’s explore how I came to this subjective opinion. • Lower profile target. One of the main reasons I’m more willing to trust my data security to my OS X (Mac) system is that they have a smaller market share than Windows does. This sounds peculiar to many people who aren’t familiar with security, but in the dangerous world that is the Internet, keeping a low profile can be an important aspect of staying secure.
The reason for this, quite simply, is that our attackers, by and large, write their attack code to market share, for all the same reasons that legitimate software developers most often deliver their Windows products before their Mac or Linux ones.
Now, I’m fully aware that Firefox continues to make strides in this area and is constantly gaining market share, so this argument may well eventually fail. I’m confident, though, that by then I’ll have other, lower profile choices available. • Configurability. This is a tough one to judge. Like many Microsoft features, IE has a quite rich set of security features that can be configured to suit the user’s needs. Firefox, by comparison, is more simplistic in its security configuration choices. There’s a strong argument to be made for each approach.
IE manages its security via “zones”—Internet, Local intranet, Trusted sites, and Restricted sites. Within each zone, the user has a rich set of configuration options where authorizations can be fine-tuned. For example, Internet sites can be set to default to disallowing browser scripting, ActiveX, Flash, and other dangerous content. That’s the good news.
The bad news in all of these rich features is that a) by default, far too much untrustworthy content is allowed (e.g., JavaScript) and that b) the sheer vastness of the features will scare most users out of doing any substantive fine-tuning to protect themselves.
Firefox, on the other hand, is much simpler – but quite possibly too much so. JavaScript, for example, can be enabled or disabled (along with setting a half dozen or so JavaScript capabilities) for all or no sites. It’s nice that turning off dangerous features like this can be quickly turned on and off. It’s so simple that anyone could (and should!) experiment with it. But I want a little bit more flexibility than this.
Qualitative score: IE gets a B+ while Firefox gets a B-.
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar