The online world is a place where it’s best to be cautious. A good way to do that is to ensure the security of one of the biggest targets of cyberattacks: the browser. Hackers will first try to find vulnerabilities in the most used tool to access the internet. Of course, you don’t want that, so we’re taking a look at which web browser is the most secure.
Before we get to that, here’s what a browser needs to be secured against.
The most common attacks are malicious URLs. They link to web pages designed to host malicious code that uses exploits and run processes inside the browser in order to gain access to the operating system.
Bad scripts can also be part of a trusted website, making the attacks even more devious. Plugins and extensions are not technically part of the browser, but they are part of the online battlefield. Targets for exploitation include Adobe Flash Player, Adobe Reader, Java and ActiveX. Malware can also be masked as a plugin, but browsers can block them and warn you when you try to install a suspicious one.
Breaches usually happen in order to bypass protection and display advertising, collect personal information (for marketing or identity theft), web analytics (data about how you use the web), generating likes on Facebook (likejacking) and installing adware (malware which displays ads), viruses and spyware (e.g. Trojan Horses).
How to Tighten Your Defenses on Most Browsers
Before you do anything else, update your browser. Users get notifications when browser updates are ready and just a click away. Configure your browser security and privacy settings so that you feel comfortable with them. Important settings include blocking malicious sites and third-party cookies, disabling Flash, blocking pop-ups and turning off tracking.
Keep in mind that no browser is completely secure, no matter the security architecture. In fact, studies have shown the weakest link in the security chain is the user. There’s no substitute for using reason while browsing. Please note that even using any of the best VPN providers won’t protect you from being silly while on the web.
Of course, browsers haven’t stopped improving their security. They could all plausibly claim they are safe for the average user. The differences come down to slim margins. To see what prevents unwanted breaches, let’s dive into what makes good security for the browser.
What Makes Web Browsers Secure
Like antivirus software, browsers rely on patching vulnerabilities to ensure security. Unfortunately, most patches are rolled out after hackers have poked and prodded the browser. Ultimately, it’s always a race between the developers and hackers. Reviewing how quickly developer patch and update the browser is crucial (the bigger the team, the better).
Even updated browsers differ in how they approach security. That’s evident in their security architecture and features.
Browsers can consult a blacklist, such as the Google Safe Browsing service. It provides a list of URLs that contain malware or phishing content. Most popular browsers use this service (excluding Comodo Dragon, which has its own secureDNS) to filter out unwanted URLs.
One prominent piece of security architecture that modern browsers use is a sandbox, an isolated environment for the browser that limits access to your operating system. Even if a vulnerability is exploited, the sandboxed environment should keep malware contained.
Let’s see how the most popular browsers for desktop and mobile, and some of the obscure ones, fare in update frequency, URL protection and quality of architecture.
Browser Security Features: the Most Important
While browsers tend to compete to have the most innovative features or open pages the fastest, but they all take a similar approach to security. Here, we’ll compare them and see who does it best.
Firefox got a big update with Firefox 58 (“Quantum”). It wasn’t perfect and a critical vulnerability was found in January. Mozilla quickly released an update. The security of its users is one of Mozilla’s goals and it vows to ship patches in less than a day.
Internet Explorer always had a rocky relationship with security, but its latest version is closer to the industry standards and still receives updates. IE11 gets patches every 30 days or so, which doesn’t compare well to the more popular choices.
However, previous versions aren’t supported anymore and Microsoft has moved away from IE11 as it promotes Edge, claiming the new browser is quicker and more secure. It seems to get updates every month or so, which are bundled with Windows 10 updates.
Vivaldi is also based on Chromium and it’s built by former Opera devs. The open-source browser might have a small share of the market, but, with the help of community coders, its update cycle is not far behind the big boys.
We have Chrome in the lead, with Firefox, Safari and Opera a tiny step behind. Others tend to have slow or intermittent update cycles. Keep in mind that the more obscure browsers are not a big target like the popular ones, so they benefit from security by obscurity.
URL Protection on Chrome (and Chrome Derivatives)
Chrome has protection against deceptive sites and malware turned on by default. It will notify you when a site contains malware, is actually a phishing site or isn’t secure. Firefox, Safari, Opera and Vivaldi all consult the same service as Chrome: Google Safe Browsing.
IE11 uses SmartScreen Filter. Similar to Google, it prevents you from opening URLs leading to malicious or compromised sites. Microsoft Edge benefits from it as well. Edge also uses Windows Hello technology that authenticates both the user and the website.
Comodo Dragon uses its own DNS servers to filter websites in real-time. It does so by consulting a block list and it will warn you whenever you try to enter a harmful website. Keep in mind that if you’re far away from Comodo’s DNS servers your connection will slow down. On top of that, Brave Shields help protect it from malware and phishing. This feature also filters sites by consulting a block list.
Chrome was one of the first to use a sandbox and the technology has matured. Google’s browser uses a modular architecture that places the complex rendering engine (the piece that uses HTTP to communicate and display pages) in a low-privilege sandbox. Each tab gets its own.
That way the engine can’t communicate with the operating system.
Firefox 54 finally introduced sandboxing and updated it for Linux last year in order to match Windows security features. The same update improved the security walls of the sandbox, making it more difficult for attackers to breach the rest of the system.
Internet Explorer has a feature first introduced with IE7 that isn’t strictly a sandbox: the Enhanced Protection Mode. It still protects against malware reaching the system if it manages to use an exploit and run malicious code. Your personal information is also safe until you grant IE permission to access it.
The Microsoft development team made sure Edge didn’t support ActiveX, which improved its sandbox. They reduced the amount of code that hackers could look through to find vulnerabilities. This resulted in a sandbox custom-made for Edge (not just any process like before).
Mac OS has the App Sandbox, which is enforced at the operating system level. All apps distributed through the Mac App Store must conform to it, including proprietary software like Safari. The OS also sandboxes Safari’s built-in PDF viewer and plugins.
Opera, Brave and Comodo Dragon are all based on Chromium, so it’s safe to assume they all rely on its native sandbox implementation. They haven’t shared information about their specific methods.
Sandboxing has become an industry standard, so it’s not going to be the deciding factor in determining browser security. Regardless of which browser you use, you can be sure that there’s a sandbox to safeguard your system.
Secure Browsing on Mobile
Mobile versions of the browsers mentioned previously mostly correspond to their desktop versions in terms of security. Of course, they are not exactly the same, as mobile requires additional ease of use features. We want to see ad blockers, but you can’t install them for mobile browsers.
You need to rely on those that have ad-blocking integrated and, out of those mentioned, only Brave, Chromium and Safari do. The three can also block cookies and tracking. On top of that, Brave integrates HTTPS Everywhere by default and blocks scripts.
Ad-blocking, along with blocking analytic and social trackers, is also available on Firefox Focus. Plus, every session is in private mode. Aloha Browser also features an ad-blocker, along with its own VPN to protect your privacy. It’s a tough combo to beat.
In the end we feel the best option for desktop is Google Chrome. Its update cycle is fast and its sandboxing technology is mature. It also has excellent tracking and malware protection. For many of you, this validates your choice as Chrome is the most popular browser. If it’s not yours, however, you might want to give it a try.
For mobile, we decided to go with Brave because of its excellent blocking features and https connections. Chromium was a close second.
While most browsers get updates and patches quickly, they aren’t completely safe. They also take different approaches to privacy. The best way to complement browser security and privacy is to use a virtual private network. Dedicated VPNs arguably provide better security and privacy than integrated do. To make it easy for you to decide which to use, we compared the best VPNs.