Slashdot Mirror
Google Chrome Most Resilient Against Attacks, Researchers Find (helpnetsecurity.com)
Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.
Chrome to the slow kid and his autistic older brother.
sudo rm -r -f --no-preserve-root /
Seriously, what is the point of this unless it compares Chrome to Firefox. Those are the only ones that actually matter!
Firefox is but one open source projet. And the failure is not in being OSS, it's in not listening to their users, i.e. the users keep saying for years that your program has memory leaks, that you should fix that instead of adding more bloated features that nobody asked for, and all you do is put your fingers in your ears and go "la-la-la-I can't-hear-you-la-la-la" then of course you're going to fail.
#DeleteFacebook
We compared Chrome to one of the most reviled web browsers in the world for poor security and discovered it came out on top! You won't believe what happened next - click here!
Chrome is a pillar of Googles strategy against Apple, Facebook and MicroSoft. They'd be stupid to let things slide with Chrome.
We suffer more in our imagination than in reality. - Seneca
There's an important paragraph in the introduction:
You can read the paper yourself to determine whether they succeeded at avoiding biasing their results. One up-front question is why they didn't include Firefox. Based on public vulnerabilities and Pwn2Own and similar competitions, FF is less secure than Chrome, but often better than Edge. Safari tends to trail by a large margin, so its exclusion doesn't surprise me, nor does the exclusion of Opera and other browsers with very small market share.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
And the memory leaks are largely caused by an unsafe extension system that is being replaced by a new, more thread-safe extension system. And the wailing and gnashing of teeth continue.
"Firefox has memory leaks!"
"Fixed the ones in Firefox, the rest are bad extensions (probably AdBlock)"
"Firefox's Javascript is slow!"
"Fixed that"
"Firefox is slow"
"We'll move to a new threading model that's lots faster and requires us to fix our leaky extension model too"
"You're breaking my extensions - why don't you listen to what your users WANT???"
[sigh...]
Link to actual research:
https://browser-security.x41-dsec.de/X41-Browser-Security-White-Paper.pdf
because Slashdot editors are lazy. More seriously, this paper appears to be a must-read if you're responsible for desktop or other end-user security. (The examples are great.)
Your attitude is a perfect example of why Firefox is on its way out. If you knew anything about Firefox 57 you'd know that it could very well be the final nail in Firefox's coffin. You would not be recommending that users look forward to it!
Firefox 57 is due in November, and it's the first release that's supposed to only support WebExtensions extensions. This will very likely break many existing extensions. Due to differing capabilities between the existing extension model and WebExtensions it may not even be possible to reimplement some existing extensions!
So I think we'll see two things happen:
1) A small number of Firefox users will continue to use pre-57 versions, so they can continue to use extensions that won't be or can't be supported in Firefox 57 and beyond.
2) A much larger number of Firefox users will move to Chrome (or Chromium) and never look back. If all of their extensions use a Chrome-like model, there's no reason to use Firefox. In my experience, and that of many other people, Firefox is very slow, bloated, and memory-hungry compared to Chrome. I'm sure you'll parade some bullshit "benchmarks" showing otherwise, but these benchmarks don't correspond at all to the actual experience of using Firefox and feeling just how less responsive it is than Chrome.
Firefox's market share is already pretty pathetic. Firefox 54 has only 2.94% of the market. Firefox 55 has only 1.19%. Firefox 52 has 0.49%. The rest of Firefox's releases, including Firefox for Android, are well under 1%. Many of them are in the 0.01% to 0.05% range.
I wouldn't be at all surprised if Firefox 57 knocks Firefox down to the 1% to 2% range.
Firefox is already pretty irrelevant now that's down to about 5%. When it's down to the lowest of the low single-digit percentages, the chance of a recovery will basically become non-existent. And once the Yahoo search deal expires, it's doubtful that any other organization will want to sign a search deal with Mozilla. Why would they, if Firefox has only 1% or maybe 2% of the market at that time? Firefox's future will be even bleaker than it already is if Mozilla were to lose out on their main source of income.
You hype Firefox 57 as if it's a good thing. The evidence suggests otherwise. It shows that Firefox 57 has the potential to be the most disastrous release in Firefox's history, even worse than the early rapid-release extension breakage debacle and even worse than the Australis debacle.