Browser security study lacks credibility for one simple reason

I'm a Google Chrome user and should be happy about a newly-released study that declares it more secure than Firefox and Internet Explorer. But I have one big problem with this study.

It was funded by Google.

The report notes this, but makes the following justification:

Readers should understand that, while Google funded the research for this paper, Accuvant LABS was given a clear directive to provide readers with an objective understanding of relative browser security. The views expressed throughout this document are those of Accuvant LABS, based on our independent data collection.

I'm sure Google did give Accuvant free reign. But I can't help but wonder: Had the researchers found that Internet Explorer was the most secure and Chrome the least, would Google have gracefully stepped back, allowed the findings to come to light and then offered a fix-it plan?

I'm highly skeptical.

I would be just as skeptical had Firefox come out on top with the study funded by Mozilla.

The credibility is damaged from the start, in my opinion.

That won't change my browsing choices. I'll continue to use Chrome over the others. But to be perfectly honest, my decision isn't security based. I think all three browsers are much more secure than they used to be. My choice is instead based on the look, feel and speed. Chrome is a simpler, cleaner and faster browser. So I use it.

I used to favor Firefox, but each new version seemed to get more loaded down with more features I had no interest in -- features that turned it into a clumsy, way-too-slow-to-load browser. But that's not a security complaint, either.

Accuvant's conclusion is this:

The URL blacklisting services offered by all three browsers will stop fewer attacks than will go undetected. Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art antiexploitation technologies, but Mozilla Firefox lags behind without JIT hardening. While both Google Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies, Google Chrome’s plug-in security and sandboxing architectures are implemented in a more thorough and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured against attack.

I want to believe. The results of the study are probably accurate.

But it would have been much easier to believe had it been funded by someone other than one of the big three browser providers.

--Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO's Daily Dashboard gives you a

Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies