Re: What is the most secure web browser,

[Chris Ess <azarin () tokimi net>]

> I have been researching these security lists for a
> while, and am still puzzled and would like some
> feedback?
> There have been several recent vulnerabilities in the
> past few weeks alone on IE, that prove that it is
> obviously not the secure web browser of choice.
> My question to the list, is what is the most secure
> browser that will not get manipulated like IE?
> Is the programming languages and protocols at fault or
> $pecific vendors?
> I don?t think that continuous, almost daily patching
> is realistic or even close to a resolution. I also do
> not believe that Lynx is an answer.
> Any input would be appreciated?

I think you need to specify more clearly what the minimum functionality
you're looking for is.  Without knowing that, we may not be able to answer
the exact question you're asking.

The term 'web browser' suggests that the program renders the HTML on a
page, so suggesting a telnet to port 80 on the client host (or using the
GET utility which comes with libwww-perl) would not be of use.

I wonder why you say that lynx is not an answer, especially since in my
mind and experience it's one of the more (if not the most) secure browsers
out there.  (I don't think I've heard of a security bug in lynx, but that
doesn't mean there aren't any.)  Other suggestions for more secure
browsers are links and w3m, but these are also text-only browsers.  I
suspect that you are really asking about the most secure 'graphical' web
browser.

I have not really dealt with web browsers outside of the 'big three' --
IE, Mozilla/Netscape, and Opera.  However, alternatives e.g. Galeon and
Konqueror do exist.

We hear about issues with IE all the time and in Opera to a lesser degree.
Mozilla/Netscape bugs are comparitively rare but not uncommon.  I know of
at least one Konqueror security bug report and I don't think I've seen any
for Galeon.

For general web use, I would probably suggest Mozilla or Firebird based
on my experience.  There may be more secure alternatives I'm not aware
of or have not used.

Even  then, though, this will only cover security for the web browser
itself.  If malicious content is loaded by a plugin or separate program,
e.g. Macromedia Flash Player, and exploits a bug in said program, your
choice in browser won't save you.

I'd be interested in hearing more about security benefits and drawbacks of
the 'alternative' browsers.

Sincerely,


Chris Ess
System Administrator / CDTT (Certified Duct Tape Technician)

---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------