Microsoft calls out Firefox and Chrome for security weaknesses

Forum Moderators: open

Message Too Old, No Replies

Microsoft calls out Firefox and Chrome for security weaknesses

bill

4:05 am on Oct 14, 2011 (gmt 0)

Microsoft calls out Firefox and Chrome for security weaknesses [zdnet.com]

In a move thatā€™s sure to raise hackles in Silicon Valley, Microsoft today debuted a new web site designed to raise awareness of security issues in web browsers.

When you visit the site, called Your Browser Matters [yourbrowsermatters.org], it allows you to see a score for the browser youā€™re using. Well, if youā€™re using IE, Chrome, or Firefoxā€”other browsers are excluded. Not surprisingly, Microsoftā€™s latest release, Internet Explorer 9, gets a perfect 4 out of 4:

Part of the goal of the site is to prod users of outdated IE versions to switch. So IE6 gets a solid zero on this page, and IE7 gets a 1 out of 4.

If you visit the site with the most recent public releases of Firefox or Google Chrome, however, the results are less than perfect.

Funny, it doesn't work with Opera or Safari at all...

tangor

6:15 am on Oct 15, 2011 (gmt 0)

Got a chuckle... site would not work at all under FF 7x with noscript... had to tell noscript to allow the page.:)

For fun, checked with IE 8 (64, running xp64 pro) and it came in at 3 on their four point scale... but the pictures were prettier.

Don't use chrome, safari, or opera so no commentary on those.

The particular tests this site uses seem to indicate, more than anything, the inability of the OLDER browsers to operate in today's web... hence that "kill IE 6" anthem.

This is what it checks:

Dangerous Downloads

Does the browser help protect you from websites that are known to distribute socially engineered malware?
Does your browser provide a distinct warning when you download an application that is of higher risk but not yet confirmed as malware?

Phishing Websites

Does the browser have a feature that can help protect you from phishing sites?
Does your browser help you identify the domain you're on by distinguishing it within the URL?

Attacks on your browser
Securing Extensions

Does the browser have the ability to restrict an extension or a plugin on a per site basis?
Does the browser have a system for auto updating browser extensions?

Effective Sandbox

Does the browser process utilize Windows Protected Mode or implement a similar mechanism such that browser processes cannot modify parts of the system that it doesn’t have access to?
Does the browser extend the sandbox such that it cannot read data from parts of the system that it doesn’t have access to?
Does the browser benefit from Windows Operating System features that protect against arbitrary data execution?
Does the browser benefit from Windows Operating System features that randomize the memory layout to make it harder for attackers to find their target?
Does the browser benefit from Windows Operating System features that protect against structured exception handling overwrite attacks?

enigma1

10:44 am on Nov 23, 2011 (gmt 0)

I tried it also with FF 8. The score box reads
"We can't give you a score for your browser."
Maybe it's outside the 0-4 range.

sem4u

10:58 am on Nov 23, 2011 (gmt 0)

I got the same result for FF8.

On IE8 I got 3/10, but I can't upgrade to IE9 as I am on Windows XP.