The Web has recently been alive with discussion of a report published earlier this month by a company called Accuvant concluding that, of the three most popular Web browsers it tested, Google Chrome was the most secure and protected the user best from online threats. The three browsers tested were, in claimed order of merit, Google Chrome, Internet Explorer and Mozilla Firefox. Yes: the report pushed Firefox into third position after Internet Explorer!
Browser testing, however, is a complex business. Results depend critically on exactly what you are testing and how you do so. By carefully selecting the features you concentrate on, you can alter the relative merits of the different softwares under consideration. Objectivity, allied to technical expertise, is of course the key.
Now, Accuvant is a reputable and respected company and no comment that I have seen questions this or the company’s objectivity. However, some concern has been expressed about the fact that the report was actually paid for by Google. This has made for a feeling of unease about the results. Let’s be clear: no one has claimed that Accuvant has been anything other than completely objective but, well, the unease remains.
Some of us will remember the old days of the so called "browser wars" when Internet Explorer (IE) and Netscape Navigator were locked in a battle for supremacy. IE, when it first appeared to confront the already mature Netscape offering, seemed little short of a toy browser but that changed rapidly. Very soon they were racing neck and neck, each cheered on by its own set of highly partisan fans.
Then Netscape took a fall, like a horse falling at a fence in a steeplechase, leaving the field almost completely clear to IE. To disheartened Netscape fans, the appearance of the Mozilla browser was an event akin to the arrival of the US Cavalry in a Western film. We were saved from the pesky villain IE who had seemed to rule the roost.
From the early days, Firefox steadily rose to become the dominant browser in a field occupied by a small number of contestants, all eagerly fighting for market share. In the meantime, the online world has changed almost beyond recognition and has become a more challenging and, to the user, more dangerous environment. Browser design is no longer simply about providing the user with a rich set of facilities: it is also and particularly about confronting threats and protecting the user, and the user’s computer, from danger and damage.
I have seen all the main browsers develop from simple and speedy applications to inflated and slow ones. These days we demand far more of our browsers in terms of features, while at the same time, the Web has a far more complex and rich set of features that browsers need to handle. The extra complexity comes at a cost in size and efficiency.
When Google Chrome first appeared, I tried it, and it seemed to me a very schematic piece of work, hardly worthy of the being called a browser. Since those early days, however, it has developed apace and is today a very competent piece of software. At the last count, I had 5 browsers installed, either the Windows versions or the portable versions, and Google Chrome is one of them. Compared with Firefox, it seems very simple. As a Firefox user I find myself groping around in Chrome for settings or functions that don’t actually exist but, despite this, Chrome possesses nearly everything you need, while its slimline form means that it is one of the fastest browsers – and possibly the actual fastest browser – currently available. Its market share has also increased impressively, hence the concerns about matters of security.
One of the interesting things about Chrome is that it is based on a software project called Chromium and Chromium is open source. That means that anyone can use Chromium as a basis for their own browser development. As a result, there are today quite a few Chrome lookalikes on the market. These are not clones (as they are often mistakenly called) because each has its own special features which its authors hope will win them market share from Chrome itself.
The main objection that many people have to Chrome is that it is a tell-tale: it reports back to Google on all the user’s activities. Google will say that the data collected are anonymized and therefore do not compromise the privacy of users; critics will point out the when you install Chrome, it acquires a unique identity number to which all collected data are referenced and that this opens to door to spying on users.
Without getting involved in the increasingly acrimonious debate, we can say that this has proved to be a selling point for Chrome’s rivals, enabling them to claim that they do not stick their nose into your activities as does Chrome itself. Some of these alternatives have by now acquired a small but dedicated following.
I will mention just two of the rivals because I have them installed on my PC and use them frequently. The first is called Iron and comes from Srware. Iron comes in two versions, Windows installer and portable. Srware claim that it has all the features of Chrome but with all reporting functions removed. Any extensions that you find in Chrome Web Store can also be installed in Iron. I have seen reports of some oddities in performance but have never noticed anything of the sort myself. If you like Chrome but don’t want it telling tales on you, then Iron may be your solution.
The second contender, and one I discovered only recently, comes from the Comodo stable and is called Comodo Dragon. This is a very pretty, if slightly curious, example of the Chrome lookalike art. Many commentators have remarked that Dragon resembles a cross between Chrome and the Opera browser. Its layout is similar to, but slightly different from, Chrome’s layout. For example, the famous "wrench" (or spanner) icon to access settings is missing. You click on the Comodo Dragon logo in the top left-hand corner instead.
Like Iron, Dragon claims not to betray your secrets. More than than, it claims to be the most secure browser of all of them. It has special secure features in addition to those of Chrome, and when you install it, you are given the option of setting it to go through Comodo’s own servers, supposedly adding another layer of security.
Also, when you first install it, a tick box appears, leave this blank and Comodo Dragon installs as a Windows application; tick it and it installs on a USB flash drive as a portable application. This means that you can carry your browser with you and keep both versions loaded with your favourites and your passwords. Comodo Dragon can use your Google account to synchronise it with all your data. As with Iron, all extensions in the Chrome Web Store will also run on Comodo Dragon.
Do we need Firefox anymore? If Google Chrome and its lookalikes as so secure and fast and so simple to use, why would we bother with podgy slow Firefox? There’s a lot we could say in answer to that, I think. Firefox is still a power in the land and I have no doubt that it will spring back from the slap received from Accuvant and become competitive again. Firefox is not perfect; it has faults; but it’s a damned good browser and is not ready to be written off just because a security firm has said a few harsh things about it.
However, there is one very important feature of Firefox that ensures that it will remain my main browser for the foreseeable future. The only other browser I know that has this feature is Opera, though it is not so nicely implemented there. I speak of a global password to protect your login details.
These days, we all have so many username/password combinations that the temptation to let the browser remember them for us is well nigh irresistible. This, however, is dangerous. When we go on a trip, I take my laptop along so I can transfer each day’s photos to it. There is obviously a risk that the laptop will be stolen or simply accessed by someone. If there is an unprotected browser on it, then all my passwords are there for the taking. Firefox protects these with a global password and as long as I choose a suitably complex and unguessable password, my data are safe. The machine maybe stolen but the thief will not be able to access my accounts.
Google Chrome does not have a global password, nor does the design of Chromium allow for one. There have been many complaints about this, even among Chrome fans. Writers of Google extensions have of course tried to tackle this problem and you will find on the Web many glowing accounts of extensions such as Simple Startup Password. Unfortunately, these extensions are not secure and can easily be by-passed, so there is little point in installing them. Chrome’s design will need radical revision before a proper global password system can be included.
My conclusion, then, is that Google Chrome, and especially Comodo Dragon, are nice browsers and have good features, but they are not to be trusted with your sensitive data and that Firefox remains, for the foreseeable future the browser of choice. You can to a certain extent beef up its security by means of add-ons and new versions are coming out so fast these days (we are now, remarkably, at version 9) that I am sure the well publicized security weaknesses will be dealt with soon. By all means use Chrome or Dragon for surfing, but keep your passwords protected in Firefox.