Microsoft calls out Firefox and Chrome for security weaknesses

Microsoft calls out Firefox and Chrome for security weaknesses

Summary: In a move that's sure to raise hackles in Silicon Valley, Microsoft today debuted a new web site designed to raise awareness of security issues in web browsers. IE9 gets a perfect score; Chrome and Mozilla don't. How fair is the test?

SHARE:

In a move that's sure to raise hackles in Silicon Valley, Microsoft today debuted a new web site designed to raise awareness of security issues in web browsers.

When you visit the site, called Your Browser Matters, it allows you to see a score for the browser you're using. Well, if you're using IE, Chrome, or Firefox—other browsers are excluded. Not surprisingly, Microsoft's latest release, Internet Explorer 9, gets a perfect 4 out of 4:

Part of the goal of the site is to prod users of outdated IE versions to switch. So IE6 gets a solid zero on this page, and IE7 gets a 1 out of 4.

If you visit the site with the most recent public releases of Firefox or Google Chrome, however, the results are less than perfect. Here, for example, are the detailed results for Chrome 14 and Firefox 7:

 

Microsoft's methodology is available for detailed scrutiny. If you dig deep enough into the site, you can find this table that lists whether each browser implements particular security features: 

Click to see a larger version

Click to see a larger version

The takeaways?

Microsoft is giving itself full credit for its SmartScreen technology. I've written about this before (see IE9 versus Chrome: which one blocks malware better?), and I think Microsoft has a strong case to make here. IE9 does a great job of identifying suspicious software and differentiating it from known safe downloads. Both Chrome and Firefox are very weak when it comes to providing information that you can use to decide whether a download is safe.

All three modern browsers get full credit for anti-phishing protection

Microsoft dings itself (but doesn't deduct any points) for its inability to auto-update browser extensions and to sandbox browser sessions. In particular, this seems unfair to Chrome, which should get credit for automatically updating the potentially dangerous Flash plugin. If I could make any change to this scale, I would give IE9 a 0.5 on this score and give Chrome a full point.

As for attacks on websites, no one's perfect, but IE9 gives itself full marks for implementing 4 out of 5 features and deducts a half-point from the scores for Chrome and Firefox.

Microsoft is positioning this site as a user education tool and has recruited some outside organizations to endorse its methodology, including the Anti-Phishing League, Identity Theft Council, and Online Trust Alliance. But the educational message is unfortunately overshadowed by the aggressive marketing. Given that roughly a third of Internet users are running dangerously outdated web browsers, I wish they had placed a greater emphasis on the need to upgrade all your software as an essential security step.

To read more about the site and get Microsoft's full pitch, see this post on the Windows Team Blog: Are You One of the Millions at Risk from Socially Engineered Malware?

In a separate but related development, Microsoft also released its latest Security Intelligence Report today. I'll be digging into its findings in more detail in a follow-up post.

Related posts:

Topics: Browser, Google, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

56 comments
Log in or register to join the discussion
  • This is a joke

    Isn't it, Ed?

    http://www.zdnet.com/blog/security/internet-explorer-9-haunted-by-critical-security-vulnerabilities/9590

    lol...
    ScorpioBlue
    • RE: Microsoft calls out Firefox and Chrome for security weaknesses

      @ScorpioBlue

      Yep, must be as the same company loves to have a practical joke by allowing executables to be downloaded an run in guest mode
      Alan Smithie
    • RE: Microsoft calls out Firefox and Chrome for security weaknesses

      @ScorpioBlue

      I guess other browsers never release security patches for critical vulnerabilities. Right?
      bobiroc
      • RE: Microsoft calls out Firefox and Chrome for security weaknesses

        @bobiroc : so many, in one go, after all these years of trying to get better??? ha ha
        deaf_e_kate
      • As usual, @bobiroc misses the point

        Well here's a clue, @bobiroc

        [i]"Microsoft calls out Firefox and Chrome for security weaknesses"[/i]

        Gee, isn't that the title of this blog?

        And in the same week...

        http://www.zdnet.com/blog/security/internet-explorer-9-haunted-by-critical-security-vulnerabilities/9590

        Hmmm...I think Microsoft needs to be concerned with their own backyard first before they start pointing fingers at Mozilla and Chrome with their own rigged studies, don't you?
        ScorpioBlue
  • We can't determine a score

    Mac OS X - Safari 5

    Well. why not?
    davebarnes
    • firefox 10

      @davebarnes Firefox nightly 10 x64 wasn't detected either but IE9x64 was - go figure ???
      optyk
    • RE: Microsoft calls out Firefox and Chrome for security weaknesses

      @davebarnes : Same with Opera 11.51 - what a rubbish test site biased in favour of the MS products - usual MS FUD
      deaf_e_kate
      • RE: Microsoft calls out Firefox and Chrome for security weaknesses

        @deaf_e_kate

        Oh I didn't realize that Microsoft made the other two top browsers Chrome and Firefox. It is not uncommon for comparisons to be limited to the top 3 of a product in a certain category. Safari is at number 4 and that is primarily due to it's mobile share on iOS.

        That being said I still think they should have included it as it is the default browser that is automatically installed on every Apple computer that comes with MacOS.
        bobiroc
    • RE: Microsoft calls out Firefox and Chrome for security weaknesses

      @davebarnes

      Because

      [b]Well, if you???re using IE, Chrome, or Firefox???other browsers are excluded.[/b]

      They probably should have included Safari as it is a fairly popular browser
      bobiroc
      • RE: Microsoft calls out Firefox and Chrome for security weaknesses

        @bobiroc : yeah, especially opera seems more secure than all of them.
        deaf_e_kate
  • They flagged chrome as malware

    "Microsoft is giving itself full credit for its SmartScreen technology....IE9 does a great job of identifying suspicious software and differentiating it from known safe downloads."<br><br>Their anti virus software delete one of the most popular browsers, Chrome, as malware. So they're not good at differentiating malware from regular software.<br><br>I thought the Chrome deletion was a mistake, but now it turns out MS has it as a current target I now have my doubts.<br><br>"Anti-Phishing League, Identity Theft Council, and Online Trust Alliance"<br><br>i.e. 3 marketing placeholders endorse it. Gee do you think that's marketing?
    guihombre
    • RE: Microsoft calls out Firefox and Chrome for security weaknesses

      @guihombre What anti-virus are you running that deleted Chrome?..or do you mean the Chrome.exe downloaded from IE? I have never ran into that and have installed Chrome on new computers at least a dozen times...
      ChrispyCritter
      • See the link

        It was less than a fortnight ago and yet already Ed seems to have forgotten it:<br><a href="http://venturebeat.com/2011/09/30/baleted/" target="_blank" rel="nofollow">http://venturebeat.com/2011/09/30/baleted/</a>

        "The security software in question, Microsoft Security Essentials (MSE), had accidentally flagged Chrome as malware. Specifically, MSE thought Chrome was PWS:Win32/Zbot, a trojan that would steal passwords."
        guihombre
      • RE: MSE thought Chrome was a trojan that would steal passwords

        @guihombre

        That's not all they're stealing. ;)
        bobiroc
    • RE: Microsoft calls out Firefox and Chrome for security weaknesses

      @guihombre

      It affected a total of 3000 people and was quickly patched. You act like MSE was the first anti-virus to register a false positive on a legit program.
      bobiroc
    • One of the most popular?

      @guihombre

      I suppose technically it is...although coming in 3rd out of the main 5 isn't really anything to brag about.
      spdragoo@...
  • What happened to the original comments?

    Were they removed by the moderator or were they lost to the great ZDNet forum software?
    ye
    • RE: Microsoft calls out Firefox and Chrome for security weaknesses

      @ye Yeah 77 comments gone..oh well no biggie comments come and go nothing important going on here in the comments really...
      ChrispyCritter
      • RE: Microsoft calls out Firefox and Chrome for security weaknesses

        Lost 125 last week when Steve Jobs died.

        Even the dead aren't spared...
        ScorpioBlue