The Inquirer-Home

Chrome and Firefox were lucky to escape Pwn2own hackers

There is no most secure web browser, unless you count Wget on Linux
Wed Apr 20 2011, 14:25

AT THIS YEAR'S Pwn2own hacking contest Internet Explorer and Safari were hacked in quick time while Chrome and Firefox remained relatively unscathed, but the competition's sponsor made it clear that this didn't mean they were any more secure.

Simon Leech, manager of Solution Architects EMEA at Pwn2own sponsor HP TippingPoint, said he was surprised that Chrome in particular didn't go down because Google itself offered money for a hacker to take down the web browser.

But this didn't mean that the web browsers were any more secure, with a combination of factors and 'luck' leading to only IE and Safari suffering embarrassment this year. For example, Google came out with a patch release just before the competition that Leech believed fixed a vulnerability one researcher was looking to take advantage of.

Speaking during London's Infosecurity conference, Leech said, "There are definitely vulnerabilities in Chrome - it's not the most secure browser out there. There is no evidence to suggest that Chrome is any more secure than any of the other browsers."

He added, "It also might be something to do with Google's policy towards vulnerability research. They are starting to pay people, so researchers may have felt it was better to take their vulnerabilities to Google."

When The INQUIRER asked Leech for a straight-up answer to what the most secure web browser was out there, he jokingly said Wget, a Linux text-based file transfer utility.

But he followed that by saying, "To be honest there is no most secure web browser. You can definitely help your own security by configuring it correctly - disabling stuff that could lead to a security problem."

"Be careful with what you do with Java, use some of the plugins that are available to browsers to check that you're surfing at a secure site. But it's not the browser security you have to worry about. At a certain point every browser has a vulnerability in it somewhere. It's more about the usage of your browser."

Like operating systems, market share has always been the real issue when it came to which browser is most likely to be targeted. Internet Explorer still has the biggest market share of the browsing market, so it is obviously most likely to be profitable for cyber criminals.

Leech said, "Take as an example, Microsoft versus Apple in operating systems. Microsoft still has the major market share, so it obviously makes sense for a hacker to target it."

"You get a lot of these Apple owners who say they are much more secure and they don't need anti-virus. It's a load of junk. All the vulnerabilities are there, but the only reason the viruses aren't there is because they aren't exploited due to the lack of market share."

"The same thing goes for the web browser. The two main targets have always been Microsoft Internet Explorer and Mozilla Firefox. There are plenty of other web browsers out there, but they have such a small market share." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?