Most major Web browsers have similar features today, but users are looking instead to security and privacy features to determine which programme they will use.
Security firm Sophos, which operates in England and the United States, is currently running a poll where users can select their favourite Web browser. At present, Firefox is in the lead, with Chrome a distant second, but the poll itself is not nearly as interesting as the reasoning behind it.
Sophos is a developer and vendor of security software and hardware, providing endpoint, encryption, email, web, mobile and network security as well as Unified Threat Management products. Sophos is largely focused on providing security to organisations and businesses.
SophosLabs is the company’s global network of threat analysis centres.
Sophos has won several awards for its consumer-facing Naked Security blog.
Sophos competes in the antivirus industry against Avira, BullGuard, F-Secure, Frisk, Kaspersky, McAfee, Panda Security, Symantec, Trend Micro among others.
Secure browser
“Where you choose to put your faith is a big deal because everything you do on the web passes through your browser,” wrote Mark Stockley, the poll’s overseer. “It goes everywhere with you in the virtual world and, more often than not, it knows exactly where you are in the real world too.”
Stockley also pointed out that browsers do not exist in a vacuum — if you trust a browser, then by extension, you trust its manufacturer.
Trusting a software giant like Apple, Google or Microsoft has never been easy, but it’s even less so now in light of the U.S. National Security Agency’s (NSA) PRISM programme, which can tap into user information that those big companies provide.
HTTPS is much safer
Hypertext Transfer Protocol Secure (HTTPS) is a much safer way to access the Internet, as it provides two-way encryption that protects both the website and the user accessing it. However, the IETF pointed out that at present, only a website administrator can choose to implement HTTPS — users have no say in whether to use HTTP or HTTPS on any given website.
Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.
SSL/TLS
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which are designed to provide communication security over the Internet.They use X.509 certificates and hence asymmetric cryptography to assure the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality and message authentication codes for message integrity and as a by-product, message authentication. Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging, and voice-over-IP (VoIP). An important property in this context is forward secrecy, so the short term session key cannot be derived from the long term asymmetric secret key.
As a consequence of choosing X.509 certificates, certificate authorities and a public key infrastructure are necessary to verify the relation between a certificate and its owner, as well as to generate, sign, and administer the validity of certificates. While this can be more beneficial than verifying the identities via a web of trust, the 2013 mass surveillance disclosures made it more widely known that certificate authorities are a weak point from a security standpoint, allowing man-in-the-middle attacks.
In the TCP/IP model view, TLS and SSL encrypt the data of network connections at a lower sublayer of its application layer. In OSI model equivalences, TLS/SSL is initialized at layer 5 (the session layer) then works at layer 6 (the presentation layer): first the session layer has a handshake using an asymmetric cipher in order to establish cipher settings and a shared key for that session; then the presentation layer encrypts the rest of the communication using a symmetric cipher and that session key. In both models, TLS and SSL work on behalf of the underlying transport layer, whose segments carry encrypted data.
Firefox’s good security and privacy features
On the other hand, Auerbach had nothing bad to say about Firefox. “Firefox offers a good array of security and privacy features, and a great amount of flexibility for power users to customize their browser,” he said.
Browsers like Internet Explorer, Firefox, Chrome, Safari, Opera and others have gotten to the point where there are few major differences in how each programme displays online content. Instead of worrying about which browser has the fastest page load times or the most options for video playback, users want to know how safe their information will be.
“Right now, the choice of a user’s browser has a significant effect on security and privacy,” Dan Auerbach, a staff technologist for the Electronic Frontier Foundation advocacy group, told Tom’s Guide. He highlighted some of the security features of each. “If you use Safari, you block third party cookies by default, which greatly enhances your privacy,” Auerbach said.
Chrome, on the other hand, has a number of useful security features, but Google itself might prove a risk. “[Chrome] does not seem poised to offer users greater privacy given Google’s deep ties to an advertising industry which has been resistant to make changes that help user’s privacy,” Auerbach said.
The future of HTTP
Everyday users are not the only ones looking to the future. The Internet Engineering Task Force (IETF) is a collection of activists who want to improve the Internet from a design perspective. Security is one of its hallmark issues, and it recently proposed a way to make a more secure browser.
Internet Browser Video Guide Choosing an Internet Browser doesn’t have to be difficult. Make sure to take into consideration its speed, features, security, supported configurations, and its technical help and support.
At present, most Internet sites work through Hypertext Transfer Protocol, which allows the transfer of data to a remote location (like a website through a browser, for instance). HTTP is incredibly useful, but not very secure, as the data on these pages is unencrypted and accessible by anyone.
MORE: 5 Free PC Security Programs Worth Downloading
The group proposed that websites should adopt a system known as HTTP 2.0, which is currently in development. This system uses Google’s SPDY system (it doesn’t stand for anything, but it sounds like “speedy”), which offers both user- and server-side encryption for Web pages.
Auerbach believes that such a system might provide a much more secure online experience, regardless of browser. “Will HTTP 2.0 require encryption, as SPDY does?” Auerbach asked. “If the answer is yes, then yes, this will greatly improve the security of the Web.” Users can also use HTTPS on a large number of websites by downloading various plugins for Firefox and Chrome.
Until then, users will have to take responsibility for their own Web security. You’ve probably heard Auerbach’s suggestions before, but they’re still good ones. “Be wary of anything you download and run,” he said. “Use HTTPS as much as possible … Turn off Javascript … Do not re-use passwords.”
“This will be disruptive,” Auerbach warns, but until the future of Internet browsers arrive, the present is still rife with potential dangers.
Source: Weekly Holiday
