Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

The best 5 secure browsers

Defeat online bank Trojans with one of these.

Article comments

It’s still a case of Mozilla Firefox v Internet Explorer v Google Chrome in most debates about browser security, which ends with a back and forth on which sees the most critical vulnerabilities, which has the best sandboxing architecture (or any sandboxing architecture), and which offers the best plug-in complements.

If that threesome sounds a bit limited there is also a fourth option, the Norwegian-made Opera, and perhaps Apple’s Safari for Windows deserves to be taken seriously too. But are these browsers generally now so exposed that it is now longer safe to use any of them?

One route is to abandon popular browsers altogether for a specialist ‘secure’ browser built to be secure above all other considerations. There are now a number of these around, most of which are free.

A second and more radical possibility, discussed later on, is to abandon any browser that runs on Windows, period. The assumption behind this approach is simple: if it is not running on Microsoft then it matters not which vulnerabilities it has because it is simply vastly less likely to be targeted.

For the record, we recently looked at a third possibility, that of adding security plug-ins to one of the popular browsers. That is a valid approach but for this article we assume that what the user wants is something harder – a fully secure browser.

There are different ideas as to what exactly makes a browser ‘secure’. Some deploy a range of hardening techniques while others involve starting a protected ‘virtual’ machine within Windows. A final but more extreme approach is to boot into the browser from scratch using a different operating system.

Currently, all three will work effectively because criminals trying to break browser security assume a vanilla setup used by the overwhelming majority of their targets. As time goes on and more users start using protected browsers, some of these assumptions will have to be revisted.

Comodo Dragon

A free 21Mb download for XP, Vista or Windows 7, Comodo Dragon is based on Chromium Project code used by Google for its own browser. It’s probably best to see it as an entry-level product because most of what it offers is not much above the evolving Chrome anyway.

Security feature include domain validation, some tweaks on privacy settings above those on offer in Chrome, and a cookie-blocking ‘incognito’ mode that is pretty much what you get with any browser nowadays. Worth looking at but probably marginal in terms of added security for anyone seriously worried about keylogging and data capture.

Download it here.

Dell Kace Secure Browser

A step up from Dragon is Dell Kace’s freeware Secure Browser, basically an entirely new version of Firefox designed to be run in parallel with the original one.  The advantage of running a new instance of the browser is that it firewalls everything happening inside that browser (including for possible insecure plug-ins) within its own virtualised sandbox, isolating what happens from the rest of the system.

Allows white as well as black lists of websites to be specified and feature process control which stops rogue applets from installing themselves without the user being aware. Secure Browser can also be used with Kace’s Management Appliance in a business environment if that doesn’t sound like management overkill.

Download it here.

IronKey S200 USB drive

Up another rung, IronKey’s S200 is more accurately an encrypted storage drive that also comes with a sandboxed version of Firefox on a USB key. Not everyone will want the whole package but it’s a valid way of securing an online banking session.

The IronKey works in a similar fashion to the Dell Kace, ‘virtualising’ the browser inside its own sandbox to control what programs on the inside and outside of this process can access. When used with named banks as part of a security system, man-in-the-middle attacks are stymied by running all sessions through an encrypted channel via an IronKey server. It also has a virtual keyboard app.

Check Point Abra

Is there a stage beyond even the IronKey? Check Point thinks so with its Abra USB key, which is really a sort of portable computing environment for business users developed in conjunction with SanDisk. It’s not cheap at £115 for a 4GB USB drive, and it’s not really for everyone, but road warriors should consider it as a way of carrying around an entire virtual PC with VPN that can be hosted on any PC without any traces being left behind.

Abra’s approach is to assume the host is suspect, firewalling a suite of apps inside a virtual environment, including a version of Internet Explorer. The environment launches straight from the stick after a passphrase has been entered, at which point all data moving between the two worlds (the encrypted stick and the host PC and its attached drives) involves a manual import or export. All data at rest is encrypted using 256-bit AES and no data is written to the host.

The software is a bit slow to start up but once running it is possible to move between the insecure host OS and the virtualised Abra session quite seamlessly.  

This will work as a standalone product but is ideally designed to be centrally-managed with set security policies, for instance restricting which sites can be visited.

Going Linux – Ubuntu, Koppix and others

As was suggested at the end of a previous feature on securing online banking, it might be easier for users to abandon Windows altogether and move to another operating system for certain kinds of use - or possibly all uses.

This is a pragmatic suggestion not a political one. Desktop Linux is a small community that even an influx of Windows users paranoid about online security would be unlikely to swell to a size that would make it worth the while of criminals to pursue. The Apple Mac has enjoyed penetration rates of 5 percent and is rarely bothered so there is some evidence to support this contention.

There are a number of ways to go about trying out Linux, starting with Ubuntu Linux 10.10, which (to sidestep some of the politics around sponsor Canonical), is one well-received option. This uses the GNOME while variants such as Kubuntu use the KDE SC. Take your pick.

As with most other Linux distributions, Ubuntu can be booted from LiveCD or USB stick, although the USB looks like being the more practical and speedier for the security use discussed here. The only requirements are that the PC or laptop allows booting from USB drives in the BIOS settings (older ones usually don’t), that persistence is set up to allow the drive to reboot each time with settings changes intact, and a drive of at least 1-2GB is used formatted using FAT32.

There are few other limitations which it is best to read up on. Tools are also available to allow Ubuntu run inside Windows. There’s also the Debian GNU-based Koppix, which runs entirely from a LiveCD.

A useful basic guide to installing Ubuntu can be found here, or at the project home page.

Moving to Linux, however temporarily, is not a perfectly secure option as the recent discovery of a cross-platform malware attack based on Java reminds us. But at a stroke it will cut out a huge portion of the most serious threats around today.

A more detailed guide to using Linux in the ways mentioned above can be found here.


Share:

More from Techworld

More relevant IT news

Comments

Jonathan said: Id love to see you do an updated version of this article telling us more about whats out there today A lots changed in the last few years There was some talk at BlackHat 2013 about a new browser being built by one of the former Paypal mafia Branden Spikes

private me said: good point



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *