Ask the Expert

Pwn2Own results: The most secure Internet browser for enterprises

Learn which is the most secure Internet browser for enterprise use, according to the 2010 Pwn2Own results.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

The 2010 Pwn2Own competition, which, as part of the annual CanSecWest security conference, awarded prizes to individual hackers based on their ability to bypass specified software security, offers a fair idea of how the security features of different browsers perform in the real world.

The Pwn2Own results, (in order from most secure to least secure) for the most secure browser were:

Chrome: Nobody chose to attack this browser, possibly due to the sandbox, which separates programs from each other, security-wise, and from the host operating system. Attacks, however, have been published for the Chrome browser in the past, so it shouldn't be considered totally secure.

Internet Explorer 8: The operating system sandbox was not breached, though data stored in the browser could possibly be read. The exploit used to bypass Internet Explorer's security was fixed by a Microsoft patch release the day following the competition, so, for now, IE8 is reasonably secure.

Firefox: The browser crashed when performing garbage cleanup, allowing arbitrary code to be executed. Arbitrary code execution allows attackers to run any programs or commands of their choice on the machine. Such a scenario would leave Firefox quite vulnerable.

Safari: When attacked, the browser allowed arbitrary command execution, and the attacker managed to obtain a full command shell on a Mac book; he was then able to run any command of his choice on the machine. This is the very definition of a successful attack.

Opera: Was not part of the competition.

As such, it seems that Chrome and IE8 would be the most secure browsers to use in the enterprise. However, as new exploits are popping up every day, it's essential to stay on top of browser patching and updates, no matter which browser you use.

This was first published in May 2010

 

COMMENTS powered by Disqus  //  Commenting policy