Several media organizations have recently reported that Chrome has bypassed Internet Explorer in worldwide browser market share. We don't keep track of these types of things, but we have seen a major change in browser marketing over the last 24 months. They're selling security.
Microsoft has been promoting Internet Explorer 10's security chops, which will ship later this year with Windows 8 and it has been reported will be made available to Windows 7 users as well.
The new version of IE will fully support 64 bit systems, increasing the difficulty of bypassing other exploit mitigation techniques like ASLR and DEP. IE 10 also introduces a new setting called Enhanced Protected Mode (EPM). EPM adds several new sandbox-like technologies and introduces the concept of plug-in free browsing.
Mozilla is preparing to launch Firefox 14 any day now with its own set of security enhancing features. Firefox will now default to using HTTPS for search queries submitted to Google, by default. This is a great improvement for privacy and it appears they are exploring similar features for other search engines.
My favorite new Firefox feature is the "Click to Play" plugin preference. If you enable this feature (plugins.click_to_play under About:Config) websites utilizing plugins like Flash and Quicktime will be blocked by default, to prevent drive-by exploitation. If you wish to see the video, you simply click on the box to enable the plugin.
Chrome 20 was released last month attempting to get a grip on malicious extensions being distributed to Facebook users and on other sites. The latest version of Chrome will no longer allow extensions to be loaded from any web page other than the Chrome Web Store.
Additionally Google has begun screening applications submitted to the official Web Store. It is a bit shocking that they were not doing any screening before, but the fact that they are now is still a good thing.
The Google Chrome team are now bragging about Chrome 21 including a fully sandboxed version of Adobe Flash for all versions of Windows. Adobe released a sandboxed version of Flash for Firefox in June, but the differences between the Firefox and Chrome sandboxes is unclear.
With all of the browser developers trying to gain market share and using security as a competitive advantage, we all win.
Security doesn't need to be annoying or difficult and when implemented elegantly is an advantage. Hopefully the developers of Java are listening and will try to catch up with Adobe, Microsoft, Mozilla and Google.
Microsoft has been promoting Internet Explorer 10's security chops, which will ship later this year with Windows 8 and it has been reported will be made available to Windows 7 users as well.
The new version of IE will fully support 64 bit systems, increasing the difficulty of bypassing other exploit mitigation techniques like ASLR and DEP. IE 10 also introduces a new setting called Enhanced Protected Mode (EPM). EPM adds several new sandbox-like technologies and introduces the concept of plug-in free browsing.
Mozilla is preparing to launch Firefox 14 any day now with its own set of security enhancing features. Firefox will now default to using HTTPS for search queries submitted to Google, by default. This is a great improvement for privacy and it appears they are exploring similar features for other search engines.
My favorite new Firefox feature is the "Click to Play" plugin preference. If you enable this feature (plugins.click_to_play under About:Config) websites utilizing plugins like Flash and Quicktime will be blocked by default, to prevent drive-by exploitation. If you wish to see the video, you simply click on the box to enable the plugin.
Chrome 20 was released last month attempting to get a grip on malicious extensions being distributed to Facebook users and on other sites. The latest version of Chrome will no longer allow extensions to be loaded from any web page other than the Chrome Web Store.
Additionally Google has begun screening applications submitted to the official Web Store. It is a bit shocking that they were not doing any screening before, but the fact that they are now is still a good thing.
The Google Chrome team are now bragging about Chrome 21 including a fully sandboxed version of Adobe Flash for all versions of Windows. Adobe released a sandboxed version of Flash for Firefox in June, but the differences between the Firefox and Chrome sandboxes is unclear.
With all of the browser developers trying to gain market share and using security as a competitive advantage, we all win.
Security doesn't need to be annoying or difficult and when implemented elegantly is an advantage. Hopefully the developers of Java are listening and will try to catch up with Adobe, Microsoft, Mozilla and Google.
