Researchers accuse Google of plotting to undercut Firefox
NSS Labs argues 'Chrome-is-most-secured-browser' report is part of campaign to trim Firefox's share
Computerworld - A security testing firm today said a recent report that named Google's Chrome as the most secured browser was flawed -- and part of a campaign by Google to undermine Mozilla's Firefox.
Google denied the charges.
The work done by Denver-based security consultancy Accuvant, which released a report last week naming Chrome as more secured than either Firefox or Microsoft's Internet Explorer (IE), was paid for by Google.
That raised the hackles of NSS Labs, a California company that tests browser security and antivirus software.
"This is a vendor-funded paper, and in these cases, the vendor is going to drive the methodology [of the testing], which appears to be the case here," said Vikram Phatak, the chief technology officer of NSS Labs, in an interview today.
When reminded that NSS Labs has conducted vendor-funded browser security research in the past -- Microsoft sponsored several NSS tests on anti-malware blocking technologies -- Phatak replied, "There's a reason why we don't do that anymore."
Calling Accuvant's testing process "skewed toward Chrome," Phatak argued that the consulting company's researchers ignored some key Firefox security features -- notably "frame poisoning," which blocks exploits of most layout code crashes; didn't give enough weight to such things as frequent security updates; and failed to use real-world anti-browser malware in its testing.
But Phatak and Rick Moy, president of NSS Labs, leveled more serious charges against Google than the allegedly-slanted report.
The two tied the release of the report with two other factors -- the apparent non-renewal of the Google-Mozilla search contract and a recent rise in Chrome's anti-malware blocking effectiveness -- to conclude that Google was running a campaign to knock Firefox out of the market.
"This tells a story, that Google is looking to go it alone now, and examining their position vis-a-vis Mozilla," said Phatak. "Google paid for this report, and it's part of a marketing campaign that's probably aimed at Firefox to cut off Firefox's revenues, cut if off from the Safe Browsing service, and then put out a report that says Firefox is less secure than Chrome."
"I think there's consistency in the data points," said Moy.
While Mozilla has said it was "in active negotiations" with Google about a new contract, it has declined to announce whether it has reached a deal with its long-time partner. That contract expired last month.
Income from the Google-Mozilla contract accounted for 84% of the $123 million the latter reported in revenue for 2010, the last year Mozilla has made public its finances.
The other factor Phatak and Moy used to bolster their claim of a concerted effort by Google to squash Mozilla's Firefox came from NSS Labs' own testing, which showed a five-fold jump in Chrome's effectiveness blocking malware in an 11-day period from Nov. 22 to Dec. 2.
- Workarounds to purge search bar from Firefox's new tab page are available
- Mozilla ships Firefox 31, adds search to new tab page
- Microsoft's IE steps back from the brink of irrelevance
- Firefox falters, falls to record low in overall browser share
- Firefox risks user backlash by adding search box to new tab page
- Google unseats Microsoft as the U.S. browser powerhouse
- Safari, Chrome push to mask URLs
- Chrome on Windows champs at the 64-bit
- Google pulls trigger, cripples some Chrome add-ons
- Microsoft shoots to shorten Internet Explorer's long tail
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts