Review: 8 secure browser alternatives to Chrome, IE, and Firefox

The Web browser has been a major infection vector for years, allowing malware to be transported to millions of computers through phishing, man-in-the-middle, SQL injection and countless other attacks. But what if there was a way to stop this madness and secure the browsing channel itself?

There are several key things to look for. First is in understanding your existing browser. When you use Chrome, for example, you agree to let Google track your browsing behavior and offer up search suggestions, send them error reports, track your URLs, and lots more. They claim it is to help improve the user experience, but it also leaves you vulnerable to attacks and records your movements through cyberspace. So a replacement browser should offer some additional privacy components. (There are products that can be used to anonymize your browsing history and protect your identity when you surf online, such as TOR or ZipZap.)

Second, a new browser should be more secure by default and make it difficult for malware writers to inject their code onto your desktops. That seems obvious, but when you consider that the browser is just one piece of a very complex collection of tools, including malware targets such as Flash, Acrobat, Javascript, and others, it can be difficult to cover all the bases.

An active subset in this area includes numerous replacement browsers for Android smartphones, one of the up-and-coming sources of infections today, including products from AVG, McAfee, Opera, Orweb and Bitdefender. Another area includes endpoint security products that include better browser protection, including Bromium’s vSentry.

+ ALSO ON NETWORK WORLD The 10 most important milestones in Web browser history + Finally, the better browser shouldn’t detract from the overall surfing experience: websites should look and perform the same as they do in the modern versions of Firefox or Chrome. There are alternative browsers that offer a subset of features and try to be more lightweight than the standard Firefox or Chrome browsers, such as Dillo, Lynx, Epiphany, Konqueror and others. (Watch a slideshow version of this story.)

We didn’t include any of the above-mentioned products in our tests. We focused on products that secure the typical desktop browsing session from transmitting infections to your desktop. We chose browsers that offered some balance of privacy protection and heightened security, although some fall more on one side or the other.

Typically, these products offer one of two approaches: One way is they sandbox, virtualize or otherwise contain the browsing session via several different methods so that any Web pages or online content can’t reach the actual desktop that is being used to surf the Web. For this first approach, we looked at Spikes AirGap, Spoon’s BrowerStudio and Invincea’s FreeSpace. We also wanted to include WonTok’s SafeCentral, but they declined to participate.

A second approach is to replace the usual Internet Explorer, Firefox or Chrome browser software with a specialized browser that is locked down and has limited functionality. We looked at browsers from Comodo’s Dragon, Bitdefender’s Safepay, SRWare Iron and the open source Dooble that fit into this category.

Authentic8 Silo, our eighth product in this review, uses elements of both the sandbox and specialized browser approach.  

There are advantages and disadvantages to both approaches: the sandbox can offer more security, since the browsing session is isolated and whatever happens during the session is supposedly contained from the rest of the desktop computer. With some of the sandboxes, you can use your browser of choice, so you don’t forgo your bookmarks and familiarity with controls and plug-ins that you are used to using. The challenge is to ensure that the containment is complete and rock solid.

The replacement browser means that you suffer some loss of functionality in your quest towards better security. Some of them can’t deal with your existing bookmarks, or saving your site logins, or something else that you have taken for granted after using the same browser for many years. You also give up something else by using these browsers: whether it be Javascript functionality, surfing speed, or the ability to properly view certain complex websites. Also, you also can’t control how often these browsers are updated, which can be a mixed bag.

Most of these products are limited to Windows. (There are some Mac-only browsers, such as WhiteHat Security’s Aviator and OmniWeb, which we did not test.) AirGap is in beta for Mac OS 10.7 and Dooble is available for Mac and Linux machines in addition to Windows.

AirGap stands alone

We didn’t score the products because this is still a new area and the products are changing rapidly. None of these browsers is going to stop everything, and some don’t stop much more than a well-configured standard browser. But AirGap stands out. It was the only product that was always able to block downloads of executable files and still provide a solid level of HTML5 support. Its innovative use of virtualization technology was interesting. The downside is that there is some latency introduced into the browsing session as your bits travel across the Internet.

A second browser worth a closer look is Invincea’s FreeSpace. Because it sandboxes your existing browsers, you may want to go this route if your users run a variety of browsers and don’t want to switch to a new browser with fewer features. Administrators can block downloads (or allow users to choose) by setting an optional switch.

While each of these products has their merits, you can still pretty easily defeat their security measures. One way for end users to thwart IT’s efforts to deploy these alternative browsers is to simply continue to use their existing browser. So, for this to work in an enterprise setting, IT administrators will need to remove the end user’s original browser and try to convince the user not to download it in the future.

Second, your browsing history and other online tracks aren’t helped if you continue to use Google or Bing for your searches, no matter which browser you bring up. Nor does it help matters if you login to your Google or Microsoft accounts automatically every day.

You might want to try alternative search providers such as DuckDuckGo, which doesn’t store your search history. DuckDuckGo doesn’t have as complete an offering as Google (it added a link recently to Bing and Google image search, for example) but it can be a nice substitute for those concerned about their privacy footprint. SRWare uses this search engine by default, which is a nice touch.

Third, if you are still using an email client such as Outlook, you depend on its protection to keep any infected emails from polluting your system. None of these tools will help you if you click on a phished email or are using an older version that doesn’t have as solid protection.

Here are the individual reviews:

Authentic8 Silo: Sandbox/Secure Browser Combo

Silo has an interesting combination of both the sandbox and customized protected browser technologies. The sandbox feature happens because Silo connects across the Internet to a Linux machine (in Seattle, according to our tests), so supposedly you aren’t going to download anything to your own PC. The customized browser uses the Firefox v25 code base and encrypts your particular browsing session. And it has additional automated sign-on features that can be used across work teams as well, so you can bring up your browser and have everyone on the team open the five or 10 windows that you normally need to connect to begin your workday. That is a useful feature.

When you first bring up a browsing session, you are asked for a four-digit PIN, which you enter on a virtual keyboard screen that is designed to thwart keyloggers. You are then taken to a stripped-down screen that has just a navigation bar and a small menu of commands. You can’t import your bookmarks and it uses Google as the default search engine, which can’t be changed.

Silo’s admin console has the ability to set various policy options, including being able to block any downloads, or enable them for trusted devices, or allow them completely. This is a nice feature. Silo also managed to detect our various malware sites and phished emails in our browser.

Its HTML5 score was roughly in the middle of the pack: not the worst and not the best at resolving various features. Our check of components showed it was using Adobe Flash 11, which is the current Linux version.  

It is the only browser that we tested that comes with the ability to use additional two-factor authentication as an option. Like the two-factor features of Google, LinkedIn and other sites, it texts a code to your mobile phone for you to enter before you can bring up a browser session. Or you can allow specific desktops to be trusted to avoid this dialog.

Silo costs $10 a month or $100 a year per desktop.

Comodo Dragon: Free tool from established vendor

Comodo is a long-standing endpoint security vendor and has a free browser called Dragon based on Chrome v31. It scored highly in the HTML5 compatibility tests. It is moderately secure and has some privacy features as well. When you install it on your desktop, it also takes the liberty to install a version of Adobe Flash. There is also an installation option to make use of Comodo’s own secure DNS services just for the browsing session, or for all of your desktop apps. Given the increasing number of malware using DNS exploits, this is a nice touch. Finally, you can import bookmarks, history, passwords and search engine preferences from existing browsers.

It shares the same settings sheet as most Chrome-based browsers, and the Yahoo search engine is installed by default. Two important quibbles: neither the version of Chrome or Flash is the most current, at least according to our Qualys-based check of the components. The browser has a couple of cool features for sharing content across social networks, but is otherwise as sparse in the visible menu controls as the typical Chrome ones.  

Dragon didn’t stop executable files or PDFs from being downloaded to the desktop, but it does come with several tools that can help improve your security posture, if you remember to use them. There is a Webinspector tool that can help determine if a URL is suspicious or from a phishing site, although it didn’t recognize the phished webmail that we had received. And there is the PrivDog sidebar widget that can further secure your pages: it has controls for blocking third-party cookies, web tracking code, untrusted ads and other browsing habits.

You can enable or disable each of these categories if you want further granularity or if it complains too much about the pages that you actually want to view. Given all these controls, it isn’t surprising that we couldn’t find any malware that executed on our desktop, although some code was visible in the browser screen.

Comodo is a nice middle ground covering both security and privacy controls: while it isn’t the most capable on either metric, it is noteworthy in that it comes from a major software vendor.

Spikes AirGap: Sandbox to the max

Of all the products in this test, AirGap is the most unique and the most capable in terms of security. It is a sandbox approach like Silo’s, only more so. AirGap runs a virtualized session on another machine across the Internet, in this case a Linux-based VM in California, according to our tests. The VM renders the content and converts it to pixels that are compressed and streamed to your desktop, so any malware or other bad stuff is rendered useless since there is nothing to actually execute on your own machine. Every user session has its own virtualized session and even every browser tab has its own session and is isolated from the other tabs. That has a lot of appeal.

AirGap was the only product to refuse to execute everything on our local desktop by default, but it did so quietly and somewhat clumsily, without any notification to the user that it was being blocked. The vendor promises in a future release that it will support better notification, and also allow network administrators to unlock downloads if they really want them, which is what FreeSpace and Silo offer.

AirGap is based on Chrome v25 code and is somewhat behind in terms of using the current version of Chrome and an older version of Flash too, at least according to our tests. Its HTML5 score was in the middle of the pack, perhaps an indication of the age of its Chrome base.

Enterprises have some choice when it comes to deploying the master VM rendering engine: we used one in Spikes’ cloud that was available for testing, but you can also deploy the VM on your own hardware.

The biggest downside for AirGap is the slight delay it has in using the protected browsing session. While we didn’t measure this, it is noticeable. Spikes otherwise has done a solid job at keeping performance close to what you would expect. AirGap also lacks any browser controls or settings, which could be a blessing for harried network administrators.

Airgap starts out at $100 per year per user, but there are a wide variety of enterprise licensing options available: For example, 100 licenses would drop the cost to $84 per year per desktop, and multi-year licenses drops this further. You can also deploy it from an MSP for $4,800 per year for 100 licenses. It is available for various Windows and Mac OS 10.7 clients. You can register and obtain a free download to try it out.

Invincea FreeSpace: If you like your browser, you can keep it

FreeSpace is a sandbox approach that allows you to use any browser, including IE (v7-11), Chrome (v27-33) or Firefox (v10-27) on any Windows XP or 7 PC. It constructs a protected environment on your desktop for the browser to run in that is centrally managed for security policies. One policy is to always block or not block executables and other downloads, or leave the choice up to the individual user.

Invincea could be considered the market leader in protected browsers, they OEM their software as Dell’s Protected Workspace to millions of desktops as a general endpoint protection product.

Since they use your regular browsers, all of your user profiles, bookmarks, and history persist from one browsing session to another: this is an unusual approach that the other products in this review can’t claim. This also makes it useful if you have a motley browser assortment across your enterprise and your users don’t want to move to yet another browser.

One small nit: comparing the scores of the HTML5 test showed that the FreeSpace protected Chrome browser did not support an obscure ArrayBuffer command, but otherwise was identical to a vanilla Chrome v33 installation.

However, FreeSpace becomes a difficult product to test because it is so transparent: everything operates the same way it does when you are using your regular browsers, with the difference being that malware is kept out of your system. We couldn’t find any malware that slipped through its defenses.

FreeSpace starts at $49 per user per year, with quantity discounts available. Invincea also sells Sandboxie, which we examined briefly but didn’t run through any extensive testing. It has a free version with a subset of FreeSpace’s features.  

Dooble: A work in progress

Dooble is a custom browser that has some moderate security settings, and is available as an open source project for Mac, Linux and Windows PCs. As a customized browser, it has a good collection of menus, options and controls that compare to standard browsers. For example, it comes with a customized built-in search tool, but initially the screen shows German before you can configure it for English. You can import your existing bookmarks for example.

By default it disables Javascript, which is a nice touch, but finding the setting to turn it back on will be your initial challenge. Even with Javascript enabled, Dooble still scored one of the lowest on HTML5 compatibility. It also didn’t stop executables or PDFs from downloading to our test systems, and while it did catch some malware sites, it wasn’t as thorough as some of the other browsers. It couldn’t bring up the Qualys BrowserCheck page for some reason.  

When you first launch Dooble, it asks you for a password to encode your session cookies, which is another nicety.

Overall, this browser is still in a work in progress, and the security features offered aren’t as good as the others here.

SRWare Iron: Focus is on privacy, anonymity

The SRWare Iron browser is a free custom version designed to provide more anonymity than the standard Chrome v32 browser, which it uses for its code base. They have tried to add in a number of privacy-oriented features rather than focus on securing the browsing session: this approach might appeal to some of your users in the post-Snowden era.

For example, did you know that Chrome automatically scans the content of each rendered webpage looking for links while you are viewing it? The idea is to extract the domain name from each link, and resolve each domain to an IP address before you click on one of the links and navigate to that domain. This is called DNS prefetching and Iron doesn’t support it: the consequence is that several hundred milliseconds of latency are added to the browsing experience. It also comes with DuckDuckGo for its default search provider, so your searches aren’t saved somewhere in the GooglePlex. You can choose any Chrome-compatible search engine if you wish.

Because it is based on Chrome, it scored the highest of any browser on the HTML5 test, which was to be expected. The settings page will be familiar to any Chrome user and is equal to its complexity and richness.

It passed the Qualys Browsercheck with no issues (meaning that it was using current software components), but had some serious security flaws: it was able to download EXE and PDF files from the Internet without any warning, and couldn’t stop the sample phished email we used. It also passed some malware through, but appeared not to actually execute any of the malicious Javascript.

You can import your bookmarks from other browsers automatically or through the settings page. For privacy paranoia fans, this browser has some appeal. But it isn’t as solid in terms of security features as others.

Bitdefender Safepay: Designed for financial transactions

Security vendor Bitdefender has a protected browser called Safepay designed to be used in financial transactions and in other sensitive areas. Every time you bring up the software, it scans your system for malware. This took about a minute or so on our test systems. You have the option to specify up to five different scans (malware, phishing, fraud, untrusted sites and spammers). Once you pass muster, it then brings up a protected session that exists in isolation of the rest of your desktop. You have a nice black border to remind you that you are off in its protected world. It is a bare-bones browser: no separate search window, and few menu options.

However, it isn’t as protected a space as we would like to see: you can download executable files and PDFs onto your local hard disk, essentially getting around the protection. The malware scan didn’t see our test EICAR.EXE file, which we had easily downloaded via Safepay. It did block our phished emails and the malware sites that we visited.

A nice feature is the optional virtual keyboard that comes up on screen (similar to what you would see on a tablet for example). This can be used to thwart keyloggers; it comes up automatically when entering passwords. It can also be somewhat cumbersome to use, since unlike a virtual keyboard on tablets, you have to use your mouse for the data entry.

Qualys and other tools show that Safepay is based on Chrome v25, which is a fairly old version. With one of our systems, it found an older copy of Adobe Flash that needed updating.

Safepay also has a feature that adds public hotspot protection, an extra layer of encryption when you are sitting in Starbucks. You can toggle this off or on from the settings screen. And there are buttons on this screen to enable Flash and Java and download them to the protected session. These again are downloaded to the unprotected area of your hard drive, which Bitdefender correctly warns you could become an exploit.

This is their challenge: if the financial services sites that you intend to use require Flash or Java, you are basically not really doing yourself any favors by using Safepay. And your initial scan time is increased measurably when you add Java or Flash components, too. The good news is that Safepay’s settings screen is relatively simple and straightforward. The bad news is that it isn’t all that flexible. For example, there is no way to import your existing browser bookmarks or favorite sites.

Safepay costs $35 per year per desktop. You can download a free version, which doesn’t support all features, or purchase one of Bitdefender’s security suites that include the browser software.

Spoon Browser Studio: DIY browsing   

Spoon’s Browser Studio takes secure browsing in a somewhat different direction. The idea is to virtualize the browser for your own particular needs and free the various other Web components from being installed on your general desktop. If you are familiar with ThinApp’s applications layering and virtualization, then the concepts here will resonate with you. Basically, you assemble the browser that you wish to use from various components: you begin with a code base using Chrome, Firefox, or IE. Then you add various plug-ins such as Java, Flash or Acrobat and other helper apps and when you are done, publish that version to your cloud account.

To use this melange, you download a small installer program, which will then deliver your customized bits to your desktop. This means that once you go through this process, you don’t have to install (or can eliminate) Java or Flash on your desktop if you don’t need it outside of the browsing experience. Another plus is that Spoon does not require administrative privileges on the desktop, so browsers can be used in locked-down desktop environments.

So for example, if you have corporate-based apps that depend on IEv6 you can still run them on whatever Windows desktop you need, regardless of whether that desktop supports that version of IE. It is a neat trick. The upside is that you can assemble exactly the right set of components that you can distribute to your enterprise and have complete control over them.  

The downside is getting this mix of components might take some trial and error as you discover bits and pieces of browser add-ons that you need for your package. Also, you might need a more recent version of your regular browser to be able to download the code for your customized browser assemblage. Once this code is downloaded, you can eliminate using the regular browser altogether. Browser Studio only works on Windows machines too.  

Another drawback is that the initial load of the browser will take several minutes to bring all the bits from the Spoon server, but subsequent loads happen in near desktop speeds. The vendor is working on accelerating this initial load. You can also place the Spoon Server inside your firewall to speed things up.

When we looked at their browser components with the Qualys scanner we found that our assembled code was using an outdated Flash version. The vendor claims they are working on keeping up with the changes and updates to the various components in a future release.  

It didn’t let any malware execute on our desktop machines, although it did display some of the contents of the malicious Javascript or the phished emails.

Spoon’s Browser Studio has this helpful pricing page. A personal account is $12 a month, but you will want to at least start with the Pro account for $19 per month per session for the customization features. You can also purchase a Team account for $99 per month per session that includes five Pro accounts and team management features.

How we tested secure browsers

We installed each browser on a variety of Windows desktops, including XP with Service Pack 3, Windows 7 with Service Pack 1, and the original Windows 8. We compared them with the latest versions of Firefox and Chrome in terms of page loading and fidelity and also examined the various security claims.

Figuring out what each of these products did or did not do required some investigation, including using a variety of third-party testing sites. The good news is that you can use our same tests as part of your own battery to understand these browser’s behaviors, and you are welcome to add your own suggestions as well in the comments, too.

First, we used a site (developed by SRWare, but useful to any browser) to determine the browser agent characteristics, including source IP address and what version of the browser it reports. For the sandboxing-style browsers, you will see the address of their hosts or some other machine outside of your corporate network. For the protected browsers, they should report your regular desktop’s IP address.  

Next, we tested for HTML5 compatibility to see how faithful these browsers would be in imaging various websites. While even IEv10 is notoriously unfaithful just as it is, there was a wide array of results, with Dooble and AirGap being the worst implementations. We next tried to download several items, including a PDF and an executable file (using the EICAR test antivirus file) from our own website. We also tried several of the known malware sites listed here to see how the browser behaved. Some of the browsers would display the file contents, which is still better than actually executing the Javascript code, but not by much.

We then ran Qualys’ BrowserCheck scanner to see if all plug-ins and assorted helper files were up to date. Some of the browsers weren’t using the most current software, and we mention this in the individual reviews.

We brought up access to our webmail and saw what happened when we clicked on a phished link in one of the messages and whether the browser was smart enough to detect this or just send us to the phished site, or what error messages were reported.

Strom is the founding editor-in-chief of Network Computing magazine and has written thousands of magazine articles and two books on various IT and networking topics. His blog can be found at strominator.com and you can follow him on Twitter @dstrom. He lives in St. Louis.

Read more about software in Network World’s Software section.