Head to head: Firefox vs Internet Explorer

Internet Explorer has a terrible reputation when it comes to security. That's chiefly because IE6 the version that was originally built into Windows XP made it easy for websites to install programs on your PC without asking your permission. It thus became a common route for criminals and mischief-makers to distribute malware, and even today many people use Firefox because they simply don't trust IE.

But Internet Explorer 8 is far more savvy than its ancestor. If a website tries to send you a file (even one that you've requested) IE8 asks for your explicit authorisation before accepting it just like Firefox does.

This works in tandem with the UAC system in Windows Vista and Windows 7, which alerts you when a program attempts to make changes to your system. In theory, therefore, it should be impossible for unwanted software to inveigle its way onto your computer regardless of which browser you use.

Both browsers will even warn you in advance if you click on a link that goes to a site that's known to host malicious software, or that tries to trick you into giving up personal information (a so-called "phishing" site). IE8 naturally uses Microsoft's own database of unsafe sites, while Firefox gets its blacklist from Google.

Yet while both IE and Firefox look rock solid on paper, it's important to realise that neither is infallible. There's inevitably a lag between a phishing site appearing on the web and it being confirmed as malicious. And hackers are constantly looking for ways to trick both browsers into installing their software without confirmation (a delivery mechanism known as the "drive-by download") and they all too often find them. That's why, as we noted above, both IE8 and Firefox receive a steady stream of updates to close down exploits as they're discovered.

In this area there's no real winner or loser: some hacker techniques will work against IE while others target Firefox, but in the grand scheme of things both have full-time teams of engineers working to minimise the risk. So from a security perspective, it doesn't make a huge difference which browser you choose. The important message is that, whichever you opt for, you should run security software as well, because nasties can and will slip through the net.

Winner: Tie

Darien Graham-Smith

Darien began his IT career in the 1990s as a systems engineer, later becoming an IT project manager. His formative experiences included upgrading a major multinational from token-ring networking to Ethernet, and migrating a travelling sales force from Windows 3.1 to Windows 95.

He subsequently spent some years acting as a one-man IT department for a small publishing company, before moving into journalism himself. He is now a regular contributor to IT Pro, specialising in networking and security, and serves as associate editor of PC Pro magazine with particular responsibility for business reviews and features.

You can email Darien at darien@pcpro.co.uk, or follow him on Twitter at @dariengs.