Secure browsers offer alternatives to Chrome, IE and Firefox

Airgap starts out at $100 per year per user, but there are a wide variety of enterprise licensing options available: For example, 100 licenses would drop the cost to $84 per year per desktop, and multi-year licenses drops this further. You can also deploy it from an MSP for $4,800 per year for 100 licenses. It is available for various Windows and Mac OS 10.7 clients. You can register and obtain a free download to try it out.

Invincea FreeSpace: If you like your browser, you can keep it

FreeSpace is a sandbox approach that allows you to use any browser, including IE (v7-11), Chrome (v27-33) or Firefox (v10-27) on any Windows XP or 7 PC. It constructs a protected environment on your desktop for the browser to run in that is centrally managed for security policies. One policy is to always block or not block executables and other downloads, or leave the choice up to the individual user.

Invincea could be considered the market leader in protected browsers, they OEM their software as Dell’s Protected Workspace to millions of desktops as a general endpoint protection product.

Since they use your regular browsers, all of your user profiles, bookmarks, and history persist from one browsing session to another: this is an unusual approach that the other products in this review can’t claim. This also makes it useful if you have a motley browser assortment across your enterprise and your users don’t want to move to yet another browser.

One small nit: comparing the scores of the HTML5 test showed that the FreeSpace protected Chrome browser did not support an obscure ArrayBuffer command, but otherwise was identical to a vanilla Chrome v33 installation.

However, FreeSpace becomes a difficult product to test because it is so transparent: everything operates the same way it does when you are using your regular browsers, with the difference being that malware is kept out of your system. We couldn’t find any malware that slipped through its defenses.

FreeSpace starts at $49 per user per year, with quantity discounts available. Invincea also sells Sandboxie, which we examined briefly but didn’t run through any extensive testing. It has a free version with a subset of FreeSpace’s features.  

Dooble: A work in progress

Dooble is a custom browser that has some moderate security settings, and is available as an open source project for Mac, Linux and Windows PCs. As a customized browser, it has a good collection of menus, options and controls that compare to standard browsers. For example, it comes with a customized built-in search tool, but initially the screen shows German before you can configure it for English. You can import your existing bookmarks for example.

By default it disables Javascript, which is a nice touch, but finding the setting to turn it back on will be your initial challenge. Even with Javascript enabled, Dooble still scored one of the lowest on HTML5 compatibility. It also didn’t stop executables or PDFs from downloading to our test systems, and while it did catch some malware sites, it wasn’t as thorough as some of the other browsers. It couldn’t bring up the Qualys BrowserCheck page for some reason.  

When you first launch Dooble, it asks you for a password to encode your session cookies, which is another nicety.

Overall, this browser is still in a work in progress, and the security features offered aren’t as good as the others here.

SRWare Iron: Focus is on privacy, anonymity

The SRWare Iron browser is a free custom version designed to provide more anonymity than the standard Chrome v32 browser, which it uses for its code base. They have tried to add in a number of privacy-oriented features rather than focus on securing the browsing session: this approach might appeal to some of your users in the post-Snowden era.

For example, did you know that Chrome automatically scans the content of each rendered webpage looking for links while you are viewing it? The idea is to extract the domain name from each link, and resolve each domain to an IP address before you click on one of the links and navigate to that domain. This is called DNS prefetching and Iron doesn’t support it: the consequence is that several hundred milliseconds of latency are added to the browsing experience. It also comes with DuckDuckGo for its default search provider, so your searches aren’t saved somewhere in the GooglePlex. You can choose any Chrome-compatible search engine if you wish.

Because it is based on Chrome, it scored the highest of any browser on the HTML5 test, which was to be expected. The settings page will be familiar to any Chrome user and is equal to its complexity and richness.

It passed the Qualys Browsercheck with no issues (meaning that it was using current software components), but had some serious security flaws: it was able to download EXE and PDF files from the Internet without any warning, and couldn’t stop the sample phished email we used. It also passed some malware through, but appeared not to actually execute any of the malicious Javascript.

You can import your bookmarks from other browsers automatically or through the settings page. For privacy paranoia fans, this browser has some appeal. But it isn’t as solid in terms of security features as others.

Bitdefender Safepay: Designed for financial transactions

Security vendor Bitdefender has a protected browser called Safepay designed to be used in financial transactions and in other sensitive areas. Every time you bring up the software, it scans your system for malware. This took about a minute or so on our test systems. You have the option to specify up to five different scans (malware, phishing, fraud, untrusted sites and spammers). Once you pass muster, it then brings up a protected session that exists in isolation of the rest of your desktop. You have a nice black border to remind you that you are off in its protected world. It is a bare-bones browser: no separate search window, and few menu options.

However, it isn’t as protected a space as we would like to see: you can download executable files and PDFs onto your local hard disk, essentially getting around the protection. The malware scan didn’t see our test EICAR.EXE file, which we had easily downloaded via Safepay. It did block our phished emails and the malware sites that we visited.

A nice feature is the optional virtual keyboard that comes up on screen (similar to what you would see on a tablet for example). This can be used to thwart keyloggers; it comes up automatically when entering passwords. It can also be somewhat cumbersome to use, since unlike a virtual keyboard on tablets, you have to use your mouse for the data entry.

Qualys and other tools show that Safepay is based on Chrome v25, which is a fairly old version. With one of our systems, it found an older copy of Adobe Flash that needed updating.

Safepay also has a feature that adds public hotspot protection, an extra layer of encryption when you are sitting in Starbucks. You can toggle this off or on from the settings screen. And there are buttons on this screen to enable Flash and Java and download them to the protected session. These again are downloaded to the unprotected area of your hard drive, which Bitdefender correctly warns you could become an exploit.

This is their challenge: if the financial services sites that you intend to use require Flash or Java, you are basically not really doing yourself any favors by using Safepay. And your initial scan time is increased measurably when you add Java or Flash components, too. The good news is that Safepay’s settings screen is relatively simple and straightforward. The bad news is that it isn’t all that flexible. For example, there is no way to import your existing browser bookmarks or favorite sites.

Safepay costs $35 per year per desktop. You can download a free version, which doesn’t support all features, or purchase one of Bitdefender’s security suites that include the browser software.

Spoon Browser Studio: DIY browsing   

Spoon’s Browser Studio takes secure browsing in a somewhat different direction. The idea is to virtualize the browser for your own particular needs and free the various other Web components from being installed on your general desktop. If you are familiar with ThinApp’s applications layering and virtualization, then the concepts here will resonate with you. Basically, you assemble the browser that you wish to use from various components: you begin with a code base using Chrome, Firefox, or IE. Then you add various plug-ins such as Java, Flash or Acrobat and other helper apps and when you are done, publish that version to your cloud account.

To use this melange, you download a small installer program, which will then deliver your customized bits to your desktop. This means that once you go through this process, you don’t have to install (or can eliminate) Java or Flash on your desktop if you don’t need it outside of the browsing experience. Another plus is that Spoon does not require administrative privileges on the desktop, so browsers can be used in locked-down desktop environments.

So for example, if you have corporate-based apps that depend on IEv6 you can still run them on whatever Windows desktop you need, regardless of whether that desktop supports that version of IE. It is a neat trick. The upside is that you can assemble exactly the right set of components that you can distribute to your enterprise and have complete control over them.  

The downside is getting this mix of components might take some trial and error as you discover bits and pieces of browser add-ons that you need for your package. Also, you might need a more recent version of your regular browser to be able to download the code for your customized browser assemblage. Once this code is downloaded, you can eliminate using the regular browser altogether. Browser Studio only works on Windows machines too.  

Another drawback is that the initial load of the browser will take several minutes to bring all the bits from the Spoon server, but subsequent loads happen in near desktop speeds. The vendor is working on accelerating this initial load. You can also place the Spoon Server inside your firewall to speed things up.

When we looked at their browser components with the Qualys scanner we found that our assembled code was using an outdated Flash version. The vendor claims they are working on keeping up with the changes and updates to the various components in a future release.  

It didn’t let any malware execute on our desktop machines, although it did display some of the contents of the malicious Javascript or the phished emails.

Spoon’s Browser Studio has this helpful pricing page. A personal account is $12 a month, but you will want to at least start with the Pro account for $19 per month per session for the customization features. You can also purchase a Team account for $99 per month per session that includes five Pro accounts and team management features.

How we tested secure browsers

We installed each browser on a variety of Windows desktops, including XP with Service Pack 3, Windows 7 with Service Pack 1, and the original Windows 8. We compared them with the latest versions of Firefox and Chrome in terms of page loading and fidelity and also examined the various security claims.

Figuring out what each of these products did or did not do required some investigation, including using a variety of third-party testing sites. The good news is that you can use our same tests as part of your own battery to understand these browser’s behaviors, and you are welcome to add your own suggestions as well in the comments, too.

First, we used a site (developed by SRWare, but useful to any browser) to determine the browser agent characteristics, including source IP address and what version of the browser it reports. For the sandboxing-style browsers, you will see the address of their hosts or some other machine outside of your corporate network. For the protected browsers, they should report your regular desktop’s IP address.  

Next, we tested for HTML5 compatibility to see how faithful these browsers would be in imaging various websites. While even IEv10 is notoriously unfaithful just as it is, there was a wide array of results, with Dooble and AirGap being the worst implementations. We next tried to download several items, including a PDF and an executable file (using the EICAR test antivirus file) from our own website. We also tried several of the known malware sites listed here to see how the browser behaved. Some of the browsers would display the file contents, which is still better than actually executing the Javascript code, but not by much.

We then ran Qualys’ BrowserCheck scanner to see if all plug-ins and assorted helper files were up to date. Some of the browsers weren’t using the most current software, and we mention this in the individual reviews.

We brought up access to our webmail and saw what happened when we clicked on a phished link in one of the messages and whether the browser was smart enough to detect this or just send us to the phished site, or what error messages were reported.

Strom is the founding editor-in-chief of Network Computing magazine and has written thousands of magazine articles and two books on various IT and networking topics. His blog can be found at strominator.com and you can follow him on Twitter @dstrom. He lives in St. Louis.