The marketing ploy does little to keep people more secure

Oct 12, 2011 14:37 GMT  ·  By
Google Chrome scores a paltry 2.5 out of 4 points in Microsoft's security test
   Google Chrome scores a paltry 2.5 out of 4 points in Microsoft's security test

Microsoft has taken a lot of, deserved, flack over the security of its products, but it has gotten its act together in recent years. Its software is still not perfect, but no software is.

But now the company has taken to boasting about just how secure its web browser is by using an arbitrary 'feature checkmark' security test that gives IE9 a perfect score and everyone else, well, much less.

It's great that Microsoft is so concerned about security, it's also great that it has taken strides to build plenty of security features into IE.

But the benchmark itself is anything but relevant. Basically, Microsoft rounded up a list of security 'features,' all of which are found in IE9 and then 'checks' to see whether other browsers have them as well.

Surprisingly, IE9 gets a perfect score, while Firefox gets 2 points out of 4, and Chrome gets 2.5 points out of 4. There's no score for Safari or for any browser if you're not running Windows.

So, in essence, the 'score' is absolutely meaningless, a marketing ploy meant to impress those that have no idea what phishing or XSS means, but nothing more.

It seems that, while Microsoft's products are from 2011, its marketing team is still firmly stuck in 1997. As expected, both Mozilla and Google aren't big fans of Microsoft's latest stunt.

Google's Matt Cutts, who's not linked to Chrome or browser security in any way, commented on Google+.

"Microsoft gives Internet Explorer a perfect score (4 points!) for security, and they say Chrome only deserves 2.5 points. I'm not sure it's worth doing a full debunk of this. It's the same 'Look, we have more checkboxes filled in' type of marketing that was more common in the boxed software era," Cutts said.

He also criticized the test for missing an important fact, as of Chrome 14, Google's browser does indeed block mixed HTTPS content, contrary to what the Microsoft test says. Mozilla had something to say as well.

"Microsoft's site is more notable for the things it fails to include: security technologies like HSTS, privacy tools like Do Not Track, and vendor response time when vulnerabilities are discovered," Johnathan Nightingale, Mozilla's director of Firefox engineering, said.