Everyone "knows" that Chrome, Firefox, and Safari are all way more secure than Internet Explorer. But what's the real story?
To find out, I first looked up Symantec's twice-yearly Internet Security Threat Report, which yielded the total numbers of reported vulnerabilities for 2009: Firefox had the most at 169, followed by 94 for Safari, 45 for IE, and 41 for Google Chrome. For more-recent data, I turned to the United States Computer Emergency Readiness Team (US-CERT), which hosts the National Vulnerability Database, a searchable index of reported computer vulnerabilities. A search of data for a recent three-month period yielded 51 such vulnerabilities for Safari (including both mobile and desktop versions), 40 for Chrome, 20 for Firefox, and 17 for IE.
Such counts alone aren't the best way to measure a browser's security, however. A browser with 100 security flaws that are patched a day after being discovered is safer than a browser with only one exploit that hasn't been patched for months.
According to Symantec's report, the average window of vulnerability (the time between when the flaw is reported and when it's patched) in 2009 was less than a day for IE and Firefox, 2 days for Google Chrome, and a whopping 13 days for Safari. Clearly, Internet Explorer is doing fairly well. Nevertheless, you should still consider a few important factors before deciding to jump ship back to IE.
Stay updated. The second most common Web-based attack in 2009 exploited an IE security flaw patched way back in 2004 (the 2009 attack targeted unupdated PCs). The latest version of IE 8 may be pretty safe, but ditch any earlier version you have.
Your browser is only as secure as your plug-ins. Symantec found that Microsoft's ActiveX plug-in (enabled by default in IE) was the least secure with 134 vulnerabilities, followed by Java SE with 84, Adobe Reader with 49, Apple QuickTime with 27, and Adobe Flash Player with 23. The moral: Be careful at sites that use browser plug-ins.
It's tough to be on top. IE still has the biggest piece of the browser pie, meaning that cybercriminals are more likely to target IE than other browsers.
(Warning: 4, Outrageous)
The Claim: You're Safe If You Visit Only G-Rated Sites
If your PC has ever had a virus, you probably know about the raised-eyebrow, mock-judgmental looks you get when you tell that to other people. After all, if you had been a good little PC user and stayed in the G-rated Web, you would have been safe, right?
Not so, says Avast Software, makers of Avast, a popular antivirus suite. "For every infected adult domain we identify, there are 99 others with perfectly legitimate content that are also infected," its chief technology officer, Ondrej Vlcek, reports. In the United Kingdom, for example, users are far more likely to see infected domains with London in the name than sex.
So porn alone doesn't necessarily mean you're opening yourself up for infection. Which makes sense--porn-site operators depend on subscriptions and repeat visitors to do business, and infecting your customers with spyware isn't the best way to do it.
If you find yourself on a generic-looking Website with popular search keywords in the title, or a site that's rearranging your browser window, you're likely to end up stuck with some malware--whether it's about porn or about hotels in London.
(Warning: 4, Outrageous)
The Claim: You Should Regularly Defragment Your Hard Drive
Your hard drive has to decide where to write your files on the drive platter, and as you fill up the drive, your files will be scattered more and more widely across the platter. This means that the drive's read/ write heads take longer to find the whole file, since they take more time skipping around the platter to find the different parts of the fragmented file. However, this state of affairs isn't an issue these days, for several reasons:
Hard drives are bigger. When your hard drive capacity was measured in megabytes, fragmentation was a big deal. Not only did the drive's read/write heads have to move all over the platter, but the space freed up by deleting old files was also scattered, and new files could be dispersed across the small gaps between larger files.
People now generally have more hard drive space and use a smaller overall percentage of their drive, so the read/write heads don't have to move as much.
More RAM and optimized OSs help. Newer iterations of Windows have done a lot to reduce the impact that a fragmented hard drive can have on a PC's performance. According to the engineers who worked on Windows 7's updated Disk Defragmenter tool (see the screenshot above), Windows' file system allocation strategies, its caching and prefetching algorithms, and today's relative abundance of RAM (which permits the PC to cache the data actively in use rather than having to write repeatedly to the drive) minimizes fragmentation delay.
Solid-state drives don't need to be defragmented. SSDs don't have a drive platter or read/write heads that need to go searching around the drive. In fact, defragmenting is generally not recommended for SSDs because it wears down the hard drive's data cells, shortening the drive's overall lifespan.
You don't need to go out of your way to defrag. In Windows Vista and Windows 7, the system automatically handles defragging. By default, defragging happens at 1:00 a.m. every Wednesday, but if your PC isn't on or is in use, the process will occur in the background the next time the machine is idle. It will stop and start automatically, too, so don't worry about interrupting it.
We didn't notice a difference. When we last tested disk defragmentation, we took a heavily used, never-defragmented system from the PCWorld Labs, ran speed tests before and after defragging, and found no significant difference.
(Warning: 4, Outrageous)
You Probably Know This, But...
...overclocking your PC's processor won't make your computer blow up. Overclocking can generate excess heat, which may cause erratic PC performance and, over time, burn out certain components. But even in the worst-case scenario, your system will shut down before it blows up. Newer Intel and AMD processors automatically overclock and underclock themselves, depending on how busy your PC is, to keep things cool.
. ..your cell phone isn't going to cause an airplane to crash, though the Federal Aviation Administration still has a ban on using cell phones during flight to avoid interfering with the plane's navigation and communication systems. In fact, the Federal Communications Commission instituted its own ban in 2007 for a different reason: When we're on the ground, our cell phones automatically locate the closest cell tower, but when we're 30,000 feet in the air, we're roughly the same distance from several different towers at once, meaning that multiple towers might sense our call and reserve that cellular channel for us--which could prevent other people from using the tower and interfere with existing calls.
...you don't have to worry about magnets annihilating your hard drive. Magnets were dangerous for 3.5-inch floppy disks, but modern hard drives aren't affected by anything short of a high-end degaussing device. Don't worry about your flash memory cards and solid-state drives, either--there's nothing magnetic about flash memory, so such devices won't be affected.
...you shouldn't run your laptop battery to zero. Users occasionally had to drain the nickel-metal hydride (NiMH) batteries in older laptops because the batteries would incorrectly "remember" how much charge they could hold if the user wasn't charging a battery to its full capacity. The lithium ion batteries in modern laptops, however, can actually lose maximum battery charge if they are completely drained, because doing so increases the battery's chemical resistance to recharging, which shortens its lifespan. The only time that you should consider running your lithium ion battery to zero is if your PC's battery life ratings have gone completely haywire. Draining the battery can sometimes fix this problem.
Don't Be Fooled Again
All fired up about demystifying tech-related myths? A few other sites can help.
Snopes.com is good for tracking annoying chain letters and the occasional Facebook-related scare. If friends and family pester you about such things, sending them a few links to Snopes might help.
HowStuffWorks.com has a special "tech myths" section that deals specifically with some of the more popular misconceptions in the tech world.
PCWorld Forums is also worth visiting. It's one of the best venues where hard-core PC users congregate to swap stories and advice. Ask away and get plenty of answers.