dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
6264

Ivybridge_I7
Cyber-Crime Researcher OpSec
Premium Member
join:2004-06-09
Daytona Beach, FL

1 recommendation

Ivybridge_I7

Premium Member

Internet Explorer 8 leads in malware-blocking capabilities

IE8 whups rivals in blocking malware sites
Microsoft's browser lengthens lead over No. 2 Firefox, blocks 81% of infected URLs

By Gregg Keizer
August 14, 2009 12:23 PM ET
»www.computerworld.com/s/ ··· 09-08-14

Computerworld - Microsoft Corp.'s Internet Explorer 8 again trounced rival browsers in a test of their malware-blocking abilities, catching 81% of attack code-infected sites, according to a testing company.

IE8's skills at sniffing out malware sites improved by 17% since March, said Rick Moy, president of NSS Labs, the firm that conducted the benchmarks. The testing was sponsored by Microsoft's security team.

IE8's improvement, and its dominance over competitors, could make some users reconsider their decision to abandon Microsoft's browser for one of its challengers. "Should people rethink that decision?" Moy asked. "By [this] data, absolutely."

While IE8 blocked eight of 10 of the malware-distributing sites that NSS included in its 12-day test, the nearest competitor, Mozilla's Firefox 3.0, caught just 27% of the same sites. Apple's Safari 4.0 and Google's Chrome 2.0, meanwhile, blocked only 21% and 7% of the sites, respectively. Opera Software's browser properly identified only 1%.

"I think it comes down to resources and the focus of these companies," Moy said in an interview, referring to Microsoft's ability to out-spend rivals on such things as security research and malicious site investigations. "The more researchers you have, the better you'll do. Microsoft has a certain amount of paranoia [about security] because of its footprint of services that get attacked all the time, like Hotmail, and it has the money to hire really smart people."

Opera, which performed the poorest in the malware-blocking benchmarks, is an example on the other end of the spectrum, said Moy. "What resources do they really have to bring to the problem?" Moy said. "There's a lot that can't be solved with software, but requires the human element."

NSS tested five Windows-based browsers -- IE8, Firefox 3.0.11, Safari 4.0.2, Chrome 2.0.0.172.33 and Opera 10 beta -- against more than 2,100 malware sites in 69 test runs over 12 days. Like the tests NSS Labs ran last March, the sites were so-called "socially engineered" malware sites, the type that trick users into downloading attack code. Typically, the download is disguised, often as an update to popular software such as Adobe's Flash Player.

The tests did not include sites that launch "drive-by" attacks that don't require user interaction, an increasingly common tactic by hackers who often infect legitimate sites with kits that try a number of different exploits in the hope of compromising an unpatched browser or PC.

To defend against the kind of sites that NSS tested, browser makers have added anti-malware features to their software. Microsoft, for instance, has aggressively touted its SmartScreen Filter, a new malware-detection feature in IE8.

All browsers that include such a tool -- or anti-phishing tools, which operate in a similar fashion -- rely on a "blacklist" of some sort. The list, which includes known or suspected malware sites, is used to display warnings before a user reaches a site, but after the URL is typed in.

"The foundation is an in-the-cloud reputation-based system that scours the Internet for malicious sites," explained Moy, "then adds them to a black list or white list, or assigns them scores." The browser then uses that information to block or allow access to a site.

IE8 significantly improved its lead over other browsers since March, Moy noted, with its browser's malware-blocking rate up 12 percentage points -- a 17% improvement -- while rivals' scores declined across the board. Firefox dropped three percentage points, for example, as did Safari 4; Chrome fell eight percentage points and Opera, four.

Even though Firefox, Safari and Chrome all rely on the same data source for their anti-malware blacklists -- Google's SafeBrowsing API -- their scores varied considerably, something Moy thought was due to each browsers' use of the list. "Google produces the API, but that doesn't mean all the browsers consume the data in the same way at the same time," he said. "We don't have any visibility on how many people are looking at the [SafeBrowsing] data, but clearly Firefox must be adding other things to it."

Moy also said that IE8's anti-malware protection improved over time at a greater rate than did its rivals. Because NSS Labs tested every four hours, it was able to measure how quickly each browser reacted, and blocked, a new threat introduced into the test. While IE8's score jumped from 51% on Day Zero -- the day the infected site debuted on the Internet -- to 91% by Day 5 (a 40 point jump), Firefox was only able to muster a 10-point increase, from 14% to 24%. Chrome improved the most over the course, starting at just 3% on Day Zero and ending at 14% on Day 5.

"I was surprised when Microsoft got 69% in the first study," said Moy. "Then they went from 69% to 81." NSS hopes to repeat the test before the end of the year.

According to the most recent data from Web metrics vendor Net Applications, IE8 accounted for 12.5% of all browsers used in July, representing 18% of all versions of IE in use.

The NSS report can be downloaded from the company's Web site
»nsslabs.com/test-reports ··· 2009.pdf

chachazz
Premium Member
join:2003-12-14

1 edit

1 recommendation

chachazz

Premium Member

Aug 13, 2009
Q3 2009 Browser Security Tests Published
»nsslabs.blogspot.com/sea ··· /Testing
quote:
Statistically, Internet Explorer 8 at 83% and Firefox 3 at 80% had a two-way tie for first, given the margin of error of 3.6%.
quote:
Firefox 3.5 crashing issues prevented it from being tested reliably.
What are these people doing with Firefox that they are not reporting, to cause "crashing"? v. 3.5-.1.- 2 is not crash-happy; and who paid for the tests
slajoh01
join:2005-04-23

2 edits

slajoh01

Member

Im happy with IE 8. One feature is that they updated the Trusted Sites Zone to were I dont have to manually type the trusted webpage's address, instead, it automatically put it there and all I have to do is click OK....

Also, many people say its too too bloated than IE 6. You have some menus to hidden and it almost looks like the classic IE 6 window frame.

But one issue bugs me a little regarding this statement of one of IE 8's features. NOT ALL family PCs run IE 8 though.... So what do they mean by this below???

==========================================

InPrivate Browsing
When checking e-mail at an Internet café or shopping for a gift on a family PC, you don't want to leave any trace of specific web browsing activity. InPrivate Browsing in Internet Explorer 8 helps prevent your browsing history, temporary Internet files, form data, cookies, and usernames and passwords from being retained by the browser, leaving no evidence of your browsing or search history.
Hangetsu
join:2007-12-22
West Chester, PA

Hangetsu to Ivybridge_I7

Member

to Ivybridge_I7
Two things concern me around this test:

1) The testing was sponsored by Microsoft. That alone gives me some pause.

2) It specifically did not include drive-by tests, which are becoming more and more commonplace. Why exclude an emerging vector?

Mem
join:2002-01-03
Nashville, TN
·Google Fiber
·AT&T FTTP

Mem to slajoh01

Member

to slajoh01
said by slajoh01:

NOT ALL family PCs run IE 8 though.... So what do they mean by this below???
Many family PC's use one account for the family. If the husband buys a gift and doesn't want the sig. other to snoop (or the kids for that matter), the inprivate browsing feature will hide their tracks from others using the same account.

Uncle Paul
join:2003-02-04
USA

Uncle Paul

Member

said by Mem:

said by slajoh01:

NOT ALL family PCs run IE 8 though.... So what do they mean by this below???
Many family PC's use one account for the family. If the husband buys a gift and doesn't want the sig. other to snoop (or the kids for that matter), the inprivate browsing feature will hide their tracks from others using the same account.
A gift... p0rn... same thing...

chachazz
Premium Member
join:2003-12-14

chachazz to slajoh01

Premium Member

to slajoh01
said by slajoh01:

InPrivate Browsing
When checking e-mail at an Internet ......
MS came very late to 'private browsing' nor is it their !wow! "innovation" ... all the major browsers have it..Safari led the way [2005] with Private Browsing - years ago

MeDuZa
join:2003-06-13
Austria

1 recommendation

MeDuZa to Ivybridge_I7

Member

to Ivybridge_I7
quote:
We will never know what's really going on because important part of their selection and methodology is simply not revealed. As such, there is no way to verify or falsify their claims, possibly pushing this into the realm of pseudoscience...

...An interesting observation is that the report is from March 12th, 2009. They claim to have done 24/7 testing for 12 days, meaning that they must have started before Opera 9.64 was released, even though it's in their report!
source

Grail Knight

Premium Member
join:2003-05-31
Valhalla

1 recommendation

Grail Knight to chachazz

Premium Member

to chachazz
Firefox v3.5 had crashing issues?? I must have missed that.

Maybe they just need to have someone install Fx v3.5 for them.

Unknown_P
@verizon.net

Unknown_P to Hangetsu

Anon

to Hangetsu
said by Hangetsu:

The testing was sponsored by Microsoft. That alone gives me some pause.
No . . . .

Surely you don't think that might skew the results any?

omnibus
Pencil.. Yum
join:2002-01-23
New Zealand

omnibus to Ivybridge_I7

Member

to Ivybridge_I7
Firefox uses Google as it's anti-phishing list provider... It has nothing to do with the browser itself, really.
slajoh01
join:2005-04-23

1 edit

slajoh01

Member

We need to use our common sense here.
No offense, but its really up to on how the OS (Windows or Linux and etc...) is locked down...So if malware gets into your PC using the AVENUE of a web browser, then that malware would have a hardtime affecting the OS itself. Esp, running as a Restricted user.

It can be Firefox, Opera or IE 8....does not matter, its up to on how your OS is secured.

Web browsers are just a "vehicle" or a "bridge" for malware to get into the Operating System...So, therefore, locking down the entire OS would help instead of figuring out what browsers to use as far as security goes.

And of course, patches would also help too.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to Ivybridge_I7

Premium Member

to Ivybridge_I7
IE 8 is stiil My Browser of Choice

Ivybridge_I7
Cyber-Crime Researcher OpSec
Premium Member
join:2004-06-09
Daytona Beach, FL

Ivybridge_I7

Premium Member

Microsoft Internet Explorer 8 Is Updated with New Default Options
By: Nicholas Kolakowski
2009-08-11
Microsoft is offering users the upfront option of making Internet Explorer 8 their default browser, or else staying with a rival browser, as part of a Patch Tuesday update. The new version of IE 8 comes as Microsoft finds itself losing browser market share to Firefox and other rivals, and negotiating with European antitrust officials over the inclusion of IE 8 in the upcoming Windows 7.
»www.eweek.com/c/a/Window ··· -572652/
slajoh01
join:2005-04-23

1 edit

slajoh01

Member

Despite them adding new security features of IE 8, I still do manually lock things down further on ActiveX and scripting controls...But like I posted, the OS is REALLY locked down to the bone.....

But, I do like IE 8 so far. and I would of thought the looks of this are too goofy and bloated, but its ain't that bad.

However, the popup blocker is not that effective though...Pretty much the same as IE 6.Still getting SOME popups on occassion.

The TIF and cookies are REALLY REALLY cleared....compared to that of IE 6, which had a bug that even though I checked to remove the TIF when browser closes on exit, I still had TIF junk files in the TIF folder....But IE 8 does the job of cleaering them out...
jram
join:2003-08-06
Albany, NY

jram to Ivybridge_I7

Member

to Ivybridge_I7
Internet Explorer 8 leads in malware-blocking capabilities

Tell that to the people in security clean..

MeDuZa
join:2003-06-13
Austria

MeDuZa to Ivybridge_I7

Member

to Ivybridge_I7
said by Ivybridge_I7:

Microsoft Internet Explorer 8 Is Updated with New Default Options
By: Nicholas Kolakowski
2009-08-11
»www.eweek.com/c/a/Window ··· -572652/
They are blocking Opera.
I had to fake the UserAgent of my browser in order to read the article.
Just another browser sniffing site that blocks Opera. Probably with articles as balanced and trustworthy as such a despicable site can only be.
Expand your moderator at work

AB57
Premium Member
join:2006-04-04
equatorial

AB57 to MeDuZa

Premium Member

to MeDuZa

Re: Internet Explorer 8 leads in malware-blocking capabilities

said by MeDuZa:

said by Ivybridge_I7:

Microsoft Internet Explorer 8 Is Updated with New Default Options
By: Nicholas Kolakowski
2009-08-11
»www.eweek.com/c/a/Window ··· -572652/
They are blocking Opera.
I had to fake the UserAgent of my browser in order to read the article.
Just another browser sniffing site that blocks Opera. Probably with articles as balanced and trustworthy as such a despicable site can only be.
Well, they don't seem to be blocking Firefox. (Or if so, doing a darn poor job of it.)

So maybe eweek.com isn't quite as despicable as you seem to think.

MeDuZa
join:2003-06-13
Austria

MeDuZa

Member

said by AB57:

Well, they don't seem to be blocking Firefox. (Or if so, doing a darn poor job of it.)
They don't block K-Meleon a less known browser neither.
Probably Opera is the only browser they are selectively blocking. IMO they are not only despicable but dumb as well. After all I went round their stupid UA sniffing.
said by AB57:

So maybe eweek.com isn't quite as despicable as you seem to think.
Wonder how would you apprais sites with such objectionable practices?

However they managed at least to loose their credibility and an occasional visitor.

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran to MeDuZa

Premium Member

to MeDuZa
Works here. Opera 9.64. (Yeah, I'm on one of my Opera kicks. I'll be back to SeaMonkey soon enough. )
Expand your moderator at work

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller to slajoh01

Premium Member

to slajoh01

Re: Internet Explorer 8 leads in malware-blocking capabilities

said by slajoh01:

We need to use our common sense here.
No offense, but its really up to on how the OS (Windows or Linux and etc...) is locked down...So if malware gets into your PC using the AVENUE of a web browser, then that malware would have a hardtime affecting the OS itself. Esp, running as a Restricted user.

It can be Firefox, Opera or IE 8....does not matter, its up to on how your OS is secured.

Web browsers are just a "vehicle" or a "bridge" for malware to get into the Operating System...So, therefore, locking down the entire OS would help instead of figuring out what browsers to use as far as security goes.

And of course, patches would also help too.
+1

Sadly, a lot of people casually interested in security ignore this line of thinking.

The truth is, all of these tests concerning which browser has the best phishing and malware blocklists are futile. Any form of security that takes a blacklist approach is ultimately of very little efficacy -- whether that be AV software or malicious website databases. The best way is to make sure that even if the browser is exploited or if malware somehow finds itself on the PC that it can't DO anything. This is how I have my systems set-up and its highly effective.
Expand your moderator at work

AB57
Premium Member
join:2006-04-04
equatorial

1 edit

AB57 to MeDuZa

Premium Member

to MeDuZa

Re: Internet Explorer 8 leads in malware-blocking capabilities

said by MeDuZa:

said by AB57:

Well, they don't seem to be blocking Firefox. (Or if so, doing a darn poor job of it.)
They don't block K-Meleon a less known browser neither.
Probably Opera is the only browser they are selectively blocking. IMO they are not only despicable but dumb as well. After all I went round their stupid UA sniffing.
said by sivran:

Works here. Opera 9.64.
This might point towards 'user error', or 'PEBKAC.'
said by MeDuZa:

said by AB57:

So maybe eweek.com isn't quite as despicable as you seem to think.
. . they managed at least to loose their credibility and an occasional visitor.
Good for them.
I believe all websites should loose both their credibility and every visitor.

English is a mysterious and sometimes difficult language. You posting from Austria, I'll assume it's not your native one.
19579823 (banned)
An Awesome Dude
join:2003-08-04

1 edit

19579823 (banned) to siljaline

Member

to siljaline
quote:
IE 8 is stiil My Browser of Choice
Boo hiss!!

mers2
Premium Member
join:2004-03-20
USA

mers2 to Ivybridge_I7

Premium Member

to Ivybridge_I7
As has been said, security has more to do with how the OS is locked down and the operator using the browser. I've never had a problem with firefox - but my set up is locked down.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to MeDuZa

Premium Member

to MeDuZa
Yep. That site doesn't like Opera. I had to fake the User Agent as Firefox to be able to read the article. It displays just fine on Opera 10 beta2.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to 19579823

Premium Member

to 19579823
said by 19579823:
quote:
IE 8 is stiil My Browser of Choice
Boo hiss!!
Everyone is entitled to use whatever Browser mon ami