The origin is here (http://arstechnica.com/microsoft/news/2009/08/microsoft-sponsors-two-nss-reports-ie8-is-the-most-secure.ars)
The charts show great appearance of IE8 in countering phishing web and malware. Does that mean the builtin safety of IE8 is overwhleming? In that case, why do so many authors develop addons（like keyscrambler etc.) for IE while chrome gets few?
IMO, the best way to prevent malware which come through surfing demolishing core sytem is using sandbox. That's why I trust chrome. But it can't help us to identify phising web. Neither can HIPS.
So guys, what do you think?;) Show your setup of browsers~
:P
I don't know which column should I post this thread, so I put it here:) If it brokes some rules, please help move it. Sorry to the moderator for the inconvenience~:gack:

{QUOTE-> In that case, why do so many authors develop addons（like keyscrambler etc.) for IE while chrome gets few? <-QUOTE}
Because you're confused about what "security" actually means. The test shows IE8's protection against malware/phishing sites. Keyscrambler offers completely different features.

Consider the source.
"Microsoft-sponsored reports find IE8 most secure browser (Updated)"

I take any sponsored reports that favor the sponsor's product with a large grain of salt.

{QUOTE-> Consider the source.
"Microsoft-sponsored reports find IE8 most secure browser (Updated)"

I take any sponsored reports that favor the sponsor's product with a large grain of salt. <-QUOTE}
Why shouldn't Microsoft sponsor it?

Consider it a form of advertisement if you want. They know IE8 outperforms the competition in this regard, so why not sponsor a scientific test to spread the message to the public? It's certainly more credible than Microsoft just saying that their product is best.

{QUOTE-> Because you're confused about what "security" actually means. The test shows IE8's protection against malware/phishing sites. Keyscrambler offers completely different features. <-QUOTE}
Yeah，maybe I am confuse the protection against malware/phishing sites and vulnerable against malware. The test shows the former one which relies more on the service offer by company not software itself IMO.

So how to protect us from phishing? What kind of tools are u using????

{QUOTE-> Why shouldn't Microsoft sponsor it?

Consider it a form of advertisement if you want. They know IE8 outperforms the competition in this regard, so why not sponsor a scientific test to spread the message to the public? It's certainly more credible than Microsoft just saying that their product is best. <-QUOTE}

My response says nothing about whether or not Microsoft should sponsor what amounts to an advertisement for their browser.
As far as what they know or think...who cares?
They are in fact saying their product is the best indirectly-by paying someone else to say it for them. No difference in credibility.
That's why I said to consider the source.

{QUOTE-> They are in fact saying their product is the best indirectly-by paying someone else to say it for them. No difference in credibility.
That's why I said to consider the source. <-QUOTE}
They paid NSS Labs to conduct a scientific test, not as a hustler to promote IE8.

You've considered the source, great. Now how about some valid arguments on why the test is wrong instead of plain 'ol FUD?

{QUOTE-> They paid NSS Labs to conduct a scientific test, not as a hustler to promote IE8.
<-QUOTE}

Really. How do you know their motivation? Are you a Microsoft employee?

Why should I validate results for an advertisement/test?
Like I said....take the report with a grain of salt considering that it is basically a paid advertisement.

*Sigh* Do we HAVE to keep rehashing this same thing over and over and over..you get the point. This shouldn't have even been made into an article, it's merely another one of those random Microsoft ads Microsoft does every now and again, it means jack. They basically tested their phishing filter....*sound of crickets*...I'm not impressed. Who the hell needs a phishing filter anyway besides stupid people that can't figure out that...oh my god, I can MANUALLY type in my websites' URL too! Hmm?

"Socially engineered"...in English it means Joe, with all 3.4 of his IQ points clicked a pretty blinking light he saw on a website, said, and I quote, "Ooh, pretty lights" and then sat there and scratched his head thinking "Hey, how come my computer is all slow and where'd these funny pop-ups come from?"....again, not impressed. I LOVED Opera's supposed response when deciding not to take the test: "We don't really focus on malware"....could that be because nobody uses the damn thing so nobody focuses attacks on it? Not saying that's a bad thing, after all, that's the only thing keeping Linux so high and mighty (opinion), but, just food for thought.

{QUOTE-> Really. How do you know their motivation? Are you a Microsoft employee?

Why should I validate results for an advertisement/test?
Like I said....take the report with a grain of salt considering that it is basically a paid advertisement. <-QUOTE}
Your claim makes as much sense and has as much evidence backing it up as saying, oh, for instance, that AV-Comparatives is working hand-in-hand with antivirus vendors to deliver doctored results.

Spreading FUD and being cynical simply for the sake of being cynical may make you look smart, but actually requires neither work nor intelligence.

{QUOTE-> *Sigh* Do we HAVE to keep rehashing this same thing over and over and over..you get the point. This shouldn't have even been made into an article, it's merely another one of those random Microsoft ads Microsoft does every now and again, it means jack. They basically tested their phishing filter....*sound of crickets*...I'm not impressed. Who the hell needs a phishing filter anyway besides stupid people that can't figure out that...oh my god, I can MANUALLY type in my websites' URL too! Hmm?

"Socially engineered"...in English it means Joe, with all 3.4 of his IQ points clicked a pretty blinking light he saw on a website, said, and I quote, "Ooh, pretty lights" and then sat there and scratched his head thinking "Hey, how come my computer is all slow and where'd these funny pop-ups come from?"....again, not impressed. I LOVED Opera's supposed response when deciding not to take the test: "We don't really focus on malware"....could that be because nobody uses the damn thing so nobody focuses attacks on it? Not saying that's a bad thing, after all, that's the only thing keeping Linux so high and mighty (opinion), but, just food for thought. <-QUOTE}

Hear, Hear!

In the past 3 months I had to remove malware from a couple of people's computers remotely because they clicked on something they shouldn't have.

Still running Firefox /w NoScript and only Windows built-in firewall with my router. No other security employed for almost 3 years.

I haven't tried IE8 yet except in Windows 7. I've read that it is a significant improvement to IE7.

{QUOTE-> Your claim makes as much sense and has as much evidence backing it up as saying, oh, for instance, that AV-Comparatives is working hand-in-hand with antivirus vendors to deliver doctored results.

Spreading FUD and being cynical simply for the sake of being cynical may make you look smart, but actually requires neither work nor intelligence. <-QUOTE}

You're comparing apples and oranges there.
AV-Comparatives is an unbiased testing organization. How does that compare on any level to a paid advertisement?

Common sense should dictate that a paid advertisement for a product is not going to address weaknesses and shortcomings. Any claims will be positive. Where I come from that is not cynical, but realistic. It doesn't take much thought either. That apparently bothers you.
That's not my problem.
Btw, you haven't answered the question of whether or not you work for Microsoft. Do you?

{QUOTE-> You're comparing apples and oranges there.
AV-Comparatives is an unbiased testing organization. How does that compare on any level to a paid advertisement? <-QUOTE}
It doesn't. What you continually ignore is the fact that NSS Labs, like AV-Comparatives, was paid to conduct scientific testing, not a blatant ad.

{QUOTE-> Btw, you haven't answered the question of whether or not you work for Microsoft. Do you? <-QUOTE}
Because I see no reason to answer questions about my personal life just because a stranger on the Internet asks. Do you?

I don't see it being "cynical" to question those findings.
I think its being a smart consumer.

Anyhooo , about phising.

I don't have anything to check for it.
Its really only a problem
1) if your buying something on-line.
2) internet banking

1) Then I would be careful about the website having the lock icon , only really buy from a few websites.
But there will always be a risk there.

2) Banking is actually safer , as they *should* pay if I lost money through pishing ( law & practice for this would vary ).
Also moving money to a new account , needs a code from me.
And shows last logged in time so would know roughly if someone else had logged in.


So all in all I don't worry about it much.

Readers of this forum may be interested in the following report.

{QUOTE-> Internet Explorer 8 detected nearly three times as many socially engineered malware links than Apple's Safari 4 and Mozilla's Firefox 3, according to new test results from an independent security lab.

IE8 blocked 81 percent of socially engineered malware URLs -- those links that appear to be legitimate in order to dupe the user into "downloading" something -- while Firefox 3.0.11 caught 27 percent; Apple Safari 4.0.2, 21 percent; Google Chrome 2.0.172.33, 7 percent; and Opera 10 Beta, only 1 percent, according to a new round of browser security feature tests by NSS Labs.

Both IE8 and Firefox nearly equally caught most phishing sites: IE8 detected 83 percent of them, while Firefox 3 caught 80 percent. Opera 10 Beta stopped about 54 percent, while Chrome 2 blocked 26 percent, and Safari 4 just 2 percent.

So how did IE8 fare so much better in nabbing socially engineered malware threats? "The difference is the reputation system in the cloud," says Rick Moy, president of NSS Labs. "It comes back to Microsoft's resources."

Amy Barzdukas, general manager of Internet Explorer, concurred. "We have tremendous reach," she says, including Microsoft's opt-in program for customers that gathers real threat data, and Microsoft's global security response organization. "The [customer data] feedback and telemetry gives us visibility on what's going on worldwide in a very significant way," Barzdukas says. ...

Source: Lab: IE8 Beats Firefox, Chrome, Safari, Opera In Catching Socially Engineered Malware (http://www.darkreading.com/insiderthreat/security/app-security/showArticle.jhtml?articleID=219300134) <-QUOTE}
On a more general note, this lab result highlights the beneficial impact of using cloud-based “reputation” scores and the importance of reach (i.e., the number of participants in the “community” contributing data for the computation of reputation).

Are we sure it's a genuine non biased report we can trust?

{QUOTE-> Are we sure it's a genuine non biased report we can trust? <-QUOTE}
Gen, NSS Labs appears to be a legitimate, trustworthy organization:

{QUOTE-> NSS Labs is the leading independent security product testing and certification organization, and operates the largest security & performance lab in the world. NSS Labs is independent, and does not have a parent company that competes with product vendors or sells advertising. Our certifications and reports are highly regarded by information security professionals for their rigor, depth and integrity, and are used to validate purchasing decisions in global enterprises. NSS Labs is a participating organization in the PCI Security Standards Council and a member of AMTSO.

Source: NSS Labs (http://nsslabs.com/about-nss/index.php) <-QUOTE}
The full report is available here (http://nsslabs.com/browser-security-malware-3Q2009).

NSS Labs is a legitimate, trustworthy organization.

So, anybody ditching Opera ? ;D

{QUOTE-> So, anybody ditching Opera ? ;D <-QUOTE}
Yes...If George W Bush is elected President of the United States by a landslide and is judged by all the people of the United States to be a GREAT President and have a sound mind. ;D

{QUOTE-> So, anybody ditching Opera ? ;D <-QUOTE}

Why would you ditch a browser that works perfectly well for you? Only because someone found it lacking? As a man of science, I can tell you that you can get any kind of results you want, without rigging the experiment - you just perform it the way you want the outcome to be. Not that this is the case here ...

How likely are you to fall for social engineering attacks anyway? You're good with Opera.

Mrk

{QUOTE-> Why would you ditch a browser that works perfectly well for you? Only because someone found it lacking? As a man of science, I can tell you that you can get any kind of results you want, without rigging the experiment - you just perform it the way you want the outcome to be. Not that this is the case here ...

How likely are you to fall for social engineering attacks anyway? You're good with Opera.

Mrk <-QUOTE}
Was not considering it - was 'tongue in cheek'. Have been using Opera ever
since it was offered free ( sometime second half 2006 I think ). Make that mid 2005 with version 8.5.
Any exploits are fixed very promptly and there aren't many as borne out by Secunia. :)

{QUOTE-> So, anybody ditching Opera ? ;D <-QUOTE}

Not a chance here.;)
And I agree with your last post 100%.