Browser Security Comparative Analysis Report - Socially Engineered Malware

Eight leading browsers, including three from China, were tested against the Security Stack: Testing Methodology V1.5, using 657 samples of socially engineered malware (SEM) that were captured over 14 days in NSS Labs’ unique live testing harness. SEM attacks use several different methods to deceive users into downloading malicious software, but the browser is the primary vector for delivery of SEM and therefore is the first line of defense against such attacks. Block rates ranged from 99.9% to 4.1%, so download the full report to find out which browsers offer the most protection against socially engineered malware.


https://www.nsslabs.com/reports/bro...e-analysis-report-socially-engineered-malware

 

My, my, MY. Is THIS 'analysis report' ever gonna generate some interesting comments....

 

from nss labs probably not to many (no offense)

 

This test is only relevant if you're using:
a) just browser without any AV
b) any browser other than IE with MSE

It's not relevant for anyone who's using half capable AV that is good at file based malware detection as well as webpage blocking. In which case, what browsers blocking becomes highly irrelevant.

 

Does one purchase a box of cake mix and bake a cake without adding some frosting on it?

 

Then I have to read, but do not worry, Kaspersky inbuilt in the browser tests my files, even when I do not it want it too. Anyway, this test applies to the automatic blocking? I guess, when a user is presented the choice to download the file without telling him, that it might be infected with malware, it is considered as a fail?

 

Easy peasy for IE as always.

 

Half capable, that is good at?

That is an useful advice, wonder what Sheldon Cooper would say about this.

 

Microsoft and Google has the advantage of malware data they get elsewhere. So, the results are kind of expected.

 

Seems to support the view of using Chrome over FireFox.
-cheers,
feandur

 

So the test would probably be just on the individual browser, but it doesn't take into consideration the use of a good Host file and using a browser such as Palemoon or Firefox with Noscript added as many do including myself.

 

Well, it's a test of the browser's own mechanism to protect end-users against SEM. It has to test at defaults to reach its objective.

 

I don't believe in this test. It's totally irrelevant to me.

Google Chrome is the most secure browser out there. End of discussion.

 

From my understanding, and please correct if I am wrong, this report is about web browsers' built-in protection against social engineering. Thus it's about more about protection against tricking users into downloading something and executing it rather than breaching the browsers' defenses with exploits (sandbox escapes, compromised plugins).

Hence mechanisms like the Chromium sandbox, sandboxed plugins and NoScript are of very limited use here and reputation based protection (SmartScreen, as it is offered in Internet Explorer) seems stronger. Unless we're dealing with cases of social engineering which are aiming to lure the user to visit a malicious url with an exploit kit waiting in the background.

At least this is how I interpreted the report.

Sorry, I just saw that you decreed the end of the discussion. Hence my reply in its entirety was inappropiate. I sincerely hope you'll find in your heart to forgive me my rudeness.

 

Sorry, but it seems to me that your eyesight is a bit weak, or, may be, you didn't interpret my post correctly! In that case (if so), please, read my second sentence again in the previous post before attacking me with sarcasm!

Regards!

 

Sorry, I couldn't find anything useful in your post.

 

To blame someone's eyesight on a fault that appears to be your own in not viewing or understanding the tests that took place is quite short sighted ( excuse the pun )
I also don't understand why you place your comment and then state end of discussion you do realise that forums are for discussions

 

That's your problem then! Move on!

@bidd: Not going to start a useless debate for nothing. If you have something substantial to add with respect to the topic, then you are welcome or else, don't bore others because I certainly am not interested in this.

 

The only one not adding anything substantial with respect to the topic is you. You are just trolling.

 

@bidd: Not going to start a useless debate for nothing. If you have something substantial to add with respect to the topic, then you are welcome or else, don't bore others because I certainly am not interested in this.[/QUOTE]

Useless debate is your answer yet my I was not debating anything - just an answer plus question which you incompetently failed to answer.

Regarding adding something substantial to the topic! in what way was your earlier post adding anything to this topic other than you failed to understand to nature of the test

 

Exactly, that's how I see it as well. But both you and I could be wrong of course