IE9 decimates competition at malware prevention

http://www.neowin.net/news/ie9-decim...are-prevention

Quote:

Originally Posted by Neowin

The latest NSS Labs report is in, and the findings show that Internet Explorer completely dominates all other browsers when it comes to preventing socially engineered malware. For those that aren’t aware, socially engineered malware is a form of malicious software that attempts to trick users into installing it, and thanks to Internet Explorer 9’s SmartScreen URL filtering the browser prevents 92% of it; and up to 100% when you include Application Reputation to filer untrustworthy executables.

~~~ snipped "full content" of article - see the original website page in the link above ~~~

http://arstechnica.com/microsoft/new...king-stats.ars

Quote:

Originally Posted by Ars Technica

Internet Explorer 9's dual-pronged approach to blocking access to malicious URLs—SmartScreen Filter to block bad URLs, and Application Reputation to detect untrustworthy executables—provides the best socially engineered malware blocking of any stable browser version, according to NSS Labs' latest report. Internet Explorer 9 blocked 92 percent of malware with its URL-based filtering, and 100 percent with Application-based filtering enabled. Internet Explorer 8, in second place, blocked 90 percent of malware. Tied for third place were Safari 5, Chrome 10, and Firefox 4, each blocking just 13 percent. Bringing up the rear was Opera 11, blocking just 5 percent of malware.

~~~ snipped "full content" of article - see the original website page in the link above ~~~

[Hungry Man]

Quote:

it comes at the cost of a higher-than-average false positive detection rate, something that would infuriate a lot of advanced users.

To me this is very important. Having a 100% security method won't help if you get people into the "Default Allow" mood with tons of false positives.

Still, it's great to see browsers moving to block socially engineered malware.

[Daveski17]

Oh no ... I'm using Opera at the moment ...

Quote:

Originally Posted by Hungry Man

To me this is very important. Having a 100% security method won't help if you get people into the "Default Allow" mood with tons of false positives.

Still, it's great to see browsers moving to block socially engineered malware.

This "higher-than-average" definitely doesn't mean "tons of false positives". It's a very slight difference.

[Phant0m]

Regarding ”This is why people ignore security warnings: IE9 blocks official Microsoft update”...

“The IE9 issue is mainly because the installer package is unsigned, which is probably an oversight that will be fixed soon.”

... I don’t know how anyone could get a “false positive” from a screen informing of a 'possible' malicious program, reasons giving "little or no information about this unsigned program".

I guess people rather see no screen than a screen to lead to user caution, .. I don’t feel sorry for those types of people who disables security features or ignore warning screens.

[vasa1]

Just curious: are there copyright issues with large cut-n-paste jobs?

Also, does "decimate" mean reduce to 1/10th or reduce by 1/10th?

[Hungry Man]

Reduce by.

[moontan]

this IE9 protection might be good for Joe/Jane Average but i am not concerned whatsoever with social engineering malware.
i don't think anybody here at Wilders is daft enough to fall for such thing.

i only worry about drive-by exploits and those seems to be very rare...

[Hungry Man]

I'm somewhat concerned with social engineering malware. I don't like having to worry about what I download. That's why I enjoy sandboxing, I can download whatever I like and get a sneak-peak of it but it's stuck in the sandbox waiting to be deleted if it's malicious.

Quote:

Originally Posted by vasa1

Just curious: are there copyright issues with large cut-n-paste jobs?

Same question.. I hope mods will edit my posts if there are any copyright issues.

Please, use the report button to make the mods look at this faster. I can't report my own posts.

[J_L]

I'm surprised IE's URL Filter is that effective over other browsers (if the test was truly independent).
The Application Reputation can block 99% of malware, but only if the user makes the right decision. It also has tons of false positives, meaning virtually everything unsigned.

[Noob]

Interesting

Quote:

Originally Posted by J_L

I'm surprised IE's URL Filter is that effective over other browsers (if the test was truly independent).
The Application Reputation can block 99% of malware, but only if the user makes the right decision. It also has tons of false positives, meaning virtually everything unsigned.

But the IE9 SmartScren Filter alone can block 92% of malware, with virtually 0 false positives and without user interaction. You can always keep it and disable the App Reputation filter.

[Robin A.]

Quote:

Originally Posted by guest

You can always keep it and disable the App Reputation filter.

How is it done? Isn´t it bundled in the SmartScreen filter?

I was wrong about this one. There is no way to disable it without disabling SmartScreen Filter.

You will have to live with that extra click in order to run a not commonly downloaded app.

[CogitoTesting]

Quote:

Originally Posted by vasa1

Just curious: are there copyright issues with large cut-n-paste jobs?

If the cut and paste is properly cited, then I do not think so. Since a link was provided to the original article; thus, there is no copyright violation.

Thanks.

[CogitoTesting]

Quote:

Originally Posted by moontan

i don't think anybody here at Wilders is daft enough to fall for such thing.

Don't bet on it because you would be terribly surprised.

Thanks.

[Phant0m]

"SmartScreen Filter is a feature in Internet Explorer that helps detect phishing websites. SmartScreen Filter can also help protect you from downloading or installing malware (malicious software).

SmartScreen Filter helps to protect you in three ways:
• As you browse the web, it analyses webpages and determines if they have any characteristics that might be suspicious. If it finds suspicious webpages, SmartScreen will display a message giving you an opportunity to provide feedback and advising you to proceed with caution.

• SmartScreen Filter checks the sites you visit against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen Filter will show you a warning notifying you that the site has been blocked for your safety.

• SmartScreen Filter checks files that you download from the web against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen Filter will warn you that the download has been blocked for your safety. SmartScreen Filter also checks the files that you download against a list of files that are well known and downloaded by many Internet Explorer users. If the file that you're downloading isn't on that list, SmartScreen Filter will warn you." - What is SmartScreen Filter and how can it help protect me? - http://windows.microsoft.com/en-US/w...questions-IE9#

Quote:

Originally Posted by J_L

I'm surprised IE's URL Filter is that effective over other browsers (if the test was truly independent).
The Application Reputation can block 99% of malware, but only if the user makes the right decision. It also has tons of false positives, meaning virtually everything unsigned.

[J_L]

Quote:

Originally Posted by guest

But the IE9 SmartScren Filter alone can block 92% of malware, with virtually 0 false positives and without user interaction. You can always keep it and disable the App Reputation filter.

I don't use IE at all, or trust this report anyhow.

[Noob]

Yeah, kinda hard to believe.
I have always though things like URL checker etc, have small differences not this HUGE!

[Phant0m]

As it was stated on the comments section, they’re not saying it blocks 92% of ALL Malware URLs on the web ... but just 92% of the tested farmed URLs that they used. As far as we know..., they could have simply used 10 Malware URLs. Not so hard to believe now? Is it?

http://www.nsslabs.com/research/endp...wser-security/

Read the methodologies before abstractly criticizing.

[Phant0m]

"2.1.1 TOTAL NUMBER OF MALICIOUS URLS IN THE TEST
From an initial list of 5,000 new suspicious sites, 706 potentially-malicious URLs were pre-screened for
inclusion in the test and were available at the time of entry into the test. These were successfully
accessed by the browsers in at least one run. We removed samples that did not pass our validation
criteria, including those containing adware or that were not valid malware. Ultimately, 650 URLs
passed our post-validation process and are included in the results, providing a margin of error of
3.84% with a confidence interval of 95%." http://www.nsslabs.com/assets/noreg-...rsem_FINAL.pdf

Such methodology makes NSS Labs tests the best (most accurate) available.

No wonder they receive so much press attention.

FYI: http://www.nsslabs.com/why-nsslabs/n...ernatives.html

However, for the "reptilian conspirationists" that pollute Wilders Security forum's general mentality, "nothing really credible is indeed credible" (only nuts like David Icke. ROFL). I'm already well versed on the dynamics of this place..