2013 Browser Security Comparative Analysis: Socially Engineered Malware

Read more: https://www.nsslabs.com/reports/201...parative-analysis-socially-engineered-malware

 

Now this is really interesting.

 

This again? I didn't even have to read it (but I did of course) to know who would win. My sarcasm aside, I can't dog IE 10 because SmartScreen has shown itself to be effective even on non-Windows 8 systems. It really does work. I'm a little disappointed in Firefox, Chrome results seem pretty normal, and I just don't know what to say about Opera.

 

IE continues doing a great job while Chrome improved a lot since last year tests.
From 70% to 83%. Good job

 

Is AVG and Opera still working together? I'd expect better results by now if so.

 

Sounds accurate considering the SmartScreen AppReputation feature.

 

Interesting study, but irrelevant for me. It is based on URL samples collected by NSS, that point to malware, and it doesn't say a word about what kind of malware it is. As a result, it tests only the URL blocking mechanism, and not the real protection capability of a browser.

 

What exactly would be the "real protection capability of the browser"?

 

I'd like to know that too. If URLs are blocked, 9 times out of 10 that means no malware for you. I'm assuming he means things like the Chrome sandbox and its other security measures. But really, again, usually if a URL hosting the malware is blocked, none of that stuff matters. I'd also never, ever rely on a browser to protect me from malware and I don't know who would or why.

 

Yeah, I agree on all that. I wasn't quite clear on what was being implied. Chrome has the sandbox, but aside from that, a browser is pretty much a browser.

 

Agreed, but I do think it plays a significant role in the prevention of malware. It is, after all, the main portal for malware

 

I disagree, actually. In my opinion, it is plugins and software such as PDF viewers that are under attack more than browsers themselves. No browser can "prevent malware", not even Chrome. Which is more than likely why we have such things as URL blacklists in Chrome and Firefox, and reputation-based checks in place for IE. Sandboxes are more about limiting than preventing, and Chrome can't really be counted on to keep us safe either since its armor has been busted for some time now.

 

I would agree only insofar as there are no holes to be exploited in the browser itself and it's updated and kept as secure as possible.

 

Oddly enough, it's plugins that actually come to mind that can augment a browser in reducing the threat of malware, even though the plugins themselves could be exploited by it. A kind of paradox. I'm thinking along the lines of adblocking and script blocking, at least Firefox' NoScript for the latter. Of course there's also other built-in options that a user can enable such as the control of active content in the browser's settings. I agree hardening the browser is, by itself, not enough, but it's an important consideration in securing one's setup.

 

I think I used the wrong words. A browser can protect you is by having as few bugs possible, that would render it impossible to be exploited by malware. Warning users that a certain link can contain malicious software/exploits/etc. is not necessarily a job for the browser, and can be done by other software as well. So, an URL blocking mechanism is a welcomed addition to a browser, but it doesn't improve the browser's security in any way (yes, it improves the overall security for it's user, but the study was about browsers).

 

I never get malware

I use internet explorer built for windows 8

 

Well, the browser's job is to let us browse the web. But, things have changed in how they "work".

No sandbox (Internet Explorer and Chromium) has ever been advertised to stop everything. The purpose is to make it harder for a user to be automatically infected through exploits. I'm sure you know that, anyway.

Yes, they've been busted before, and they enhanced it, but if you take into account the % of users using those sandboxes, which would apply to all those Internet Explorer and Chromium users, then we're talking about many millions, and this makes these sandboxes a target. I'm surprised they haven't been breached a lot more... way lot more. I also recall the lastest Chromium sandbox (under Windows) bypass also required a kernel exploit to compromise the system, so it wasn't the sandbox's own fault.

But, decent web browsers can actually prevent malware. If you access a website hosting malware and the web browser flags it as such and prevents you from going there, isn't it actually preventing malware hosted at that web site? It is preventing. This is actually something you previously mentioned. And, if the sandbox also prevents the exploit from going further, isn't it preventing it? And, if the exploit isn't successful, isn't it preventing it from doing its damage?

Otherwise, if we think about it, nothing really prevents malware. Hope you get it. And, a report such as this one is futile. Well, in my opinion it's futile. lol

 

I know this test is based on default browsers but..., If you were to install Bitdefender traffic light in Chrome wouldn't that out perform smart screen? Nice to see MS doing well though.

 

I completely get what you're saying, yeah. I try to separate browsers from things like the URL databases they use to check sites. But, thinking about it further, I can't, simply because it is indeed a built-in preventing mechanism. Sandboxing is a little easier to call out because no, limiting the damage or access isn't really preventing the malware, to me at least. If it completely stops an exploit from happening, then yes, you've got me fair and square. But, sandboxes are containers, they usually contain/limit the exploit and what it can do. Chrome sandboxes just about everything I can think of, from processes to (sadly only) certain plugins. So, yes, in that environment it makes it awful hard to get out if you're malware. But, obviously it can and has been done numerous times now. It was inevitable really.

The kernel is always going to be a factor, no matter what security solution you throw at it. If the kernel isn't secure, browser security and sandboxes aren't going to do a heck of a lot for you.

 

Good question, but no, I don't actually think it would. They don't call it "Smart Screen" for nothin

 

And the most maligned of all the browsers is actually best at protecting its user. IE has much in common with AVG.

 

In this context it's worth mentioning that it makes a difference if you're using Windows or Linux. Our friend Hungry Man writes in his blog:

The seccomp sandbox restricts the system calls Chrome can make. Thus, the attack surface is considerably smaller: Even if the Linux kernel has a vulnerability it would be very hard to exploit it.

HM's conclusion:

 

For Mozilla Firefox I use Public fox it blocks downloads (with password) and any interference with Mozilla Firefox, i also use Adblock plus and NoScript-I'm ready for the war against malwares (just a joking, none should take this seriously).
Sure I also use Chrome and its extensions and that's it.