Study finds Internet Explorer to be malware blocking king

http://www.ghacks.net/2012/09/28/study-finds-internet-explorer-to-be-malware-blocking-king/

https://www.nsslabs.com/reports/your-browser-putting-you-risk-part-1-general-malware-blocking
https://www.nsslabs.com/reports/your-browser-putting-you-risk-part-2-click-fraud

Related, new SmartScreen in windows 8
http://www.howtogeek.com/123938/htg-explains-how-the-smartscreen-filter-works-in-windows-8/

 

Well done IE but FF with some security addons would be securer.

 

Couldn't agree more

 

Anyone think it's just a coincidence that NSS Labs only seems to release studies on the things that Internet Explorer excels at? And that every time they do the research shows IE not just 'slight'y ahead but by an incredibly wide margin?

Key information from the link:

 

That completely defeats the point of having the browser do it. You can also install IE addons to make IE even MORE secure, thereby beating Firefox with addons, but both browsers will be take hit in speed, resource consumption, and security.

The point here is that IE is better at protecting at these kind of attacks by default. Install whatever addons you deem necessary to make your browser catch up to IE, but it will not be as efficient as using the browser by itself.

The same argument as we've seen before on these forums. But this time it's different, apparently:

http://thenextweb.com/microsoft/201...ocks-95-threats-google-chrome-blocks-just-33/

 

Opera wasn't tested in this group?

 

I read that. It just seems like quite the coincidence that they focus on the things IE excels at.

 

That's all well and good but its IE at the end of the day so bleh.

To me, its all about a users personal preference. If they want to use IE based upon this study then go for it.

If someone prefers Firefox or Chrome with add-ons then so be it. IE blocks to many things in my opinion by default, which is one of the many reasons I choose not to use it.

 

At least we know that IE9 excel in something.... otherwise the image given to IE is often "... avoid it.. its a peace of ju..."

 

How about no browser is secure in its base retail configuation: http://arstechnica.com/business/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest/

 

IE is completly unusable with trackpoint. It has no smooth scrolling -- plz don't tell me that this option can be enabled because it enabled. Chrome, FF and Opera have no problems.

 

Exploits are a completely different topic of discussion. This topic is basically about the effectiveness of SmartScreen (in summary), and how well Microsoft a) maintains it and b) reacts to new sites. The article clearly points out how short a lifetime this websites have, so Microsoft's reaction time is critical.

Yeah... Microsoft has proven to excel at many things including hardware acceleration, I myself have posted the links to their various blog posts, but don't let the inconvenient facts cloud your hating.

But you raise a good point: will Microsoft ever shed this stigma that's associated with IE?

 

Regarding your first point: I don't think so. FF, for example, with NoScript alone (screw everything else)... I don't see how you could possibly make IE safer no matter what you did with it.

Regarding your second point: These addons actually make FF "more" efficient, not less, since it stops a bunch of junk elements from loading on your page. With NS, ABP & Request Policy the speed & efficiency of my browser is unquestionably better, not worse.

A point of my own: IE has always been unresponsive and unstable for me. Even if it blocked 100% of all possible attack scenarios, I still wouldn't use it. And this attitude is the norm regarding anyone that's tried an alternate browser in their lifetime.

 

Was this report prepared by summer interns? The extremely brief summary together with the mixing of significantly different types of detection makes it difficult to properly weigh. Lets consider just malicious URL checking for a second..

AFAIK, this is in practice just a check to see if a URL or portion thereof matches an entry in a previously-detected-threat database. The actual assessment and detection of a threat has to have already occurred in order for this lookup to be of any value. The assessment itself is problematic due to the potential for only some browser instances to be able to access certain resources (login, IP Address, etc gating) and the more general case of serving up different content to different browser instances.

It seems this NSS study is basically just an indirect study of how thoroughly and promptly the previously-detected-threat database is populated. Both Microsoft and Google can datamine email for suspicious URLs, run their own web scanners during or after search indexing, and acquire information from other companies. All of these browsers may have very primitive local anti-phishing checking features built into the browser which also contribute info to the Microsoft or Google database. However, Microsoft has its own AV software running on millions of machines. Assuming that software does something useful in terms of assessing the threat posed by web content at or behind URLs, that gives Microsoft a way to on its own promptly update its previously-detected-threat database.

In order to understand how these browsers and the associated threat databases are performing when it comes to a specific thing like malicious URL checking, we would need statistics for that specific thing broken out. We would need to know the nature of the URL being checked (Is it for a webpage that includes malicious web content? Is it for webpage that merely has links to malicious files? Is it the URL of a malicious exe?) and which browsers/databases detected it as malicious and on what basis (the URL being in a database or the downloaded file hash being in a database, for example). Given the limited information in the NSS report, I don't see how we can get at this important information.

Judging from the big step up in detection due to Chrome's malicious download scanner (was that added in 17, after a certain amount of testing had already been done?), I would think that a large percentage and probably a majority of the URLs being checked were to specific file downloads. Judging from Firefox's detection rate and steady time to block, I would think that Google wasn't feeding those known malware file URLs into the Safe Browsing API v2 database or at least didn't push the related data out to Firefox. On one hand I don't think that a big problem because no one should be relying upon this type of browser blocking to block malware programs (which may or may not arrive via the browser). That is what AV software is for. However, this could be used as an excuse to convert Firefox to the darkside where full URLs and a GUID are sent to Google.

 

Well, i knew IE was kinda safe but this is insane . . .
/Skeptical

 

Whatever! I don't use IE and wouldn't change my minds anyways.

 

You don't *think* so? Heh, IE has scripting options built directly into the browser, as well as XSS protection / per-domain options

That has what exactly to do with malware prevention? Everything you've mentioned would be used to prevent exploits (NS) or advertisements (ABP). You need to think more on the lines of AVG and Bitdefender plugins that actually prevent these domains, and since they run in the addon system, use massive databases (and more recently, transmit visited URL data in unencrypted form lol...) you really will notice a slowdown, not a speedup.

Yeah, and your attitude is the norm for anyone that hasn't tried IE in 10 years. But to each their own!

 

I think NSS is using the term "malware" in a broad sense which could include pretty much any type of web retrieved file, inner content, or HTTP response that satisfies the "mal" part. Which would make sense considering they are testing things which block web requests for a multitude of reasons. They mentioned several categories or purposes of such malware and very many users would add to those. Common additions being scripts that drive third party tracking and profiling, very obnoxious active ads or other content that interfere with navigation and/or windows, pages or scripts that leak sensitive information to other sites, etc.

From a broad malware (think "bad software" if it helps) point of view, NS blocking a java file, flash file, or embedded script that is part of an exploit attempt is performing a malware prevention function. ABP with custom or subscription filters blocking the request/execution of a javascript file that performs third party tracking is performing a malware prevention function. Request Policy blocking a site from performing unnecessary third party requests is performing a malware prevention function. NS, ABP, and RP provide protection capabilities that no AV addon will match. On the other hand, AV addons should be providing protection capabilities that NS, ABP, and RP aren't matching. Point is, they can all fairly be called anti-malware tools and blockers.

 

Nice to see IE is doing good in this test

I don't think that browsers balcklisting bad sites is an effective way to protect a user, but I guess it is a welcomed additional faeture to overall security. I hope that in time other browsers will follow up.

 

i wish they devoted a little of their time on the IE's performance
ie's performance always freaks me out ! i dunno what's wrong with it.

( the awkward moment when you accidentally open internet explorer. )

 

When a browser can fix brains then we can talk about it.

 

So NSS Labs needs funding, because MS used to sponsor their studies but no longer does. What to do, what to do? NSS Labs spends their own money in an attempt to get MS back onboard, and to grease that rail, they once again provide runaway scores for MS. Don't be surprised if we see in the near future that NSS Labs has once again obtained MS sponsorship.

 

It's not the first test showing that ie smart screen is much much better than the competence

 

What other studies have shown so? Non-NSS studies.

 

https://www.youtube.com/watch?v=O94v1MdMcxk
https://www.youtube.com/watch?v=fxqcY7TdbdQ
https://www.youtube.com/watch?v=huhOy82XBPA
http://www.brighthub.com/computing/smb-security/articles/56996.aspx
google, youtube and my personal testing comparing it with firefox which doesn't block almost anything.
It's a fact that smartscreen is better than the competence, but it's very easy to say without any proof that NSS is cooking the results.