2013 Browser Security Comparative Analysis: Socially Engineered Malware

Discussion in 'other security issues & news' started by Wild Hunter, May 17, 2013.

Thread Status:
Not open for further replies.
  1. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Read more: https://www.nsslabs.com/reports/201...parative-analysis-socially-engineered-malware
     
  2. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Now this is really interesting.
     
  3. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    This again? I didn't even have to read it (but I did of course) to know who would win. My sarcasm aside, I can't dog IE 10 because SmartScreen has shown itself to be effective even on non-Windows 8 systems. It really does work. I'm a little disappointed in Firefox, Chrome results seem pretty normal, and I just don't know what to say about Opera.
     
  4. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    IE continues doing a great job while Chrome improved a lot since last year tests.
    From 70% to 83%. Good job
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Is AVG and Opera still working together? I'd expect better results by now if so.
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Sounds accurate considering the SmartScreen AppReputation feature.
     
  7. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Interesting study, but irrelevant for me. It is based on URL samples collected by NSS, that point to malware, and it doesn't say a word about what kind of malware it is. As a result, it tests only the URL blocking mechanism, and not the real protection capability of a browser.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    What exactly would be the "real protection capability of the browser"?
     
  9. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    I'd like to know that too. If URLs are blocked, 9 times out of 10 that means no malware for you. I'm assuming he means things like the Chrome sandbox and its other security measures. But really, again, usually if a URL hosting the malware is blocked, none of that stuff matters. I'd also never, ever rely on a browser to protect me from malware and I don't know who would or why.
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    Yeah, I agree on all that. I wasn't quite clear on what was being implied. Chrome has the sandbox, but aside from that, a browser is pretty much a browser.
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Agreed, but I do think it plays a significant role in the prevention of malware. It is, after all, the main portal for malware :)
     
  12. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    I disagree, actually. In my opinion, it is plugins and software such as PDF viewers that are under attack more than browsers themselves. No browser can "prevent malware", not even Chrome. Which is more than likely why we have such things as URL blacklists in Chrome and Firefox, and reputation-based checks in place for IE. Sandboxes are more about limiting than preventing, and Chrome can't really be counted on to keep us safe either since its armor has been busted for some time now.
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    I would agree only insofar as there are no holes to be exploited in the browser itself and it's updated and kept as secure as possible.
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Oddly enough, it's plugins that actually come to mind that can augment a browser in reducing the threat of malware, even though the plugins themselves could be exploited by it. A kind of paradox. I'm thinking along the lines of adblocking and script blocking, at least Firefox' NoScript for the latter. Of course there's also other built-in options that a user can enable such as the control of active content in the browser's settings. I agree hardening the browser is, by itself, not enough, but it's an important consideration in securing one's setup.
     
  15. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I think I used the wrong words. A browser can protect you is by having as few bugs possible, that would render it impossible to be exploited by malware. Warning users that a certain link can contain malicious software/exploits/etc. is not necessarily a job for the browser, and can be done by other software as well. So, an URL blocking mechanism is a welcomed addition to a browser, but it doesn't improve the browser's security in any way (yes, it improves the overall security for it's user, but the study was about browsers).
     
  16. THESAWISFAMILY2005

    THESAWISFAMILY2005 Registered Member

    Joined:
    Aug 10, 2012
    Posts:
    198
    Location:
    SACRAMENTO CALIFORNIA
    I never get malware

    I use internet explorer built for windows 8
     
  17. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Well, the browser's job is to let us browse the web. :D But, things have changed in how they "work".

    No sandbox (Internet Explorer and Chromium) has ever been advertised to stop everything. The purpose is to make it harder for a user to be automatically infected through exploits. I'm sure you know that, anyway.

    Yes, they've been busted before, and they enhanced it, but if you take into account the % of users using those sandboxes, which would apply to all those Internet Explorer and Chromium users, then we're talking about many millions, and this makes these sandboxes a target. I'm surprised they haven't been breached a lot more... way lot more. I also recall the lastest Chromium sandbox (under Windows) bypass also required a kernel exploit to compromise the system, so it wasn't the sandbox's own fault.

    But, decent web browsers can actually prevent malware. If you access a website hosting malware and the web browser flags it as such and prevents you from going there, isn't it actually preventing malware hosted at that web site? It is preventing. This is actually something you previously mentioned. :) And, if the sandbox also prevents the exploit from going further, isn't it preventing it? And, if the exploit isn't successful, isn't it preventing it from doing its damage?

    Otherwise, if we think about it, nothing really prevents malware. Hope you get it. :D And, a report such as this one is futile. Well, in my opinion it's futile. lol
     
  18. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    693
    Location:
    Hogwarts.
    I know this test is based on default browsers but..., If you were to install Bitdefender traffic light in Chrome wouldn't that out perform smart screen? Nice to see MS doing well though.
     
  19. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    I completely get what you're saying, yeah. I try to separate browsers from things like the URL databases they use to check sites. But, thinking about it further, I can't, simply because it is indeed a built-in preventing mechanism. Sandboxing is a little easier to call out because no, limiting the damage or access isn't really preventing the malware, to me at least. If it completely stops an exploit from happening, then yes, you've got me fair and square. But, sandboxes are containers, they usually contain/limit the exploit and what it can do. Chrome sandboxes just about everything I can think of, from processes to (sadly only) certain plugins. So, yes, in that environment it makes it awful hard to get out if you're malware. But, obviously it can and has been done numerous times now. It was inevitable really.

    The kernel is always going to be a factor, no matter what security solution you throw at it. If the kernel isn't secure, browser security and sandboxes aren't going to do a heck of a lot for you.
     
  20. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Good question, but no, I don't actually think it would. They don't call it "Smart Screen" for nothin ;) :D
     
  21. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    And the most maligned of all the browsers is actually best at protecting its user. IE has much in common with AVG. :D
     
  22. tlu

    tlu Guest

    In this context it's worth mentioning that it makes a difference if you're using Windows or Linux. Our friend Hungry Man writes in his blog:

    The seccomp sandbox restricts the system calls Chrome can make. Thus, the attack surface is considerably smaller: Even if the Linux kernel has a vulnerability it would be very hard to exploit it.

    HM's conclusion:

     
  23. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,217
    For Mozilla Firefox I use Public fox it blocks downloads (with password) and any interference with Mozilla Firefox, i also use Adblock plus and NoScript-I'm ready for the war against malwares (just a joking, none should take this seriously).
    Sure I also use Chrome and its extensions and that's it.
     
Loading...
Thread Status:
Not open for further replies.