Browser Security and Socially Engineered Malware

Discussion in 'malware problems & news' started by NSSLabs, Apr 16, 2009.

Thread Status:
Not open for further replies.
  1. NSSLabs

    NSSLabs Registered Member

    Joined:
    Apr 3, 2009
    Posts:
    2
  2. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Thank for the post,

    Just to recap that I understand it correctly, for instance with IE8:

    1. Using Microsoft search to block blacklisted URL's of the "in the cload" servers of Microsoft.

    2. Using its full application sided protection mechanisme like phising filter (a), smart screen filter (b), Cross site scripting filter (c)


    What would be interesting is to disclose what percentage of the high IE8 ranking (IE8 rc1 = 69%, FF v3.07 = 30%, Safari v3 = 24%, Chrome v1.0.54 = 16%, Opera v9.64= 5%, IE7=4%) contributes to [1] above and [2].

    Because both IE7 and IE8 are included in the test, is it safe to say that the (when my assumption is correct, see picture included), that architectural improvements of IE8, smart screen filter and XSS filter make the difference of 65%? (IE8 compared to IE7 when ruling out shared services)

    Thanks
     

    Attached Files:

  3. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Another question: would it be possible to conduct a comparable test with web reputation services like WOT, AVG/Linkscanner, Site Advisor, BrowserDefender, etc?

    Thanks
     
  4. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
  5. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    RDSU, your are a massive poster, please eleborate, because I do not have the knowledge to catch what your are hinting at
     
  6. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    It's simple: I just don't believe in these numbers! :)

    But maybe I'm wrong...
     
  7. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
  8. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    :D

    I think the other topic also had a reference to the same point, but I don't know why the post was deleted, or maybe I didn't saw correctly...

    These number doesn't make any sense to me, and that is why I don't even bother to waste my time reading the report...
     
  9. NSSLabs

    NSSLabs Registered Member

    Joined:
    Apr 3, 2009
    Posts:
    2
    Some clarification. The Microsoft SmartScreen filter is an in-the-cloud URL reputation service for phishing and socially engineered malware (note: not exploits or drive-by downloads). The other tested browsers use similar systems with a combination of local cache or database for either good or bad sites (whether malware or phishing). All tests were done with live internet connection to utilize this lookup service.

    re:#1 microsoft (or any other search) was not used and played no role in the test.

    RE: the other questions on the thread regarding other similar products: Yes, we've invited them to participate in future testing as well.
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    The idea of "which browser protects against socially engineered malware" is a bit problematic. Because the whole idea of social is that it is not technical. Therefore, the focus of social is on society and not technology.

    Because:

    If we assume the user is a moron / bot, they will only do what the browser tells them, whether it's built-in whitelists, plugins, toolbars, filters, etc.

    If we assume the user thinks, then there's no meaning to any of the anti-social thingie stuff.

    Someone who wants to get easy money will listen to the Nigerian warlord no matter what. The same goes for someone who wants to see a naked pic of this or that and so forth.

    Using technology to replace brains is a no no. In fact, I think it's even more dangerous than no technology. When I go to a site, without thinking, I rely on filters to tell me good/bad. And that's it. What if the filter is wrong?

    Remember a month ago when Google flagged every site as malicious due to a mistake? What if due to a mistake a site was un-flagged. People would trust their phishing and pharting filters and that's it.

    Using social skills always takes precedence, especially against social threats. Offering someone millions of dollars and they get convinced? Or someone gets a mail from his "bank" and then goes there? What technology can possibly save these kind of people in the long run. One day, they will come across a site that no filter covers or some conman will sell them a piece of moon and what then?

    The test is therefore problematic, because with the right or wrong audience you can have 100% or 0% success with any which browser.

    Talking of security, did you check Firefox with Perspectives and Noscript?

    Mrk
     
Loading...
Thread Status:
Not open for further replies.