Browser Security Comparative Analysis Report - Socially Engineered Malware

Discussion in 'other anti-virus software' started by lordraiden, Apr 1, 2014.

Thread Status:
Not open for further replies.
  1. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    Eight leading browsers, including three from China, were tested against the Security Stack: Testing Methodology V1.5, using 657 samples of socially engineered malware (SEM) that were captured over 14 days in NSS Labs’ unique live testing harness. SEM attacks use several different methods to deceive users into downloading malicious software, but the browser is the primary vector for delivery of SEM and therefore is the first line of defense against such attacks. Block rates ranged from 99.9% to 4.1%, so download the full report to find out which browsers offer the most protection against socially engineered malware.


    https://www.nsslabs.com/reports/bro...e-analysis-report-socially-engineered-malware
     
  2. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    657
    Location:
    Southwestern Massachusetts
    My, my, MY. :eek: Is THIS 'analysis report' ever gonna generate some interesting comments.... :argh:
     
  3. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    from nss labs probably not to many (no offense)
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    This test is only relevant if you're using:
    a) just browser without any AV
    b) any browser other than IE with MSE

    It's not relevant for anyone who's using half capable AV that is good at file based malware detection as well as webpage blocking. In which case, what browsers blocking becomes highly irrelevant.
     
  5. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Does one purchase a box of cake mix and bake a cake without adding some frosting on it?
     
  6. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    Then I have to read, but do not worry, Kaspersky inbuilt in the browser tests my files, even when I do not it want it too. :D Anyway, this test applies to the automatic blocking? I guess, when a user is presented the choice to download the file without telling him, that it might be infected with malware, it is considered as a fail? o_O
     
  7. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Easy peasy for IE as always. :rolleyes:
     
  8. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,060
    Location:
    Netherlands
    Half capable, that is good at?

    That is an useful advice, wonder what Sheldon Cooper would say about this.
     
  9. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Microsoft and Google has the advantage of malware data they get elsewhere. So, the results are kind of expected.
     
  10. Feandur

    Feandur Registered Member

    Joined:
    Jun 15, 2005
    Posts:
    401
    Location:
    Australia
    Seems to support the view of using Chrome over FireFox.
    -cheers,
    feandur
     
  11. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    So the test would probably be just on the individual browser, but it doesn't take into consideration the use of a good Host file and using a browser such as Palemoon or Firefox with Noscript added as many do including myself.
     
  12. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Well, it's a test of the browser's own mechanism to protect end-users against SEM. It has to test at defaults to reach its objective.
     
  13. Sher

    Sher Registered Member

    Joined:
    Oct 19, 2005
    Posts:
    366
    Location:
    Pakistan
    I don't believe in this test. It's totally irrelevant to me.

    Google Chrome is the most secure browser out there. End of discussion.
     
  14. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,070
    Location:
    Germany
    From my understanding, and please correct if I am wrong, this report is about web browsers' built-in protection against social engineering. Thus it's about more about protection against tricking users into downloading something and executing it rather than breaching the browsers' defenses with exploits (sandbox escapes, compromised plugins).

    Hence mechanisms like the Chromium sandbox, sandboxed plugins and NoScript are of very limited use here and reputation based protection (SmartScreen, as it is offered in Internet Explorer) seems stronger. Unless we're dealing with cases of social engineering which are aiming to lure the user to visit a malicious url with an exploit kit waiting in the background.

    At least this is how I interpreted the report.

    Sorry, I just saw that you decreed the end of the discussion. Hence my reply in its entirety was inappropiate. I sincerely hope you'll find in your heart to forgive me my rudeness.
     
  15. Sher

    Sher Registered Member

    Joined:
    Oct 19, 2005
    Posts:
    366
    Location:
    Pakistan
    Sorry, but it seems to me that your eyesight is a bit weak, or, may be, you didn't interpret my post correctly! In that case (if so), please, read my second sentence again in the previous post before attacking me with sarcasm!

    Regards!
     
  16. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,070
    Location:
    Germany
    Sorry, I couldn't find anything useful in your post.
     
  17. bidd

    bidd Registered Member

    Joined:
    Jul 10, 2013
    Posts:
    117
    Location:
    Australia
    To blame someone's eyesight on a fault that appears to be your own in not viewing or understanding the tests that took place is quite short sighted ( excuse the pun ):shifty:
    I also don't understand why you place your comment and then state end of discussion:confused: you do realise that forums are for discussions:rolleyes:
     
  18. Sher

    Sher Registered Member

    Joined:
    Oct 19, 2005
    Posts:
    366
    Location:
    Pakistan
    That's your problem then! Move on!

    @bidd: Not going to start a useless debate for nothing. If you have something substantial to add with respect to the topic, then you are welcome or else, don't bore others because I certainly am not interested in this.
     
  19. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,070
    Location:
    Germany
    The only one not adding anything substantial with respect to the topic is you. You are just trolling.
     
  20. bidd

    bidd Registered Member

    Joined:
    Jul 10, 2013
    Posts:
    117
    Location:
    Australia
    @bidd: Not going to start a useless debate for nothing. If you have something substantial to add with respect to the topic, then you are welcome or else, don't bore others because I certainly am not interested in this.[/QUOTE]

    Useless debate is your answer yet my I was not debating anything - just an answer plus question which you incompetently failed to answer.

    Regarding adding something substantial to the topic! in what way was your earlier post adding anything to this topic other than you failed to understand to nature of the test:confused:
     
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Get back on the thread topic without attacking each other.
     
  22. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Exactly, that's how I see it as well. But both you and I could be wrong of course :shifty:
     
Loading...
Thread Status:
Not open for further replies.