IE9 with SmartScreen Leads Malware Protection Once Again

Wonderful...

false positive rate?

 

I searched the NSS Labs site and the NSS Labs Full results report (pdf) and found no data regarding this aspect.

But, for IE9, I suspect the false positive rate is at the same level of the other browsers for the SmartScreen component (responsible for 96% of the 99.2% IE9's detection rate in the NSS Labs study).

As for the Application Reputation component (responsible for 3.2% of the 99.2% IE9's detection rate in the NSS Labs study), it will depend in what you classify as a false positive. After all, information about a download not being so common isn't false even if the download happens to be clean of malware traces.

NSS Labs somewhat managed to test them independently, which I couldn't do here:

 

Good stuff.

Thanks.

 

What are they doing, releasing the same report over and over, just changing the date? This is the second time in like a month, month and a half maybe? I'm all for MS being that good, honestly, but one can only see so many NSS/MS reports before you stop caring. In my view it's starting to look like MS is scared to death that IE 9 is failing (in a way it is, actually. It never did "catch fire"). I've always wondered about the whole NSS/MS thing anyway. Any time a glowing review of IE security shows up, the NSS name is right there on it. Not that I think IE 9 is crap, just that, eh, whatever, I couldn't care less, lol.

 

Agree... and you can't find NSS Labs in A.M.T.S.O(Anti-Malware Testing Standards Organization).

 

They are testing a browser, could that really be classed as an anti-malware product? On top of that, the 3 top posted malware testing companies on these forums (AV-C, AV-TEST, PCSL) aren't listed under AMTSO but lots of people swallow those results.

Only 3 tests this year, less than AV-C: http://www.nsslabs.com/research/endpoint-security/browser-security/

 

Check again!

 

Maybe you can be more specific than that? I don't see any of those 3 listed.

edit: I see, PCSL goes by "PC Security Labs", now what about the 2 big boys? Why aren't they there?

 

I only wanted to point out that PC Security Labs was listed, that's all.

But one can wonder why AV-C isn't there.

 

Well tell me what is wrong with that? New malware and their variants are being created every day, therefore it makes sense that a testing company tests regularly browsers and security products. To me, that's the only way to go in order measure efficacy and efficiency when threats are being constantly created and updated.

So what is your point again? Do you actually mean that they are biased? My own testing confirms their results. As a former Firefox user I can say that IE9 is the best browser for malware protection, period.

Thanks.

 

Having tried to test malware on a VM with IE9 I can attest to how many it blocks =p I had to download Chrome just so I could download malware.

 

No, I don't think NSS is all that biased, my thought is that MS is using them as a marketing department.

 

I wonder how it would do sans Sandboxie, seeing as how Sandboxie cripples Browsing Protection? I'm not asking that to make a point about Sandboxies' protection, I'm simply wondering how well it would do with a default sandbox that doesn't have all the tight settings applied.

 

Sandboxie cripples browsing protection?

 

Yes it does, Protected Mode. That's why I wondered if IE 9 would be so robust in that sort of scenario.

 

One would assume that in that case Sandboxie is taking over the role of security against exploits.

But in this case, I don't see how Sandboxie really comes into play with what is in essence a domain black/rep list.

 

Protected mode just runs it at LI. Why would Sandboxie mess with that?

Honest question, I don't have a lot of experience with sandboxie.

 

But in an "out of the box", sandbox, it won't do much protecting, as everything is allowed to run. By the way, the topic is discussed (well, brushed aside really) here: http://www.sandboxie.com/phpbb/viewtopic.php?t=10100&sid=8270b61e9d64b601ff6552c5a7b00457.

Note I'm not trying to start a discussion on whether this makes sandboxie good or bad, only curious as to how disabling Protected Mode would affect IE 9's supposedly superior malware blocking.

 

Strange that it shuts it off.

 

Per a much older thread: http://www.sandboxie.com/phpbb/viewtopic.php?t=3753, it seems as if Protected Mode is a sandbox of sorts itself, so therefore sandboxie isn't compatible with it..though I'd hardly call Tzuks' description of it an actual sandbox..so I'm not quite convinced as to why it would shut it off.

 

Protected mode is sandboxing the way that integrity is sandboxing. I don't see why low integrity would mess with it.

Chrome runs in protected mode as well, it just can't be toggled.

 

If these results are valid, they're not useful to those still using Windows XP who can't get IE9.

 

But I think we can agree that XP is the dieing minority. Didn't it just recently drop below the global 50% mark?

 

lol are some personal computers still running xp?