IE9 with SmartScreen Leads Malware Protection Once Again

Discussion in 'other software & services' started by guest, Aug 15, 2011.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    :thumb:
     
    Last edited by a moderator: May 10, 2012
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Wonderful...

    false positive rate?
     
  3. guest

    guest Guest

    I searched the NSS Labs site and the NSS Labs Full results report (pdf) and found no data regarding this aspect.

    But, for IE9, I suspect the false positive rate is at the same level of the other browsers for the SmartScreen component (responsible for 96% of the 99.2% IE9's detection rate in the NSS Labs study).

    As for the Application Reputation component (responsible for 3.2% of the 99.2% IE9's detection rate in the NSS Labs study), it will depend in what you classify as a false positive. After all, information about a download not being so common isn't false even if the download happens to be clean of malware traces.

    NSS Labs somewhat managed to test them independently, which I couldn't do here:
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Good stuff.

    Thanks.
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    What are they doing, releasing the same report over and over, just changing the date? This is the second time in like a month, month and a half maybe? I'm all for MS being that good, honestly, but one can only see so many NSS/MS reports before you stop caring. In my view it's starting to look like MS is scared to death that IE 9 is failing (in a way it is, actually. It never did "catch fire"). I've always wondered about the whole NSS/MS thing anyway. Any time a glowing review of IE security shows up, the NSS name is right there on it. Not that I think IE 9 is crap, just that, eh, whatever, I couldn't care less, lol.
     
  6. Narxis

    Narxis Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    477
    Agree... and you can't find NSS Labs in A.M.T.S.O(Anti-Malware Testing Standards Organization).
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    They are testing a browser, could that really be classed as an anti-malware product? On top of that, the 3 top posted malware testing companies on these forums (AV-C, AV-TEST, PCSL) aren't listed under AMTSO but lots of people swallow those results.

    Only 3 tests this year, less than AV-C: http://www.nsslabs.com/research/endpoint-security/browser-security/
     
  8. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Check again!
     
  9. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Maybe you can be more specific than that? :ouch: I don't see any of those 3 listed.

    edit: I see, PCSL goes by "PC Security Labs", now what about the 2 big boys? Why aren't they there?
     
  10. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I only wanted to point out that PC Security Labs was listed, that's all.

    But one can wonder why AV-C isn't there. :doubt:
     
  11. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    Well tell me what is wrong with that? New malware and their variants are being created every day, therefore it makes sense that a testing company tests regularly browsers and security products. To me, that's the only way to go in order measure efficacy and efficiency when threats are being constantly created and updated.

    So what is your point again? Do you actually mean that they are biased? My own testing confirms their results. As a former Firefox user I can say that IE9 is the best browser for malware protection, period.

    Thanks. ;)
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Having tried to test malware on a VM with IE9 I can attest to how many it blocks =p I had to download Chrome just so I could download malware.
     
  13. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    No, I don't think NSS is all that biased, my thought is that MS is using them as a marketing department.
     
  14. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I wonder how it would do sans Sandboxie, seeing as how Sandboxie cripples Browsing Protection? I'm not asking that to make a point about Sandboxies' protection, I'm simply wondering how well it would do with a default sandbox that doesn't have all the tight settings applied.
     
  15. siberianwolf

    siberianwolf Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    516
    well done, billy boy. :thumb:
     
  16. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Sandboxie cripples browsing protection?
     
  17. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Yes it does, Protected Mode. That's why I wondered if IE 9 would be so robust in that sort of scenario.
     
  18. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    One would assume that in that case Sandboxie is taking over the role of security against exploits.

    But in this case, I don't see how Sandboxie really comes into play with what is in essence a domain black/rep list.
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Protected mode just runs it at LI. Why would Sandboxie mess with that?

    Honest question, I don't have a lot of experience with sandboxie.
     
  20. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    But in an "out of the box", sandbox, it won't do much protecting, as everything is allowed to run. By the way, the topic is discussed (well, brushed aside really) here: http://www.sandboxie.com/phpbb/viewtopic.php?t=10100&sid=8270b61e9d64b601ff6552c5a7b00457.

    Note I'm not trying to start a discussion on whether this makes sandboxie good or bad, only curious as to how disabling Protected Mode would affect IE 9's supposedly superior malware blocking.
     
  21. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Strange that it shuts it off.
     
  22. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Per a much older thread: http://www.sandboxie.com/phpbb/viewtopic.php?t=3753, it seems as if Protected Mode is a sandbox of sorts itself, so therefore sandboxie isn't compatible with it..though I'd hardly call Tzuks' description of it an actual sandbox..so I'm not quite convinced as to why it would shut it off.
     
  23. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Protected mode is sandboxing the way that integrity is sandboxing. I don't see why low integrity would mess with it.

    Chrome runs in protected mode as well, it just can't be toggled.
     
  24. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    If these results are valid, they're not useful to those still using Windows XP who can't get IE9.
     
  25. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    But I think we can agree that XP is the dieing minority. Didn't it just recently drop below the global 50% mark?
     
Loading...
Thread Status:
Not open for further replies.