Internet Explorer has big advantage over other browsers?

Discussion in 'other anti-malware software' started by aigle, Sep 6, 2009.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I think the Smart Screen filter of IE is a big plus over altrrnative browsers, for an average user.

    I just tried it with a single malware link to see how it acts. No other browser( Opera, Iron) gave any useful alert. :thumb: ]

    What do you people think about this feature?

    1.jpg 2.jpg
    3.jpg
     
  2. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    I think IE8 had some mayor positive changes I really like.
     
  3. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Thanks for the testing yet again aigle, this is good to see.

    I don't use IE but with Google muscling in on the Browser and OS market touting security, MS really needs to be innovative and fight back with applications that are faster, more secure and feature rich than ever before.

    I wonder how this "Smart Screen Filter" works with applications that use the IE engine, i assume they would inherit IE's settings.

    Hmm ok just tried to test it with the same URL, i was prompted with a download box for the exe. Maybe i don't have the screen filter setup right, i will have to look in to it.
     
  4. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,296
    Location:
    England
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi aigle,

    Can you go directly to primemovier.net without the link to the .exe?

    Any browser will prompt for a download to a direct link to an .exe,

    bot-exe.gif

    and careful people would scan an untrusted .exe -- this one is caught by 31/40 AV.

    It's impressive that this malware file is flagged by the browser. The weakness, of course, is that flagging depends on a recognized signature.


    ----
    rich
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I agree with you but we all know ordinary users might make a blunder every now n then.

    I really like it for ordinary users.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Try saving the download to your disk and then you will get the prompt.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I get nothing.
     

    Attached Files:

    • s.png
      s.png
      File size:
      27.4 KB
      Views:
      775
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi aigle, I'm referring to going to primemovier.net with IE8.

    ----
    rich
     
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I also agree, but I noted that it is a signature-based protection, which as you know is not reliable in the early stages of exploits. The file bot.exe is in most of the AV databases already.

    ----
    rich
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Will try and report back.
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Same with IE8 on Win7. On XP I have IE6.
     
  13. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi aigle,

    Can you access primemovier.net with IE8 and post a screen shot as you did when using Opera?

    thanks,

    ----
    rich
     
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    here Rmus,
     

    Attached Files:

  15. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks, trjam, so it's clear that IE8 is not responding to the site, as a site analyzer would do. Rather, to the malware bot.exe itself.

    I was not clear on that at first: from the screen shot of the IE8 alert it appears that IE8 has flagged the site for malware and other bad links.

    ----
    rich
     
  16. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Yes it's detecting the actual exploit.

    This is good news, many applications i use utilize the IE rendering engine for functionality. From the testing i've done they are inheriting Smart Screen Filter setting.

    Good news indeed. Although, as a website owner i wonder how long Microsoft will take to respond to any incorrect flaggings. For arguments sake, lets say the Sandboxie download got flagged as unsafe making visitors believe it's malware and hence impacting the softwares sales until it's fixed.

    But all up it's impressive, and i hope it works out well.
     
  17. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    to play devils advocate ,couldn't the average user could just ignore the warning , they way they ignore the download/ run prompt in other browsers :)

    Best solution is would be to tell users not to click ok to any prompts during a browsing session , and close any prompts with the windows key combo.
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Warning is very clear that any one can understand and there is only one Deny button. Ignore option is not so much obvious. IMO it,s very well designed.
     
  19. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    yes its well designed, but im confident opera and firefox have a very similar system for blocking bad sites.
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Not at all. It,s not site blocking feature of IE. It,s scanning of downloads with a malware signature data base. No such feature exists in any other browser ATM.
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    IE8 here gives alert only when you download and save the file.
     
  22. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    in my opinion MSC might not make any difference as for as browser downloads are concerned as signature data base might very well be the same.
     
Loading...
Thread Status:
Not open for further replies.