Study finds Internet Explorer to be malware blocking king

Discussion in 'other anti-malware software' started by lordraiden, Sep 28, 2012.

Thread Status:
Not open for further replies.
  1. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081
    http://www.ghacks.net/2012/09/28/study-finds-internet-explorer-to-be-malware-blocking-king/

    https://www.nsslabs.com/reports/your-browser-putting-you-risk-part-1-general-malware-blocking
    https://www.nsslabs.com/reports/your-browser-putting-you-risk-part-2-click-fraud

    Related, new SmartScreen in windows 8
    http://www.howtogeek.com/123938/htg-explains-how-the-smartscreen-filter-works-in-windows-8/
     
    Last edited: Sep 28, 2012
  2. carat

    carat Guest

    Well done IE but FF with some security addons would be securer. :)
     
  3. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    693
    Location:
    Hogwarts.
    Couldn't agree more
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Anyone think it's just a coincidence that NSS Labs only seems to release studies on the things that Internet Explorer excels at? And that every time they do the research shows IE not just 'slight'y ahead but by an incredibly wide margin?

    Key information from the link:
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    That completely defeats the point of having the browser do it. You can also install IE addons to make IE even MORE secure, thereby beating Firefox with addons, but both browsers will be take hit in speed, resource consumption, and security.

    The point here is that IE is better at protecting at these kind of attacks by default. Install whatever addons you deem necessary to make your browser catch up to IE, but it will not be as efficient as using the browser by itself.

    The same argument as we've seen before on these forums. But this time it's different, apparently:

    http://thenextweb.com/microsoft/201...ocks-95-threats-google-chrome-blocks-just-33/
     
  6. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Opera wasn't tested in this group?
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I read that. It just seems like quite the coincidence that they focus on the things IE excels at.
     
  8. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    That's all well and good but its IE at the end of the day so bleh.

    To me, its all about a users personal preference. If they want to use IE based upon this study then go for it.

    If someone prefers Firefox or Chrome with add-ons then so be it. IE blocks to many things in my opinion by default, which is one of the many reasons I choose not to use it.
     
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    At least we know that IE9 excel in something.... otherwise the image given to IE is often "... avoid it.. its a peace of ju..."
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
  11. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    IE is completly unusable with trackpoint. It has no smooth scrolling -- plz don't tell me that this option can be enabled because it enabled. Chrome, FF and Opera have no problems.
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Exploits are a completely different topic of discussion. This topic is basically about the effectiveness of SmartScreen (in summary), and how well Microsoft a) maintains it and b) reacts to new sites. The article clearly points out how short a lifetime this websites have, so Microsoft's reaction time is critical.

    Yeah... Microsoft has proven to excel at many things including hardware acceleration, I myself have posted the links to their various blog posts, but don't let the inconvenient facts cloud your hating.

    But you raise a good point: will Microsoft ever shed this stigma that's associated with IE?
     
  13. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Regarding your first point: I don't think so. FF, for example, with NoScript alone (screw everything else)... I don't see how you could possibly make IE safer no matter what you did with it.

    Regarding your second point: These addons actually make FF "more" efficient, not less, since it stops a bunch of junk elements from loading on your page. With NS, ABP & Request Policy the speed & efficiency of my browser is unquestionably better, not worse.

    A point of my own: IE has always been unresponsive and unstable for me. Even if it blocked 100% of all possible attack scenarios, I still wouldn't use it. And this attitude is the norm regarding anyone that's tried an alternate browser in their lifetime.
     
  14. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    Was this report prepared by summer interns? The extremely brief summary together with the mixing of significantly different types of detection makes it difficult to properly weigh. Lets consider just malicious URL checking for a second..

    AFAIK, this is in practice just a check to see if a URL or portion thereof matches an entry in a previously-detected-threat database. The actual assessment and detection of a threat has to have already occurred in order for this lookup to be of any value. The assessment itself is problematic due to the potential for only some browser instances to be able to access certain resources (login, IP Address, etc gating) and the more general case of serving up different content to different browser instances.

    It seems this NSS study is basically just an indirect study of how thoroughly and promptly the previously-detected-threat database is populated. Both Microsoft and Google can datamine email for suspicious URLs, run their own web scanners during or after search indexing, and acquire information from other companies. All of these browsers may have very primitive local anti-phishing checking features built into the browser which also contribute info to the Microsoft or Google database. However, Microsoft has its own AV software running on millions of machines. Assuming that software does something useful in terms of assessing the threat posed by web content at or behind URLs, that gives Microsoft a way to on its own promptly update its previously-detected-threat database.

    In order to understand how these browsers and the associated threat databases are performing when it comes to a specific thing like malicious URL checking, we would need statistics for that specific thing broken out. We would need to know the nature of the URL being checked (Is it for a webpage that includes malicious web content? Is it for webpage that merely has links to malicious files? Is it the URL of a malicious exe?) and which browsers/databases detected it as malicious and on what basis (the URL being in a database or the downloaded file hash being in a database, for example). Given the limited information in the NSS report, I don't see how we can get at this important information.

    Judging from the big step up in detection due to Chrome's malicious download scanner (was that added in 17, after a certain amount of testing had already been done?), I would think that a large percentage and probably a majority of the URLs being checked were to specific file downloads. Judging from Firefox's detection rate and steady time to block, I would think that Google wasn't feeding those known malware file URLs into the Safe Browsing API v2 database or at least didn't push the related data out to Firefox. On one hand I don't think that a big problem because no one should be relying upon this type of browser blocking to block malware programs (which may or may not arrive via the browser). That is what AV software is for. However, this could be used as an excuse to convert Firefox to the darkside where full URLs and a GUID are sent to Google.
     
  15. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Well, i knew IE was kinda safe but this is insane . . . :rolleyes:
    /Skeptical
     
  16. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Whatever! I don't use IE and wouldn't change my minds anyways.;)
     
  17. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    You don't *think* so? Heh, IE has scripting options built directly into the browser, as well as XSS protection / per-domain options ;)

    That has what exactly to do with malware prevention? Everything you've mentioned would be used to prevent exploits (NS) or advertisements (ABP). You need to think more on the lines of AVG and Bitdefender plugins that actually prevent these domains, and since they run in the addon system, use massive databases (and more recently, transmit visited URL data in unencrypted form lol...) you really will notice a slowdown, not a speedup.

    Yeah, and your attitude is the norm for anyone that hasn't tried IE in 10 years. :blink: But to each their own!
     
  18. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    I think NSS is using the term "malware" in a broad sense which could include pretty much any type of web retrieved file, inner content, or HTTP response that satisfies the "mal" part. Which would make sense considering they are testing things which block web requests for a multitude of reasons. They mentioned several categories or purposes of such malware and very many users would add to those. Common additions being scripts that drive third party tracking and profiling, very obnoxious active ads or other content that interfere with navigation and/or windows, pages or scripts that leak sensitive information to other sites, etc.

    From a broad malware (think "bad software" if it helps) point of view, NS blocking a java file, flash file, or embedded script that is part of an exploit attempt is performing a malware prevention function. ABP with custom or subscription filters blocking the request/execution of a javascript file that performs third party tracking is performing a malware prevention function. Request Policy blocking a site from performing unnecessary third party requests is performing a malware prevention function. NS, ABP, and RP provide protection capabilities that no AV addon will match. On the other hand, AV addons should be providing protection capabilities that NS, ABP, and RP aren't matching. Point is, they can all fairly be called anti-malware tools and blockers.
     
  19. tomazyk

    tomazyk Guest

    Nice to see IE is doing good in this test :thumb:

    I don't think that browsers balcklisting bad sites is an effective way to protect a user, but I guess it is a welcomed additional faeture to overall security. I hope that in time other browsers will follow up.
     
  20. Amin

    Amin Registered Member

    Joined:
    May 16, 2012
    Posts:
    437
    Location:
    UK
    i wish they devoted a little of their time on the IE's performance
    ie's performance always freaks me out ! i dunno what's wrong with it.

    ( the awkward moment when you accidentally open internet explorer.:D )
     
  21. Doraemon

    Doraemon Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    202
    When a browser can fix brains then we can talk about it. :D
     
  22. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    So NSS Labs needs funding, because MS used to sponsor their studies but no longer does. What to do, what to do? NSS Labs spends their own money in an attempt to get MS back onboard, and to grease that rail, they once again provide runaway scores for MS. Don't be surprised if we see in the near future that NSS Labs has once again obtained MS sponsorship. :shifty:
     
  23. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081
    It's not the first test showing that ie smart screen is much much better than the competence
     
  24. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    What other studies have shown so? Non-NSS studies.
     
  25. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081
    https://www.youtube.com/watch?v=O94v1MdMcxk
    https://www.youtube.com/watch?v=fxqcY7TdbdQ
    https://www.youtube.com/watch?v=huhOy82XBPA
    http://www.brighthub.com/computing/smb-security/articles/56996.aspx
    google, youtube and my personal testing comparing it with firefox which doesn't block almost anything.
    It's a fact that smartscreen is better than the competence, but it's very easy to say without any proof that NSS is cooking the results.
     
Loading...
Thread Status:
Not open for further replies.