PDA

View Full Version : IE Wins Malware-Blocking Tests



Teh One Who Knocks
07-17-2011, 06:31 PM
By John E Dunn, Techworld.com


http://i.imgur.com/28dPz.jpg

The in-house reputation system used in Internet Explorer 8 and 9 is markedly superior at blocking social-engineering attacks than the Google equivalent used by Chrome, Firefox, Apple's Safari, an independent test by NSS Labs has found.

Rating the browsers against a sample set of European malware URLs over 19 days in April, IE 8 achieved a mean block rate of 90 percent, leaving Chrome 10, Firefox 4 and Safari 5 in the dust on 13 percent each. Opera, which uses technology from antivirus company AVG, came in last on 5 percent.

When assessing IE 9 with application filtering turned on, the results were even more dramatic, taking that version to a mean blocking rate of 100 percent.

Internet Explorer's positive showing appears to be thanks to two embedded technologies; Smartscreen URL Filter, a cloud-based system that checks URLs against a master database. This is present in both IE 8 and 9 and seems to work more or less identically in both.

In addition, IE 9 has added a second system, SmartScreen Application Reputation which on the basis of this test offers browser users a remarkably effective level of download block protection. Chrome, Firefox and Safari all use a rival URL checking system, Google's Safe Browser Feed, which as previous NSS Labs tests have suggested, is now falling some ways behind.

"The significance of Microsoft's new application reputation technology cannot be overstated. Application Reputation is the first attempt by any vendor to create a definitive list of every application on the Internet," the authors conclude.

"Browsers provide a layer of protection against socially-engineered malware, in addition to endpoint protection products; as this report shows, not all are created equal. The overall lower protection offered by Firefox, Safari, and Chrome is concerning."

An extra but important dimension also tested was the 'average response time to block malware', basically the time it took each browser to add a problem site to the block list once it had been fed in to the test by NSS Labs.

Again, IE 9 with Application Reputation enabled gained a perfect score, adding a site without any delay, the only browser to manage such a feat. Interestingly, however, without the Application layer, IE 8 and 9 sank down the table, taking nearly 14 and 16 hours respectively, behind Safari's five hours, Chrome's nearly seven hours, and Firefox's 8 hours.

Block time is worth paying attention to because the longer protection takes to be activated, the longer the window of possible exposure.

The limitation of the report is that it is only measuring one dimension of the threat users face when using browsers, that of attacks where the user can be tricked - 'socially-engineered' in security parlance - into downloading malware. This compares with what are called 'drive-by' attacks that seek to exploit specific vulnerabilities in software and which require no user intervention.

Which is more dangerous is a matter of debate although NSS Labs references a separate study by AVG that found socially-engineered attacks to be the most likely way for malware to find its way on to a user's PC.

A social engineering attack has the advantage that it recruits the user to agree to a download event thereby potentially bypassing Windows controls such as User Access Control (UAC) and even the warnings of antivirus software. A drive-by attack, especially one manipulating a zero-day flaw, can sneak on to the PC without any of these defences being aware but requires more engineering effort to work.

The claim that socially-engineered attacks are the more significant doesn't entirely accord with the admittedly patchy evidence that exists on the subject.

A recent and revealing assessment by Qualys using its Browsercheck tool found that large numbers of browser users routinely run out-of-date plug-ins for interfaces such as Flash Adobe Reader and especially Java. Many of these have significant flaws that can be attacked by drive-by exploits.

It could be that both sides of this coin -- social-engineering attacks and drive-by attacks - are equally perilous but in different ways.

A final qualification is that the test was conducted on Firefox 4, since supplanted by the rapid-development replacement, version 5.0, likewise Google Chrome, which has reached version 13. The URL-filtering systems used by these are, however the same as in the previous versions so would be unlikely to make a difference to their blocking performance.

redred
07-17-2011, 06:54 PM
so does any one here use IE?

PorkChopSandwiches
07-17-2011, 07:03 PM
May be time to start

DemonGeminiX
07-17-2011, 07:32 PM
so does any one here use IE?

Yes. ;)

Teh One Who Knocks
07-17-2011, 07:43 PM
I use it too sometimes :)

Goofy
07-17-2011, 08:22 PM
May be time to start

Not enough free add-ons available.......... i wont be leaving Firefox any time soon :)

samarchepas
07-17-2011, 10:17 PM
IE has been off my list for the last 10 years...and it's going to stay that way :lol:

Godfather
07-17-2011, 10:17 PM
Interesting :-k I'm a Firefox guy but maybe I should see what the newest IE has to offer

minz
07-17-2011, 10:19 PM
I use IE on the laptop but firefox on the desk top.

samarchepas
07-17-2011, 10:24 PM
For me, running Linux on 3 computers here...IE is out of the question! :lol:
BTW, it's only a matter of time before hackers make those tests "inaccurate" :lol:

Softdreamer
07-17-2011, 11:46 PM
I use IE for pages that I know crash Firefox, that way I dont lose my other 3 windows and 10 tabs just cause one window doesnt like one page.

Southern Belle
07-17-2011, 11:52 PM
I don't plan to use IE any time soon. I don't have problems with FF.

samarchepas
07-17-2011, 11:57 PM
Been using Chrome for over a year...works perfectly for me.

Southern Belle
07-18-2011, 12:22 AM
I haven't tried Chrome yet. One of my nephews has been using it for quite a while. It's just easier to stay with the familiar.

samarchepas
07-18-2011, 01:33 AM
I haven't tried Chrome yet. One of my nephews has been using it for quite a while. It's just easier to stay with the familiar.

It's the EXACT opposite for me! :lol: I like to explore and try new things.My parents use it too, easy to use once you get to know it.

Dragoness_Cutie
07-18-2011, 04:26 AM
Been using Chrome for over a year...works perfectly for me.
Same here. Though I do find it intriguing that IE has stepped up the malware blocking. I hope the other browsers follow suit. Though I have to admit, I have very little issues with Chrome, personally.


I haven't tried Chrome yet. One of my nephews has been using it for quite a while. It's just easier to stay with the familiar.
It's similar enough to FF that it would be an easy transition for you. I find it to be faster than FF most of the time, although some websites don't show up properly with it.

samarchepas
07-18-2011, 06:56 AM
Chrome IS faster :lol: and the whole IE malware blocking issue...we are still talking about a browser BANNED in some countries (It was banned in Windows 7 for Europe)Malwares are one thing...and leaving backdoors is another.

PorkChopSandwiches
07-18-2011, 03:13 PM
I use Chrome as well

redred
07-18-2011, 04:46 PM
and me

Pony
07-21-2011, 09:58 PM
As many firefox users also have adblock and noscript add ons, I'd like to see a comparison of that against IE. Good for MS though for finally securing their swiss cheese browser. :thumbsup:

Softdreamer
07-21-2011, 10:00 PM
I liked it when IE was swiss cheese..

Not getting any warnings from your anti-virus makes you get paranoid that its even working.

Pony
07-21-2011, 10:05 PM
:mrgreen:

Teh One Who Knocks
07-21-2011, 10:32 PM
As many firefox users also have adblock and noscript add ons, I'd like to see a comparison of that against IE. Good for MS though for finally securing their swiss cheese browser. :thumbsup:

I think that's the purpose of this comparison though, they are comparing the browsers 'out of the box'

samarchepas
07-22-2011, 02:59 AM
Out of the box...I don't know about you guys (and gals) but the very first thing I do when changing/installing a new browser is get the right addons/extensions for it :lol:

Deepsepia
07-22-2011, 07:41 AM
Interesting :-k I'm a Firefox guy but maybe I should see what the newest IE has to offer

Microsoft really have been trying harder lately. IE ain't bad, and Bing doesn't suck.

Pony
07-22-2011, 01:20 PM
I think that's the purpose of this comparison though, they are comparing the browsers 'out of the box'

Yea, I know. I just would have liked to have seen how secure FF is with ABP and NS.

redred
07-22-2011, 02:34 PM
I liked it when IE was swiss cheese..

Not getting any warnings from your anti-virus makes you get paranoid that its even working.

i remember the days of being able to view anothersite without the malware warnings when all the other browsers were stopping it :lol:

fricnjay
07-22-2011, 04:29 PM
I wonder if this test included addons for Firefox like noscript, adblocker and so on. :-k

I read no mention of them so I would assume no and if thats the case the test was inaccurate in my opinion.

Teh One Who Knocks
07-22-2011, 04:32 PM
I wonder if this test included addons for Firefox like noscript, adblocker and so on. :-k

I read no mention of them so I would assume no and if thats the case the test was inaccurate in my opinion.

How does that make the test inaccurate? This test was browser vs browser, not browser vs browser with 3rd party software added to it.

fricnjay
07-22-2011, 04:56 PM
But thats part of what makes that browser. The fact that Microsoft chooses not to do it is irrelevant. Besides Microsoft has added their own "addons" mentioned in the article; Smartscreen URL Filter, SmartScreen Application Reputation and application filtering. And from what I read they do what some of the Firefox addons do. So either test apples to apples or dont publish the results like this. And by this I mean just because Microsoft does not call it an "addon" does not mean there is not an equivalency to one.