Posted on 07/18/2011 8:39:44 AM PDT by for-q-clinton
The in-house reputation system used in Internet Explorer 8 and 9 is markedly superior at blocking social-engineering attacks than the Google equivalent used by Chrome, Firefox, Apple’s Safari, an independent test by NSS Labs has found.
Rating the browsers against a sample set of European malware URLs over 19 days in April, IE 8 achieved a mean block rate of 90 percent, leaving Chrome 10, Firefox 4 and Safari 5 in the dust on 13 percent each. Opera, which uses technology from antivirus company AVG, came in last on 5 percent.
When assessing IE 9 with application filtering turned on, the results were even more dramatic, taking that version to a mean blocking rate of 100 percent.
Internet Explorer’s positive showing appears to be thanks to two embedded technologies; Smartscreen URL Filter, a cloud-based system that checks URLs against a master database. This is present in both IE 8 and 9 and seems to work more or less identically in both.
In addition, IE 9 has added a second system, SmartScreen Application Reputation which on the basis of this test offers browser users a remarkably effective level of download block protection. Chrome, Firefox and Safari all use a rival URL checking system, Google’s Safe Browser Feed, which as previous NSS Labs tests have suggested, is now falling some way behind.
“The significance of Microsoft’s new application reputation technology cannot be overstated. Application Reputation is the first attempt by any vendor to create a definitive list of every application on the Internet,” the authors conclude.
“Browsers provide a layer of protection against socially-engineered malware, in addition to endpoint protection products; as this report shows, not all are created equal. The overall lower protection offered by Firefox, Safari, and Chrome is concerning.”
An extra but important dimension also tested was the ‘average response time to block malware’, basically the time it took each browser to add a problem site to the block list once it had been fed in to the test by NSS Labs.
Again, IE 9 with Application Reputation enabled gained a perfect score, adding a site without any delay, the only browser to manage such a feat. Interestingly, however, without the Application layer, IE 8 and 9 sank down the table, taking nearly 14 and 16 hours respectively, behind Safari’s five hours, Chrome’s nearly seven hours, and Firefox’s 8 hours.
Block time is worth paying attention to because the longer protection takes to be activated, the longer the window of possible exposure.
The limitation of the report is that it is only measuring one dimension of the threat users face when using browsers, that of attacks where the user can be tricked - ‘socially-engineered’ in security parlance - into downloading malware. This compares with what are called ‘drive-by’ attacks that seek to exploit specific vulnerabilities in software and which require no user intervention.
Which is more dangerous is a matter of debate although NSS Labs references a separate study by AVG that found socially-engineered attacks to be the most likely way for malware to find its way on to a user’s PC.
A social engineering attack has the advantage that it recruits the user to agree to a download event thereby potentially bypassing Windows controls such as User Access Control (UAC) and even the warnings of antivirus software. A drive-by attack, especially one manipulating a zero-day flaw, can sneak on to the PC without any of these defences being aware but requires more engineering effort to work.
The claim that socially-engineered attacks are the more significant doesn’t entirely accord with the admittedly patchy evidence that exists on the subject.
A recent and revealing assessment by Qualys using its Browsercheck tool found that large numbers of browser users routinely run out-of-date plug-ins for interfaces such as Flash Adobe Reader and especially Java. Many of these have significant flaws that can be attacked by drive-by exploits.
It could be that both sides of this coin – social-engineering attacks and drive-by attacks – are equally perilous but in different ways.
A final qualification is that the test was conducted on Firefox 4, since supplanted by the rapid-development replacement, version 5.0, likewise Google Chrome, which has reached version 13. The URL-filtering systems used by these are, however the same as in the previous versions so would be unlikely to make a difference to their blocking performance.
ShadowAce:
Tech Ping Please.
Swordmaker:
Since Safari was mentioned I thought I’d ping you as well, but not really a direct apple topic. Your call if you want to ping the apple list.
It sounds like IE is the browser for those stupid enough to click on every link and popup that presents itself on the screen.
Curious that they used the most recent version of IE against an older version of Firefox. Firefox 5.0, the current version, is reputed to have improved security features.
This sounds like another Microsoft sponsored test from these people.. similar to their LAST test that said somethign similar. Just because a company calls themselves the “leading trusted independent authority” don’t make it so. These guys are shills for M$. I’m sticking to Google with Adblock and Noscript add-ons. I’ve not had a single problem for years with this combo.
Firefox 5 came out a couple of weeks ago and the article said they ran the comparison in April. You can’t compare what isn’t there yet.
It says at the end. FF 5 was still in beta at the time of the test.
So, 95% of Internet users...;)
ZING!
If you can’t win in one category, find a category you can rank #1!
Done!
probably because the test was set before they could get firefox 5. Isn’t FF5 fairly new? But the article does address that and says ff5 uses the same engine for this feature.
I resemble that remark!!! [smile]
To echo Oddball from Kelly's Heroes ...
"Oh, man, I just ride in 'em. I don't know what makes 'em work ..."
They suck at brainwashing the ecosystem, so the had to find something else.
Got any proof or are you just saying that to make IE inferior in your mind?
But even if they are shills it still doesn’t dismiss their findings.
Rule #1 of the internet is that you never, ever download an application that a web-site says you should, such as those pop-ups that say your computer has been infected with a virus.
That's social engineering. The claims here are that IE9 is the best at blocking a socially engineered application after you've clicked the "Yes" button to have such an application "scan your computer for viruses".
So, the "New and Improved" IE9 is supposed to save stupid people from themselves.
My two cents on this issue:
I am a firm believer that the best way to protect your computer and yourself from viruses, malware, phishing scams and other general internet nastiness, is to think twice before clicking on ANY unknown link.
This even includes email from trusted friends and family, especially the sort of email that has a chain of addresses a mile long (I never click on anything in these messages). This general rule also applies to any email from a bank, any website where you might have an account (Hotmail, Google, Yahoo, etc.), your favorite web store, or ANYTHING else that informs you that you need to update your information by clicking on a link from the email.
By being sensible and careful, along with using a good anti-virus/internet security software package, you have a much better chance to avoid these problems.
I wonder whether they were actually blocked, or if they just hadn’t opened by the time the test concluded. 19 days isn’t a lot of time for ie to open many pages.
IE isn't inferior in my mind, it is inferior in fact. Anyone can cherry pick results to make a report say anything they want, especially with the testing is sponsored by the guy who you determine is the best. Ask any serious web programmer and you'll find it fairly consistent that IE does not
1 - comply with standards
2 - is highly inefficient with rendering Javascript
3 - tries to set their own standards in order to make others comply with them.
Here's a related article which is a little less biased than the press release.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.