NSS Labs Browser Report Says IE Is the Best, Google Disagrees 205
adeelarshad82 writes "Independent testing company NSS Labs recently published a report on the ability of popular browsers to block socially engineered malware attack URLs. The test, funded by Microsoft, reported a 99 percent detection rate by Internet Explorer 9 beta, 90 percent by Internet Explorer 8, and 3 percent by Google Chrome. However, Google doesn't entirely approve of this report's focus and conclusions. According to Google not only didn't the report use Chrome 6 for the tests, the current version is Chrome 8; it also focused just on socially engineered malware, while excluding vulnerabilities in plug-ins or browsers themselves. Google defended its browser by claiming that it was built with security in mind and emphasized protection of users from drive-by downloads and plug-in vulnerabilities."
Huh? (Score:2, Insightful)
Google is complaining that a report on socially engineered attacks is only focused on socially engineered attacks? And they're whining that a study done back when Chrome 6 was the most recent release doesn't mention Chrome 8, which is currently the most recent release? Seriously?
Re:Socially engineered attacks ARE a huge problem (Score:5, Insightful)
The test, funded by Microsoft
That says it all.
Great example (Score:2, Insightful)
Looks like the test was a perfect example of social engineering.
Re:Socially engineered attacks ARE a huge problem (Score:5, Insightful)
What was even being tested? (Score:5, Insightful)
Re:Socially engineered attacks ARE a huge problem (Score:1, Insightful)
Do you value the "UL Listing" on electrical gear that you buy? I certainly take that as an assurance that stuff won't just randomly catch fire. All UL Listed testing is paid for by the vendor - and vendor-paid testing is normal in the real world.
This test may be a crock, but you can't just assume that from the fact that MS paid for it. The simple fact is: anyone competent to test browser security probaly has a strong opinion about MS, and pretty much anyne will have a reason to be biased. The professionalism of the tester is what matters, not the existance of a reason to be biased.
Re:Socially engineered attacks ARE a huge problem (Score:5, Insightful)
UL is to test your products for saftey, this is a *comparative* test against several competing products for quality.
Apples, meet Oranges, meet troll.
Re:Socially engineered attacks ARE a huge problem (Score:1, Insightful)
The report is almost useless because it has compared the latest stable and dev releases of IE with versions of Firefox and Chrome that are years old.
To use a car analogy, it is comparing the safety features of a '10 Chev Corvette and a 1970 Chev BelAir. I would be embarrassed if the company I worked for released such a report.
Re:Funny definition of Independent (Score:4, Insightful)
Re:Socially engineered attacks ARE a huge problem (Score:5, Insightful)
The test, funded by Microsoft
That says it all.
And the response from google criticizing it was by someone right on google's payroll representing google's interests. I guess we can ignore their criticism then too?
Or perhaps we should let the work stand for itself, evaluate the methodology, strip away the marketing spin, and come away with some nugget of truth, regardless of who funded it. Of course that's "work".
Re:It's Clear to Me Why They Waited (Score:3, Insightful)
Re:Socially engineered attacks ARE a huge problem (Score:4, Insightful)
This is totally different.
In this case, the tester tested two products and rated one "99%" and one "3%" against some standard.
The key difference is that UL tests against a pre-existing standard. Not a standard that they made after looking at the product. UL can't customize their test to make one product look better or worse.
The methodology might have been totally bogus (no idea), but the act of paying for the test isn't automatically so.
The act of paying for a test to be designed for you, or a test you designed ahead of time to make your product look good, is bogus. Paying to have a test executed for you is not bogus. One is independent, the other is not.
Re:Who cares? Not Joe six-pack... (Score:3, Insightful)