Forgot your password?
typodupeerror
Internet Explorer Microsoft Security IT

IE 9 Beats Other Browsers at Blocking Malicious Content 235

Posted by Unknown Lamer
from the slid-into-the-wrong-universe dept.
Orome1 writes with an article in Net Security. From the article: "Microsoft's Internet Explorer 9 has proved once again to be the best choice when it comes to catching attacks aimed at making the user download Web-based malware. This claim was made by NSS Labs in the recently released results (PDF) of a test conducted globally from May 27 through June 10 of the current year, which saw five of the most popular Web browsers pitted against each other. Windows Internet Explorer 9, Google Chrome 12, Mozilla Firefox 4, Apple Safari 5, and Opera 11 were tested with 1,188 malicious URLs — links that lead to a download that delivers a malicious payload or to a website hosting malware links."
This discussion has been archived. No new comments can be posted.

IE 9 Beats Other Browsers at Blocking Malicious Content

Comments Filter:
  • Lynx is safer still. Some of the browsers for Emacs are fairly secure, too.

    • by Nimey (114278)

      How secure can Emacs be with all that malicious Lisp code floating around?

      • As a Discordian, aren't you bound by religious law to defend the honour of the Lambda Calculus?
      • by obarel (670863)

        I am the psychotherapist. Please, describe your problems. Each time
        you are finished talking, type RET twice.

        How secure can Emacs be with all that malicious Lisp code floating around?

        Are you sure malicious lisp code floating around?

    • While Lynx is probably very secure right now, it has seen a security hole or two: https://secunia.com/advisories/product/5883/?task=advisories [secunia.com]

      Just because it is a text browser with very little features doesn't necessarily make it safe, although the chances for a vulnerability are lower under the *same* conditions.

  • I almost believed this story, then, with my superior intelligence (as shown by my browser, Opera) I realized that this story is probably pulled out someone's ass.

    • by Errtu76 (776778)

      Nice reference :)

    • Re:Nice try (Score:5, Insightful)

      by mckinnsb (984522) on Tuesday August 16, 2011 @04:59PM (#37111874)

      If by "pulled out of someone's ass" you mean "they engineered the test to perform best with Internet Explorer 9", then completely.

      The main center-point of this test was evaluating a "cloud based trust ranking algorithm". But the study provides no evidence that these algorithmns exist in any of the browsers; its a simple assumption which is likely false (especially when you look at the graphs). What the graphs are really showing is the performance of each browser's black list versus a set of URLs they selected, and not randomly.

      If you look at the graphs themselves, they actually don't show the action of any algorithm (which would likely linearly increase or show volatility); in fact, IE9 (With App Rep) is simply a straight line. It's pretty clear that the URLs they used were already in the black list before hand, and that straight line is a continual rejection of them.

      Testing a browsers ability to 'blacklist' websites is fine, I guess, but my first problem with this study is that's not the only way to measure 'security'. My second problem is that there's no evidence that the browsers themselves actually perform this activity, making the tests in the study feel like "studying the maximum (flying) climb speed of humans, rats, horses, and bats". My third - and the most troubling - problem is that they don't provide any information as to how these lists were obtained. They only say they tried to "mix URLs so as to make sure that certain domains were not overemphasized", and "NSS Labs operates its own network of spam traps and honeypots.", in addition to "In addition, NSS Labs maintains relationships with other independent security researchers, networks, and security companies,".You can assume without being overly bold that this list could have been a list of URLs that they knew IE would block. Conversely, you could probably easily design a similar test that would have Chrome at 100% block rate, and IE 9 at 10% - it's merely a measure of "what sites were in our test pool that are also in the browser's black list"

      Pffft.

      • If by "pulled out of someone's ass" you mean "they engineered the test to perform best with Internet Explorer 9", then completely.

        Studies have shown that random detritus pulled out of someone's ass performs best on IE9!

      • but my first problem with this study is that's not the only way to measure 'security'.

        Exactly correct. Indeed, if you read the first footnote of the report, you will see,

        Note: This study does not evaluate browser security related to vulnerabilities in plug-ins or the browsers themselves.

        The study does not evaluate the security of the browsers themselves.

    • I almost believed this story, then, with my superior intelligence (as shown by my browser, Opera) I realized that this story is probably pulled out someone's ass.

      Someone with superior intelligence probably would've remembered the correlation between browser usage and IQ was shown to be an elaborate hoax [digitaljournal.com].

      (Yes I know you weren't being serious, but feel free to "whoosh" anyway)

  • by Anonymous Coward on Tuesday August 16, 2011 @04:44PM (#37111652)

    MSIE got the highest "malware detection rate" because they used it in a mode where nearly every page is marked as "dangerous". It had the highest detection rate but also the highest false positive rate.

    If I sit at the airport saying "that plane is going to crash" for every plane that takes off, and eventually get it right, that doesn't mean I'm able to predict which planes are going to crash (even though I got "100% of the crashes" right)...

    • Re: (Score:2, Informative)

      by RKThoadan (89437)

      Finally! A legitimate complaint about the study. I was beginning to doubt we could do anything other than beat our chests and say "MS BAD!" Kudos to you!

    • If I sit at the airport saying "that plane is going to crash" for every plane that takes off, and eventually get it right, that doesn't mean I'm able to predict which planes are going to crash (even though I got "100% of the crashes" right)...

      I don't think you'll be allowed to sit there long enough to make your scenario statistically likely.

      As a matter of fact, I doubt you'll get the chance to observe more than one plane taking off.

    • Is IE9 safer than Firefox + NoScript running on a non-Windows operating system that's less targeted by malware authors?

  • by thoromyr (673646) on Tuesday August 16, 2011 @04:49PM (#37111724)

    Of course, when your methodology is that only the bare browser configuration is allowed (e.g., no AdBlockPlus, no NoScript) and you carefully select the malware URLs (obtained from "honey pot" email addresses and then filtered, and then "prune out non-conforming URLs" -- without fully specifying what made them non-conforming) *and* require the malware URLs to be live for at least 6 consecutive hours it gets a lot easier to massage the results. To further exaggerate results not only does a "hit" increase the score but a "miss" decreases it to magnify the difference.

    This is the same song as they sang about IE8 with the same, predictable, results. Microsoft didn't pay them a wad of money for this study for nothing.

    • To be fair I can imagine a lot of Firefox users not even knowing add-ons exist.
    • by cobrausn (1915176) on Tuesday August 16, 2011 @04:54PM (#37111810)
      What is wrong with testing the bare browser configuration? Aren't we trying to protect those who are most likely to download malware by accident, i.e., those who are also unlikely to install AdBlockPlus and NoScript?
      • by _0xd0ad (1974778)

        I don't care about them; I care about how secure my browser is, and my friends' and parents' browsers, which I've configured similarly to mine. As far as I'm concerned, even if the virus gets as far as downloading its executable, just as long as MSE stops it when they try to launch it I consider that a successfully thwarted attack.

        • I don't care about them; I care about how secure my browser is...

          Actually, I do care about them, but they aren't really relevant. Someone who doesn't know about extensions is not going to be reading studies about browser safety.

          The study should consider the audience. Anyone digging for information about browser security is going to know about noscript.

          Even if noscript wasn't one of the most commonly installed browser addon, an article about browser security should certainly discuss it. The .pdf with the results is 21 pages long, and doesn't even mention noscript, yet

      • by thoromyr (673646)

        Ah, so you ignore the rest of their methodology because it was clearly indefensible?

        If the study was really aimed at identifying browser security then a NoScript enabled browser *should* be part of the test. It would illustrate the difference between not using NoScript and using NoScript. It would illustrate the difference between IE9 and FF with NoScript. There are two problems with that:

        1. Due to their mechanism for grossly exaggerating minute variations, it would sink IE9 as being the run away favorite.

        • by cobrausn (1915176)
          I ignored the rest of the methodology because I didn't agree with it. I chose to defend the one point that I saw of value - testing unmodified browsers against each other. You know, the kind that non-geeks use. That's it. Anything else you are reading from my original post is imagined.
        • Since people don't tend to read the article (much less the NSS Lab's purchased findings that were mislabelled as a study)

          So did you read the study? Did you come across the following section?

          This report was produced as part of NSS Labs’ independent testing information services.
          Leading vendors were invited to participate fully at no cost, and NSS Labs received no
          vendor funding to produce this report.

          Actually, this is a running study, so it also reflects the speed by which the browser vendors update their respective reputation databases. Some 85 new urls were entered on average each day (after being confirmed as malware-serving urls) throughout the quarter. NSS releases these results each quarter.

    • by Nimey (114278)

      Your average luser isn't going to know about ABP or NS.

      Try again.

    • How do you know MS paid for this?

    • when your methodology is that only the bare browser configuration is allowed (e.g., no AdBlockPlus, no NoScript)...

      ... then you're doing it right. If Mozilla wants the benefit of extensions for studies, then merge them into the trunk. Because right now, neither ABP nor NoScript are part of Firefox. There's no reason that something testing Firefox should test those.

      • by Skuto (171945)

        Fair enough, but can we then stop bitching about upgrades breaking add-ons?

        Either add-ons are a critical feature of Firefox and deserve consideration in such a report, or they're not, and in that case their non-presence can't be a criticism. /. can't have it both ways!

        • It's fine with me, the only extension I use is Firebug, which incidentally is also terrible for benchmarks.

          This being said, in the past we've seen speed benchmarks showing Firefox out front, with everyone here complaining about memory leaks. At that point I was advocating running the benchmarks with the top 5 or so extensions installed since virtually no-one on Slashdot runs vanilla Firefox. Those results would probably be more illustrative about how "power users" run Firefox (and would decrease or eliminat

  • IE's idiot mode where it tells you "I'm sorry, Dave, I'm afraid I can't do that" might be better at keeping users off bad websites than other browsers, okay.

    Give me a study that shows the actual infection rate once you've visited the site; I'm betting that the scores would look different then.

  • IE 9 does not work with XP-the most used OS in the world.
  • Well IE9 HAS to be the best at "catching attacks aimed at making the user download Web-based malware".

    That's because only the most stupid web user (read: the most stupid 50%) click banners which go "OMG YOU MUST MAKE YOU COMPUTER FAST AND NOT HAVE VIRUZES NAO!". And yes...they are using Internet Explorer, because quite frankly, they aren't smart enough to spot that Chrome/Firefox are better than IE.

  • FF4 - How unfair! (Score:4, Insightful)

    by pseudorand (603231) on Tuesday August 16, 2011 @05:03PM (#37111912)

    Yet again another M$ sponsored study makes IE look better by using an ancient version of Firefox. FF4 is like way out of date. How dare they make such claims.

    • by vlueboy (1799360)

      LOL. Another one in a slippery rope of drawbacks to version inflation death: Even the studies that are supposed to praise you cannot honestly keep.

      FF6 was officially released *today*, making the results look ancient because we still expect a major number to last a full year or two for FF. Sadly, I couldn't find much web feedback of this "brand new" version in my native language (a nice way to avoid all the shills and paid reviewers so deeply ingrained in the English-US blogosphere). Zero feedback means I'd

      • by Skuto (171945)

        Malware/phishing protection in Firefox has been essentially unchanged since Firefox 2 received code to do this from Google using their SafeBrowsing service, and Firefox 3.5, 4, 5, 6, 7 and 8 will behave identical, the performance being determined by the Google service.

        I don't know of any active efforts inside Mozilla or by the community at large to improve it.

      • then again its testing chrome 12 too (hint: its very old) and IE10 is around the corner. you were saying?

    • by TxRv (1662461)

      There are a lot of problems with the study such as a small sample size, cherry-picking malware that IE does well against, lack of peer review, complete denial of the existence of layered security in the form of extensions or sandboxing, the complete lack of credibility of NSS labs, and the fact that Microsoft paid for the study. The versions used are not one of those problems. FF4 and Chrome 12 were the current releases at the time they tested the browsers. FF4 actually came out a few days after IE9. It's j

    • Ok I jest but seriously, FF 4 was current until about a month and a half ago. That a study was using it is unsurprising, it probably was current when they set up the study.

  • by Skuto (171945) on Tuesday August 16, 2011 @05:23PM (#37112126) Homepage

    1) The false positive rate of IE is very high. It should be obvious that if you give a lot of false warnings, users will disable or ignore the feature, making it worthless. IE already warns if you download something uncommon, for crying out loud.

    2) This "cloud based protection", tracking, among other things, popular downloads, means that info about visited URLs gets sent to Microsoft. There are privacy issues with such a system.

  • You try delivering malware through all those Javascript and CSS compatibility issues.
  • The choice is quite interesting ... Opera 11 dates back to 16.12.2010 and Safari 5 to 17.6.2010.

    Mozilla Firefox v4 entered the "end of life" on May 25, 2011.
    Chrome 12 dates back to 07.06.2011, but that's v12.0.742.

    Without proper version numbers all those tests are at least dubious.

    • by Yvan256 (722131)

      They tried to use recent version numbers but Firefox wasn't willing to tell them which version it was and Chrome had the time to go up three major versions by the time their download was done.

      • by hkmwbz (531650)
        Your comment isn't even making any sense. Tell them what? You're saying that NSS Labs is unable to read "About Firefox"? Geez, these NSS Labs people sure are incompetent.
  • Did anyone bother fixing the obnoxious memory leak that doubles the browser's footprint every 30 minutes?
  • If Google Chrome was found to be the best at blocking malicious content, no one would doubt this study.

    There is no reason why Microsoft can't have the safest browser on the market. If the Microsoft was smart, they would invest heavily in security to undo the years of damage IE6 caused to its reputation.

    This still could be a flawed study, but people shouldn't be so quick to judge just because Microsoft is the winner.

  • Apparently on Slahsdot, the scientific method has no merit when the result favors Microsoft somehow.

    Forget that these tests are repeatable, and can be independently conducted and verified most of the "OMG M$ SPONSORED MICROSOFT FAKE STUDY = ADVERT" crowd ignores this fact.

    How do you know how much M$ paid these people, anyways? Prove it. Like, with pictures. Better yet, maybe some shredded invoice numbers and accounting figures from M$ headquarters trash dumpsters? Seriously some of these claims are so
    • by hkmwbz (531650)

      Apparently on Slahsdot, the scientific method has no merit when the result favors Microsoft somehow.

      What scientific method? There's no science in this "report." It's pure pseudoscience. The results are not repeatable, the data is not available for independent analysys, there are huge methodology flaws, etc.

      Forget that these tests are repeatable, and can be independently conducted and verified

      Except they can't. Do you work for NSS Labs? They have a history of astroturfing and lies in public.

  • There was a time when a headline like this never would have made the front page of slashdot. It's because of this kind of thing that I only come back to slashdot on the rare occasion that I have run out of other things to read on the internet. And what's this? Addthis.com showing up in noscript? Please, bring back the quality!

  • "Microsoft's Internet Explorer 9 has proved once again to be the best choice when it comes to catching attacks..."

    Is that "Catching" like "Aha! I caught that wascawy wabbit" or is it "Catch" like "If I connect this PC to the internet for a couple minutes without loads of anti-virus protection and a beefy firewall, IE will catch something really nasty..." or even "Catch" like "A filter on a drain, a low place where nasty things tend to accumulate...". Because inquiring minds want to know!.

    This isn't to say

  • Important question.

    FireFox is a platform where we have these things called addons.

    NoScript prompts you before running any piece of Javascript, classified by the site it came from.

The first Rotarian was the first man to call John the Baptist "Jack." -- H.L. Mencken

Working...