IE 9 Beats Other Browsers at Blocking Malicious Content 235
Orome1 writes with an article in Net Security. From the article: "Microsoft's Internet Explorer 9 has proved once again to be the best choice when it comes to catching attacks aimed at making the user download Web-based malware. This claim was made by NSS Labs in the recently released results (PDF) of a test conducted globally from May 27 through June 10 of the current year, which saw five of the most popular Web browsers pitted against each other. Windows Internet Explorer 9, Google Chrome 12, Mozilla Firefox 4, Apple Safari 5, and Opera 11 were tested with 1,188 malicious URLs — links that lead to a download that delivers a malicious payload or to a website hosting malware links."
Re:And who paid for this study? (Score:3, Insightful)
Prediction:
The results are favorable to Microsoft, so there will be a ton of skepticism, investigation, and outright dismissal. However, when studies favorable to this particular community's ideologies are announced, none of that occurs, even though the same kinds of skepticism can and should be applied.
If you block everything, your score is 100% (Score:5, Insightful)
MSIE got the highest "malware detection rate" because they used it in a mode where nearly every page is marked as "dangerous". It had the highest detection rate but also the highest false positive rate.
If I sit at the airport saying "that plane is going to crash" for every plane that takes off, and eventually get it right, that doesn't mean I'm able to predict which planes are going to crash (even though I got "100% of the crashes" right)...
Kind of correct. (Score:5, Insightful)
Yep. Mostly because Microsoft has a history of purchasing favourable "findings" from "independent" "research" firms.
Kind of. The process and parameters should always be checked. But the other browsers do not have a history of their parent companies purchasing favourable "findings".
It's called "learning from experience".
There is no reason to forget every past instance when evaluating a new instance. Quite the opposite, in fact.
NSS Labs: The best studies money can buy (Score:5, Insightful)
Of course, when your methodology is that only the bare browser configuration is allowed (e.g., no AdBlockPlus, no NoScript) and you carefully select the malware URLs (obtained from "honey pot" email addresses and then filtered, and then "prune out non-conforming URLs" -- without fully specifying what made them non-conforming) *and* require the malware URLs to be live for at least 6 consecutive hours it gets a lot easier to massage the results. To further exaggerate results not only does a "hit" increase the score but a "miss" decreases it to magnify the difference.
This is the same song as they sang about IE8 with the same, predictable, results. Microsoft didn't pay them a wad of money for this study for nothing.
Re:Nice try (Score:5, Insightful)
If by "pulled out of someone's ass" you mean "they engineered the test to perform best with Internet Explorer 9", then completely.
The main center-point of this test was evaluating a "cloud based trust ranking algorithm". But the study provides no evidence that these algorithmns exist in any of the browsers; its a simple assumption which is likely false (especially when you look at the graphs). What the graphs are really showing is the performance of each browser's black list versus a set of URLs they selected, and not randomly.
If you look at the graphs themselves, they actually don't show the action of any algorithm (which would likely linearly increase or show volatility); in fact, IE9 (With App Rep) is simply a straight line. It's pretty clear that the URLs they used were already in the black list before hand, and that straight line is a continual rejection of them.
Testing a browsers ability to 'blacklist' websites is fine, I guess, but my first problem with this study is that's not the only way to measure 'security'. My second problem is that there's no evidence that the browsers themselves actually perform this activity, making the tests in the study feel like "studying the maximum (flying) climb speed of humans, rats, horses, and bats". My third - and the most troubling - problem is that they don't provide any information as to how these lists were obtained. They only say they tried to "mix URLs so as to make sure that certain domains were not overemphasized", and "NSS Labs operates its own network of spam traps and honeypots.", in addition to "In addition, NSS Labs maintains relationships with other independent security researchers, networks, and security companies,".You can assume without being overly bold that this list could have been a list of URLs that they knew IE would block. Conversely, you could probably easily design a similar test that would have Chrome at 100% block rate, and IE 9 at 10% - it's merely a measure of "what sites were in our test pool that are also in the browser's black list"
Pffft.
FF4 - How unfair! (Score:4, Insightful)
Yet again another M$ sponsored study makes IE look better by using an ancient version of Firefox. FF4 is like way out of date. How dare they make such claims.