NSS Labs Browser Report Says IE Is the Best, Google Disagrees 205
adeelarshad82 writes "Independent testing company NSS Labs recently published a report on the ability of popular browsers to block socially engineered malware attack URLs. The test, funded by Microsoft, reported a 99 percent detection rate by Internet Explorer 9 beta, 90 percent by Internet Explorer 8, and 3 percent by Google Chrome. However, Google doesn't entirely approve of this report's focus and conclusions. According to Google not only didn't the report use Chrome 6 for the tests, the current version is Chrome 8; it also focused just on socially engineered malware, while excluding vulnerabilities in plug-ins or browsers themselves. Google defended its browser by claiming that it was built with security in mind and emphasized protection of users from drive-by downloads and plug-in vulnerabilities."
It's Clear to Me Why They Waited (Score:5, Informative)
It's not clear why Microsoft and NSS Labs waited until December to release the results.
Maybe it's like the last time this happened [microsoft-watch.com]?
Furthermore, Moy said, the study started as a private test for Microsoft's engineering team, which was seeking to make internal improvements. "They decided to release it based on the positive results. Many of the test reports we write do not get released by vendors, but they do get used to improve products. So what does 'sponsored' mean in this case?"
So you (internally) strike a deal to test your browser (but also your competitors') with an "independent company" that you pay to perform this service. You get to define the "success parameters" of the test. Then you get the results back and you fix everything. After that time spent fixing has passed, you release the report and add that you have fixed all the problems with your product. Unsurprisingly, you look really really good when this news hits. Since your competitor is not also paying NSS Labs, NSS has no reason to update the report to meet the latest and greatest version of browsers. Meanwhile you can decide if your competitor's browser performed inadequately enough or not for the report -- maybe you even select the success parameters afterward? Heck, you already waited to see if you could release the report.
Independent? HA!
Re: (Score:3, Interesting)
I know this isn't in the spirit of the other posts on this topic today, but I applaud MS for concentrating on security and the best interests of their end users. It's good to see they are taking these matters seriously as part of the product development process.
That said, I still use Firefox, followed by Chrome, for browsing, but at least they are looking out for those stuck with IE simply because it ships with their OS.
Engineering Versus Marketing (Score:5, Interesting)
I know this isn't in the spirit of the other posts on this topic today, but I applaud MS for concentrating on security and the best interests of their end users. It's good to see they are taking these matters seriously as part of the product development process.
Don't get me wrong, I'm always happy when security is improved -- even in the most hated of products by the most hated of companies. The problem I have is when marketing gets a hold of this and spins it to attack competitors, thereby improving the public perception of their own product. This could have all been avoided had Microsoft just kept the report internal like most of NSS Labs' customers. And doing so while comparing the latest IE9 to Chrome 6 and releasing that to the public as a 'current' report now ... well, that's what I have a problem with. If a Chrome user read that report as today's news they're going to think that it's been done with today's Chrome.
Re: (Score:3, Insightful)
beta Apples to outdated Oranges (Score:5, Informative)
I think you missed the other important part: "Also, the version of Chrome that NSS says all this about is two major versions behind the current stable release, while the version of IE they say is better is the current beta release."
A more relevant comparison would be IE 8 to Chrome 8 (current generally release version of both version), or IE 9 to Chrome 9 (current publicly available pre-release version of each browser.)
Perhaps someone should do a similar comparison, but using Chrome 9 and IE 6, instead...
Re: (Score:2)
I think you missed the other important part: "Also, the version of Chrome that NSS says all this about is two major versions behind the current stable release, while the version of IE they say is better is the current beta release."
A more relevant comparison would be IE 8 to Chrome 8 (current generally release version of both version), or IE 9 to Chrome 9 (current publicly available pre-release version of each browser.)
Perhaps someone should do a similar comparison, but using Chrome 9 and IE 6, instead...
It's quite clear from the study that Chrome 6 was the most recent full release of the browser when these tests were performed in September. Don't forget that Google Chrome is on a six-week major release schedule. If the argument is that Google has made significant improvements in their defenses against socially-engineered attacks in the last three months, then okay, the study is no longer relevant. But have they done this? I haven't heard anything along those lines.
Re: (Score:2)
Which would (considering only the browser versions, and not the scope of the test and other issues that have been raised) have made the test valid, relevant, and meaningful, if the study compared it to the then-current general-release version of IE (IE 8), and was released at a time when that comparison was meaningful to the current market options.
Re: (Score:2)
They did compare it to IE8. IE8 blew everything away except IE9 which did a bit better still. Seriously, it's right there in the summary.
Microsoft, who was paying for the study and controlled the timing of its release for its own marketing purposes
Do you honestly think they sat on it until it wasn't true and then released it? What would the point of that be? We'll probably be on a double-digits Chrome version by the time IE9 releases.
Among other things, this is comparing malware lists that actually updates online in real-time, so strictly speaking it's out of date before the statistical analysis is even finished
Re: (Score:3)
Which made it, at the time, merely beta Apples to stable Oranges, which is slightly-less-bad -- but the relevance of the report when it was written isn't important to anyone, the relevance when it is released matters, since that's when people will be reading it and potentially making decisions based on it.
Had the report been released when it was current (leaving aside issues of who was paying for it, and
Re: (Score:3)
You missed one other step. When the results DON'T show IE ahead, you just don't release them...
Re: (Score:2)
So they use the test to improve their browser until it's better then the others being test, then say it's the best.
Well..good.
Huh? (Score:2, Insightful)
Google is complaining that a report on socially engineered attacks is only focused on socially engineered attacks? And they're whining that a study done back when Chrome 6 was the most recent release doesn't mention Chrome 8, which is currently the most recent release? Seriously?
Bad summary? (Score:3, Informative)
According to Google not only didn't the report use Chrome 6 for the tests where as the current version is Chrome 8...
Should it be:
According to Google not only did the report use Chrome 6 for the tests, whereas the current version is Chrome 8...
Attack urls? (Score:3, Funny)
Re:Attack urls? (Score:4, Informative)
Re:Attack urls? (Score:4, Funny)
So basically, IE9 does a good job at protecting morons who download everything they see... from themselves.
Re: (Score:2)
Don't knock it... the number of scareware / fake virus scanner infections I have been cleaning recently from friends computers would suggest these attacks are becoming more frequent and harder to spot as malicious until it is too late...
If IE9 is as good as they claim at stopping these then my steady supply of good single malt whisky will dry up, which is bad for me and bad for bot nets but good for everyone else...
Funny definition of Independent (Score:2)
As independent as a politician that accepts campaign contributions from AT&T or SEIU.
Re:Funny definition of Independent (Score:4, Insightful)
I must have missed... (Score:2)
The credibility issue here is with a Microsoft. A company that has been shown, time and again, that they're not above tweaking the facts (lying) about their products and their competitors' products. That, and the fact that they paid for this supposed bit of research.
Wai . . . What? (Score:3, Interesting)
An "independent" test that was "funded by Microsoft". WTF? How is that independent?
Re: (Score:2)
It means they get paid whether they get the results Microsoft wants or not.
Re: (Score:2)
Which isn't really independent. I mean, if it was blind, such that Microsoft wouldn't know who was performing the test and couldn't retaliate against them by not paying them to do future tests if they didn't like the results of this one, then that would be independent.
Re: (Score:2)
That rationale is pretty weak.
You're right that the results are questionable, absolutely 100% no dispute about that, but the nitpickery over the term 'independent' is overzealous, especially in the context that the same summary pointed out it was funded by Microsoft.
Re: (Score:2)
> It means they get paid whether they get the results Microsoft wants or not.
Of course, since they are funded by MS, they only get released if MS feels like it.
Re: (Score:2)
Yep. That is, however, distinctly different from "paying to make the results what we want them to be".
I'm only nitpicking the semantics here, not the questionable'ness of the data.
Re: (Score:2)
easily.
If you own a bank and contract a team of professional to test your security. they are an independent company.
Same thing here.MS paid a company not owned or affiliated with MS to conduct testing. It's a common practice.
Great example (Score:2, Insightful)
Looks like the test was a perfect example of social engineering.
What was even being tested? (Score:5, Insightful)
Re: (Score:3)
I was under the impression that social engineering was a security flaw in the user, not in the application.
It is, but you can't debug the user, so you have to compensate in software. I feel a lot better knowing that J. Random Grandma has something looking over her shoulder to tell her she really shouldn't be going to that site. Cuz once J. Random Grandma's computer is hacked, it starts sending spam to MY computer.
Heck... I'm a software developer, and I've been known to screw up. Humans are buggy.
So I really want software that does both. If IE is ahead in that area, good for them. Sending out a press release
Re: (Score:2)
> It is, but you can't debug the user
Yes you can [ridlice.com]
Re: (Score:3)
Little to do with the *code* security, yes. But it's got a lot to do with real-users-not-getting-viruses security.
Seriously, everyone. I know it's sponsored by Microsoft, and I wouldn't be surprised if there's some dodgy selection of test URLs behind the scenes. But if these results are even in the right ballpark, then it's something that Google (and Mozilla, and Opera) really need to pay more attention to. Stop finding excuses to ignore it just because we don't like what it says. Go and try to find the met
Re: (Score:2)
It has little to do with the theoretical security of the browser code, but it has a lot to do with the practical security of using the browser.
In a recent study of women... (Score:5, Funny)
...researchers discovered that hot supermodels would be most fulfilled in a relationship with Slashdot user GodfatherofSoul*.
* This study funded by GodfatherofSoul
Reminds me of MS (Score:2)
So
Stopped reading at (Score:2)
They would have had to intentionally install a old version of chrome with a standalone installer, and prevent it from updating by circumventing google updater which silently updates chrome. Talk about stacking a test.
valid in its own way (Score:2)
The test has an odd kind of validity; The foolish who choose Internet Explorer (instead of Firefox, Chrome, Safari or Opera) would be also the foolish victims of "Socially Engineered Malware". That is, the web browser for dupes protects its users from the same vulnerability which causes them to use it.
And that may be all I need to know (Score:2)
That told me everything I needed to know.
I got a virus while using Chrome. (Score:2)
It came in through an ad utilizing a Java exploit. I was only 1 minor release behind on updating my JRE. Since this incident and the 45 minutes it took me to get rid of the stupid thing, I now surf with Firefox + adblock + noscript addons. It's just not worth it. I used to be OK with ads and even clicked o
Microsoft funds test (Score:2)
i mean, what we are supposed to even start thinking about this
Chrome isn't built with security in mind. (Score:2)
Google defended its browser by claiming that it was built with security in mind and emphasized protection of users from drive-by downloads and plug-in vulnerabilities.
I found this line to be quite disgusting. I am very pro google but the chrome team has continually ignored the need for NoScript. A browser without NoScript isn't secure in any way shape or form.
Re: (Score:2)
Re: (Score:2)
Browsing is something that occurs OFF the business desktop and NOBODY TRUSTS MICROSOFT not to rat them out to the corporate IT department.
What does this even mean??
Re: (Score:2)
What does this even mean??
All your base (instincts) belong to us?
Re: (Score:3, Insightful)
Re: (Score:3)
Re: (Score:2)
Does anyone know of a good ABP for Chromium based browsers?
How about Ad Block [google.com]
Re: (Score:2)
Re:Socially engineered attacks ARE a huge problem (Score:5, Insightful)
The test, funded by Microsoft
That says it all.
Re: (Score:3)
So its results are unquestionably incorrect and/or irrelevant?
Re:Socially engineered attacks ARE a huge problem (Score:5, Insightful)
Re: (Score:2)
It raises a red flag, but that is all. They could very well be unbiased and independent.
Yes, like all tests, confirmation from others is a good thing.
Look at the data. compare to the conclusions. Do the match the conclusions? Is the methodology the correct one for the tests they are doing?
That's the only way to tell if a study is good.
Re: (Score:2)
It raises a red flag, but that is all. They could very well be unbiased and independent.
Not if you read the summary and figured out they cherry picked which outdated version of Chrome to use so it would do as poorly as possible rather than the current release and compared it to the new IE9 BETA.
I know, I know. Read the summary? On Slashdot?
Re:Socially engineered attacks ARE a huge problem (Score:5, Insightful)
UL is to test your products for saftey, this is a *comparative* test against several competing products for quality.
Apples, meet Oranges, meet troll.
Re: (Score:2)
If UL tests 2 products, and finds one passes and another fails, there's certainly a comparison that can be made between them, and a company selling the passing product might feel inclined to draw attention to this (of course, UL itself never comments publicly on failed tests). In this case, the tester tested two products and rated one "99%" and one "3%" against some standard. The methodology might have been totally bogus (no idea), but the act of paying for the test isn't automatically so.
Re:Socially engineered attacks ARE a huge problem (Score:4, Insightful)
This is totally different.
In this case, the tester tested two products and rated one "99%" and one "3%" against some standard.
The key difference is that UL tests against a pre-existing standard. Not a standard that they made after looking at the product. UL can't customize their test to make one product look better or worse.
The methodology might have been totally bogus (no idea), but the act of paying for the test isn't automatically so.
The act of paying for a test to be designed for you, or a test you designed ahead of time to make your product look good, is bogus. Paying to have a test executed for you is not bogus. One is independent, the other is not.
Re: (Score:2)
This is totally different.
In this case, the tester tested two products and rated one "99%" and one "3%" against some standard.
The key difference is that UL tests against a pre-existing standard. Not a standard that they made after looking at the product. UL can't customize their test to make one product look better or worse.
The methodology might have been totally bogus (no idea), but the act of paying for the test isn't automatically so.
The act of paying for a test to be designed for you, or a test you designed ahead of time to make your product look good, is bogus. Paying to have a test executed for you is not bogus. One is independent, the other is not.
From an ethical perspective, this is no better than when a certain 3D graphics chip maker had their Windows drivers detect running benchmark programs, and run specific code to fool the benchmark and make the chip appear to be faster than it really was.
Re: (Score:2)
From an ethical perspective Microsoft, IBM, Oracle, etc. are responsible for the business practices that made credit default swaps plausible.
That is the single most irrational bit of geek hate spew I've ever seen on Slashdot - you should get a new Slashdot achievement for that! (Also, there's nothing wrong with CDSs per se, they just need to be regulated the same way as any other form of insurance currently is.)
Re: (Score:3, Informative)
Tests like this are done for marketing purposes. The professionalism of the tester will make sure the test is rigged to give Microsoft the result they want. Get the facts.
Re: (Score:2)
can you provide your source of facts that proves your statement to be true?
Don't have to: Microsoft's own reputation preceeds it in this case. As someone who has spent the better part of thirty years dealing with that company and its shenanigans, I will say that you should treat them like Congress. That is, you take a default position assuming that they are lying through their teeth, you don't give them the benefit of the doubt, and you force them to provide proof of their claims.
Re: (Score:2)
UL testing isn't a product comparison, it's a test for standards conformance. The requirements for independence and impartiality are substantially different.
Re: (Score:2)
If I want to know what is unlikely to burn my house down, I look for the UL listing, and rely on vendor-performed standard tests.
If I want to know whether product A or B is better, I check out Consumer Reports, which accepts no funding from any vendor, not even advertising.
I was willing to believe that IE wouldn't burn my house down anyway, so this report gives me precisely no useful information.
Lol, are you serious? (Score:2)
There are lot of paid tests, but you pay a fixed fee for a standard test for YOUR equipment. No company can pay KEMA (I presume the dutch equivelant of LU) to test a competitors equipment and KEMA will never ever come out with a comparitive report. Your product either passes its test or not and that is all.
This is a bought report that tests a BETA of the paying company against 2 versions outdated production release of a competitor. If you can't see the bias right there, well... I think it is amazing that me
Re:Socially engineered attacks ARE a huge problem (Score:5, Interesting)
So its results are unquestionably incorrect and/or irrelevant?
They may be technically true in some sense or other. However, in past such situations, Microsoft has been seen commissioning several similar reports; possibly even iterating the instructions for running the reports; then throwing away (under NDA) all the ones which don't match with their marketing wishes. You can basically assume that whatever it says is the opposite of the truth in some way or another because if it was true they would be able to just say directly it instead of commissioning someone else to say it to they can avoid claims of false advertising (for example, their old "Get the Facts" campaign was one of the few things of this type the ASA has clearly stated was misleading [wikipedia.org]). And yes; most companies do this to some extent, but few other companies could come near to sustaining the level of deception Microsoft does because eventually some employee would become disenchanted and start leaking results. For example, have a look at the Comes documents [groklaw.net], which only came out because of a lawsuit, to get some idea of the kind of things they can keep secret. Nowadays Microsoft's data destruction policies [theregister.co.uk] are much stricter and they ensure that all deals are finalised by lawyers [pbs.org] and so are legally privilaged. This kind of secrecy and professional deception means that almost any marketing claim from them should be disregarded completely until there is some level of independent confirmation.
Re: (Score:2)
There was nothing wrong with doing the study. I'm sure that there were many such studies done and that's fine. It's the fact that they choose to release this one which is the problem. More important is the way it was released; as an "independent study" as if it had nothing to do with development. That's totally immoral.
The ways in which this cheated are also clearly discussed elsewhere. They took the Google version at the beginning of the study, but worked on the Microsoft version and took the result
Re: (Score:2)
That's totally immoral.
You can't expect morals from an amoral entity. Not just Microsoft, ANY corporation.
"Never let your sense of morals prevent you from doing what's right" -- Salvor Hardin (Asimov's Foundation). For any corporation, anything that raises revenue is "doing right"', even breaking laws and killing miners as happened several months ago in that mine disaster in Virginia. Even people's lives are secondary to stockholder dividends.
The fundamental of honest use of studies is that you must treat e
Re: (Score:2)
Nope, that merely gives you reason to question the outcomes and examine the experimental procedure in depth. It's a meta-level reputation system. If an entity has shown a lack of bias in the past, you can generally choose to accept their work. Otherwise you examine the experiment design and see if anyone was playing fast and loose with the statistics and analysis. Microsoft probably qualifies for most people.
The summe
Re: (Score:2)
So its results are unquestionably incorrect and/or irrelevant?
Yes. Sometimes you have to consider the source. And if even said results are correct and/or relevant, the truth is that having Microsoft pay them means exactly what you would expect. They paid for those results, they didn't pay for independent, unbiased testing and reporting of their products.
Re: (Score:2)
No but they are very questionably correct.
Re:Socially engineered attacks ARE a huge problem (Score:4, Interesting)
The report is almost useless because it has compared the latest stable and dev releases of IE with versions of Firefox and Chrome that are years old.
What. No, wait, what?
Read on to the end, because later I'm going to tell you what's really wrong with the test and why it's bullshit, but I have to first burn down the obvious straw man you've introduced.
The report was released in October 2010. http://www.nsslabs.com/assets/noreg-reports/NSS%20Labs_Q32010_Browser-SEM.pdf [nsslabs.com]
It used Google Chrome 6, which was the current stable Chrome at the time (6 came out in September 2010). Google Chrome has gone from 6 to 8 in two months. It used Firefox 3.6, which is the current stable Firefox RIGHT NOW, two months after the report was released. 3.6 was released in January 2010, but Mozilla has only done "dot" releases since October. It also included Internet Explorer 8, which was released in March 2009.
In other words, if you want to say "older is worse", then IE8 should have been absolutely fucking pasted by this test. Ummm, right? It's the oldest browser in the test by almost a year.
Now we get to the point that won't upset you, because THIS is what is wrong with the test.
According to their test, what they were really testing was vendor responsiveness to known threats (on-time maintenance of the blacklist), not some response internal to the browser. They took a bunch of really recent entries of bad sites from someone and plugged them into the browsers, getting a new batch of URLs every few hours. The time was measured in hours, so what this is really saying is that Microsoft seems to be the best vendor at maintaining the server-based "bad URLs" list, though it took them 4 hours on average to block sites as opposed to Firefox's 6 hours.
If they got these sites from their paid sponsor, then the list could easily have been biased. But there's more actual provable bias to the test than just that.
The real bias is in the percentages. They do not actually represent "Microsoft browsers blocked 90% of sites while Firefox only blocked 20%". they are a grade-type score, where 100% means all sites were blocked immediately, while a 0% means no sites were blocked, ever. Early detection (measured in hours) seems to play a much larger role than actual number of sites detected. The scores appear to have been done on some form of normalization curve, with the sweet spot being somewhere around "One Half Hour Longer than Internet Explorer".
Otherwise, how does an increase in response time from 4 hours (IE, both versions to within a few minutes plus or minus) to 6 hours (Firefox) make your score go from 90% to 20%?
The net conclusion is, if you're going to use a web browser and you depend on vendor-maintained "baddie" lists as your primary line of defense (rather than script protections like NoScript, which don't depend on a vendor to maintain stuff for you), you're better off with Internet Explorer than any other mainstream browser in the market.
It doesn't make you "70% safer" or protect you from "70% more threats", it means that it has, on average, 2 hours of lead time on the next-best browser in terms of the list of sites it protects you from. It's like saying that McAfee is better than Norton because McAfee generally releases specific virus signatures, on average, 2 hours before Norton does.
So, the test is correct, it's just expressing the results in a very misleading way, showing a very low number for "everyone but Microsoft" because the test results were designed to score what IE did best in the highest way possible. They even spelled that out in their results:
The value of this table is in providing context for the overall block rate, so that if a browser blocked 100% of the malware, but it took 264 hours (11 days) to do so, it is actually providing less protection than a browser with a 70% overall bloc
Re:Socially engineered attacks ARE a huge problem (Score:5, Insightful)
The test, funded by Microsoft
That says it all.
And the response from google criticizing it was by someone right on google's payroll representing google's interests. I guess we can ignore their criticism then too?
Or perhaps we should let the work stand for itself, evaluate the methodology, strip away the marketing spin, and come away with some nugget of truth, regardless of who funded it. Of course that's "work".
Re:Socially engineered attacks ARE a huge problem (Score:5, Informative)
What the Faceless Google rep said was that this test cannot be peer reviewed because they did not release all the data (specifically the URLs visited). Now releasing a report that does not allow for independent review does not make for good science.
The tests may be valid. But until there is enough information to confirm this, I can only be skeptical of the faceless Microsoft rep.
Re: (Score:3)
I can only be skeptical of the faceless Microsoft rep.
Agreed. Skepticism of every studies conclusion is healthy and necessary. However outright disregard for a study based on a single data point: "who paid for it" is not.
Re: (Score:2)
I believe that most people who will be influenced by this kind of report are NOT in a position to methodically evaluate the test methodology. They are people who watch Survivor, Big Brother, YourCountryHere Idol and idolize Oprah. They do not have the experience or skills for critical analysis of marketing spin. So when Microsoft (or McDonalds or the US Govt or Buy n Large) claim research that shows their product is superior to others, the reader gets one claim stuck in their head and it is repeated as fact
Re: (Score:2)
I believe that most people who will be influenced by this kind of report are NOT in a position to methodically evaluate the test methodology.
Fair enough.
So when Microsoft (or McDonalds or the US Govt or Buy n Large) claim research that shows their product is superior to others, the reader gets one claim stuck in their head and it is repeated as fact*.
Fair enough. But the real problem here is twofold:
a) a news media happy to regurgitate press releases without doing any sort of journalistic investigation
b) a
Re: (Score:2)
Or perhaps we should let the work stand for itself, evaluate the methodology, strip away the marketing spin, and come away with some nugget of truth, regardless of who funded it.
We can't evaluate the methodology because the methodology hasn't been published. From what we do know, neither the testing nor the data released was objective - the tests compared bleeding edge releases of IE9 to an obsolete versions of Chrome, and the data they chose to publicise focussed on the single areqa in which IE9 triumphed, despite it performing poorly in other areas.
Re: (Score:2)
We can't evaluate the methodology because the methodology hasn't been published
That counts as evaluating it, and finding it missing. Big point against its credibility. :)
the tests compared bleeding edge releases of IE9 to an obsolete versions of Chrome
This much at least is factually incorrect. This study was done *in* September 2010. Chrome 6 was released September 2nd, 2010. Chrome 7 wasn't released until October 21st. What version do you think they should have used?
You appear to have fallen for Googles ex
Re: (Score:2)
Just because Google's criticism of the study's claim isn't coming from a neutral third party doesn't mean Microsoft paying for a study that praises its own browser shouldn't set off all sorts of red flags concerning the validity of the study,
Who said it shouldn't set off red flags. It sets off a red flag, but it doesn't justify complete disregard of the study. Additionally Google's statements about the study should set off the VERY SAME red flags about googles statements.
especially when "[...]the list of ac
Re: (Score:2)
Additionally Google's statements about the study should set off the VERY SAME red flags about googles statements.
No, Google's complaints don't set off the same red flags at all. Microsoft citing a third party study is an appeal to an external authority. The claim is that Microsoft is trying to get their opinion on their own browser credibility by having it come from a mouthpiece that isn't first party. There is no analogous complaint to be made about Google, because they aren't trying to complain about the study by hiring an external firm to make the complaint.
However, it is completely unrelated to who paid for it, now isn't it?
Exactly the opposite. The study arguably has that partic
Re: (Score:2)
Microsoft citing a third party study is an appeal to an external authority. The claim is that Microsoft is trying to get their opinion on their own browser credibility by having it come from a mouthpiece that isn't first party.
That is why it raises a red flag. Credibility is questionable.
Its also possible that Microsoft commissioned a 3rd party because they actually wanted an independent study done, perhaps because they lacked the in house expertise or resources to do an internal one properly, perhaps becau
Re: (Score:2)
The inherent conflict of interest taints the study to the point where it will never be possible clear it of enough doubt to make the data useful.
But in nearly any situation the parties interested in paying for studies have an interest. In the health sector at least there is enough public money floating around to fund some research... but in IT? Who is going to pay for the work?
All "independant" review sites host advertising from these companies, some of them are more blatantly biased than others but the 'ta
Re: (Score:2)
When one uses only a single test, perhaps a specially crafted one, the conclusions may be misleading.
As an extreme example if one takes an area of a country where people are very well fed, and perhaps taking in far more nutrients than needed, it is entirely possible that one could come up with a study showing substantial nutritional value in sewer waste. Without taking into account the other characteristics (bacteria, viruses, levels of toxic medications, smell etc.), sewer waste might actually be portraye
Re: (Score:2)
I would love to see a study funded by X that does not then show X as being the best product. Given that it seems $ > Truth, I doubt such a thing will ever happen.
Re: (Score:2)
I have seen at least two studies that the results were different than what the funders wanted to see (although in one case the funder wound up in a better position he thought he was in).
In one study, they were trying to prove a correlation or causation between smoking marijuana and cancer. They did a statistical study of four groups of baby boomers; long term cigarette smokers, long term pot smokers, long term smokers of both, and nonsmokers. They fully expected ganja to cause cancer, since all smoke contai
Re: (Score:2)
page 12 of the test PDF: [nsslabs.com]>
"ABOUT THIS TEST This private test was contracted by Microsoft’s SmartScreen product team..."
Paid for by Microsoft, although really google should just ignore these fake tests since IE usage has dropped from 45% to 28% while Chrome went from 4% to 20% from Jan 09 thru Nov 2010. [w3schools.com]
So shut-up Google, you're winning.
Re: (Score:3)
Woah.
I haven’t seen style this terrible in a long, long while. Even the GNAA trolls are more legible.
Re: (Score:2)
Please don't feed the APK
Re: (Score:2)
Please don't feed the APK
Well, this’ll teach me all right.
Re: (Score:2)
he`s no troll, thats ranting
trolling includes lies and links to 'strange' porn
I didn’t say I considered him a troll. I was simply expressing how appalled I was by his writing style.
Re: (Score:2)
Does a PHD in Psychiatry come with your "snap prognosis" Dr. Quack? Or are you just another troll with no qualifications in the psychiatric sciences, just like cp.tar is in English (since he hasn't shown us his PHD in English yet, and he probably never will)
No, I do not have a PhD in English. I am, however, a few exams away from a degree in both English and Linguistics. And no, I am not a native English speaker.
What I am is flattered by all the attention my tiny little comment got me. Really.
I haven’t had an online stalker in quite a long time. Thank you for making me feel special.
150:1 odds as the ratio of his readability of his posts tends to put cp.tar into his place: He doesn't dare even reply after that.
Oh, sorry, I wasn’t expecting a reply. Such posts don’t tend to invoke either replies or moderation, so I tend to forget about them.
I’m really sorry to have
Re: (Score:3)
I don't know about you but I rarely receive tarballs, rpms or debs from friends to compile or install on IM or facebook. That's the good thing about the repository system, where there is a (hopefully) trusted source where you install the majority of your applications.
I can't really see socially engineered malware taking off under Linux, really.
Re: (Score:2)
From TFA: "funded by Microsoft".
You can ignore the rest.
Re: (Score:2)
>>>If Internet Explorer 9 beta blocks 99% of those and Chrome[6] only 3%, that makes a huge difference.
Yeah yeah, but Chrome (and Mozilla seaMonkey) can run on my tiny 0.1 gigabyte laptop. Can IE9? Ha! Nope. ;-) ----- But seriously: Why in the world was the test run on the latest IE9 versus the ancient CR6? A deliberate Microsoft setup to make themselves look good.
Re:Check the funding (Score:5, Informative)
This: "The test, funded by Microsoft"
The real warning flag is that it doesn't say that on NSS Lab's site nor does it say it anywhere in the report. So if I was being paid to do this, I would have that in big bold letters as a disclaimer on the front page of the report if I wanted to maintain credibility. So either the Google response article is wrong (which the same IE8 report from last year [thetechherald.com] was funded) or you're just being flat out disingenuous when you say "independent." We just happen to receive funding from one of the participants and they decide when and if the report is released.
One more thing, if you dig into this report, the parts where they reference Microsoft read like an advertisement:
It became obvious from this test and comparisons to the earlier test that Microsoft continues to improve their IE malware protection in Internet Explorer 8 (through its SmartScreen® Filter technology) and in Internet Explorer 9 (with the addition of SmartScreen application reputation technology). With a unique URL blocking score of 94% and over-time protection rating of 99%, Internet Explorer 9 was by far the best at protecting against socially-engineered malware. The 89% zero-hour block rate suggests a far superior malware identification, collection, and classification method.
"What kind of registered application reputation technology did you say they used? Simply revolutionary progress!" Compare that section to that same section on Chrome:
With a protection rating of just 3%, Chrome 6 dropped more than 14% from our last test. And, Chrome’s unique URL score of 4% was also a major decline. Chrome’s overall poor protection makes it difficult to compare it to other Safe Browsing API-related products.
"Boo, Chrome sucks!" Hahaha oh my this is too funny. Google shouldn't have to explain themselves. Just take what you can to improve from this report, become aware of your opponent's tactics and move forward.
Re: (Score:3)
The report is of greater value to Microsoft, the paying customer, the less obvious it is the Microsoft is the paying customer.
Re: (Score:2)
Too bad the said Microsoft paid for the test. They even put it where it goes in ALL tests.
Anyone who reads these tests know exactly where to look for funding. IT was NOT hidden.
4.4 ABOUT THIS TEST
This private test was contracted by Microsoft’s SmartScreen product team as an internal benchmark,
leveraging our Live Testing framework. It has subsequently been approved for public release.
Re: (Score:2)
Depends on how the funding takes place, and for what purposes. Did they fund This test? DO they just make a annual payment to a generic fund to be part of the 'club'? Are the a testing lab where everyone knows the test is paid for by the vendor*?
*UL safety testing is paid for by the vendor, at it works very well/ Different kind of testing, but hopefully you see my point.
Re: (Score:2)
Re: (Score:2)
According to Google not only didn't the report use Chrome 6 for the tests where as the current version is Chrome 8
dude, really? couldn't you have said it without using a double negative?
Apparently, he couldn’t not have said it without using a double negative.
Re: (Score:2)
For immediate release.
Warning.
M$ Internet Explorer under control the M$ controlled server is better at censoring the web, than any any browser.
WTF, this has nothing much to do with browsers at all, just how much time and effort a company is willing to put into to tracking down naughty web sites and updating their browsers and blocking the naughty payload coming from those web sites.
P.S. If you really want to do something good M$, work together with those other companies to make a universally access