Internet Explorer 8 Best at Stopping Malware, Phishing

Viewing 19 reply threads
  • Author
    Posts
    • #4132
      Don Donzal
      Keymaster

      It appears that the comprehensive security features built into Internet Explorer 8 (IE 8 ) are paying off for Microsoft.

      The browser, released in March with a number of enhanced phishing and anti-malware components, blocked an average of 81 percent of socially engineered malware and stopped 83 percent of suspected phishing sites — topping four other major browsers, according to new tests conducted by NSS Labs.

      NSS based its findings on two weeks of analyzing 593 phishing sites and 608 unique URLS that contained malicious software, Rick Moy, the company’s president, told SCMagazineUS.com on Thursday.

      “Everyone thinks Microsoft stinks at security,” he said. “They need to get some credit for some of the good stuff they’ve done. Microsoft has been a big target for attacks for a long time, and that’s actually a benefit to them. They’ve learned how they can turn that around and protect themselves better.”

      A Microsoft spokeswoman could not immediately be reached for comment.

      In catching and stopping socially engineered malware, a significant drop-off occurred after the Microsoft browser. Firefox 3 was next in line, blocking 27 percent. Apple’s Safari 4 thwarted 21 percent, followed by Google Chrome (seven percent) and Opera 10 (one percent).

      The browsers, as a group, performed relatively better in offering phishing protection. Firefox deterred 80 percent of suspected fraud sites, Opera caught 54 percent, followed by Chrome (26 percent) and Safari (two percent).

      “It’s pretty shocking how bad some of the vendors are doing,” Moy said. “Everyone should challenge their assumptions and look at some real data when they’re making decisions [on which browser to use].”

      He added that success rates also could have a lot to do with how many financial resources are available to the browser provider.

      “Why would you even think Opera would have a fighting chance?” Moy said.

      Spokespeople at Apple, Google and Opera did not immediately respond to requests for comment on Friday.

      Original story:
      http://www.scmagazineus.com/Microsoft-leads-browsers-in-malware-phishing-defense/article/146505/

      Don

    • #26143
      UNIX
      Participant

      If I remember correctly I read somewhere that this study was funded by Microsoft – although the results may be true, this casts a poor light on it.

      “Why would you even think Opera would have a fighting chance?” Moy said.

      Also such comments as the one quoted above does in my opinion not improve their charisma.

      However, I think that such studies are not only important because it may force vendors to increase their products where it is needed.

    • #26144
      dalepearson
      Participant

      Interesting article, I know they fixed the used exploit from this years pwn2own at release time.

      See how it holds up in next years testing.

      I still prefer the add ons and plugins of Firefox myself.

    • #26145
      Ketchup
      Participant

      I can’t tell you how many times if I have removed Antivirus 2009 from people’s computers.  No matter what security features these browsers seem to have, people always click on a link if they think it’s their computer telling them to do something. 

      I think that we should start a movement to go back to Lynx 🙂

    • #26146
      Anonymous
      Participant

      This article only talks about blocking sites, it doesn’t mention browser exploits.  Though everything said may be true, it doesn’t cover the full spectrum of security.  I don’t care how many phishing sites it can block if there are a bunch of unpatched exploits in the wild.

    • #26147
      Clay Briggs
      Participant

      My philosophy… Opera FTW.  😛  I use Opera and Firefox… but I’ve always had a soft spot for the underdog browser.  Like Laz3r was saying though… IE traditionally is beat around fairly badly when it comes to actual code flaws.  Thing is… with Active X.. or any of the other stuff that is there to save users…. they are just going to click yes and install shit.  They want to go places… and just becaues there is a warning.. 90% of the users won’t care.  5% will contact their IT guy for EVERY active x popup… thinking their computer will blow up… and the last 5% will actually read the pop up themselves, and think about it. 

    • #26148
      jason
      Participant

      I’ll be sticking with Firefox and the Noscript plugin. The IE8 security features are blocking a fairly narrow and predefined set of attacks. Not running the scripts in the first place seems like a much better approach, but definitely not one for tech novices.

    • #26149
      Ne0
      Participant

      i really agree with it as IE8 does stop malware and phishing… but does any one put lights the memory its using its much more than other browser… its a heavy weight browsing champion … if any low RAM user uses the IE8 he will stacked for ever… some has to consider that tooo….

    • #26150
      Anonymous
      Participant

      In terms of weight and resource usage, I’ll take secure over lightweight any day of the week.  Like Jason, I’m sticking with FF and NoScript.  Nothing in IE (From my understandings) blocks any kind of XSS.  There are hordes of credible sites (not blacklisted by microsoft) that get compromised and end up with something scary.  Blocking known malware and phishing sites is great, especially for the average end user, but it’s not enough.

    • #26151
      UNIX
      Participant

      I chose security over lightweight as well, though I think that Ne0’s post was meant in the way that the article is missing other important facts, such as lightweight, code flaws etc. and therefore can’t be seen as somethig complete.

    • #26152
      Ne0
      Participant

      hi awesec .. i am agree with u …
      and Internet Explorer 8 takes the cake with better phishing and malware protection, as well as protection from emerging threats. Firefox uses a sandbox security model, and limits scripts from accessing data from other web sites based on the same origin policy. According a test Analysis, IE 8 do better than Firefox and Chrome in Security.

      When these web browser are launched. Google Chrome 3 is the fastest speed browsers in the three. Firefox 3.5 is faster than IE 8. To actually see the difference in page loads between all three browsers, you need slow-motion video.

      i agree ie is good at security vise

    • #26153
      jason
      Participant

      @Laz3r wrote:

      Nothing in IE (From my understandings) blocks any kind of XSS.

      IE8 is actually blocking *some* XSS attacks, but by no means all of them. If you’re running the scripts on the page by default, you’ll likely be catching something eventually.

    • #26154
      Anonymous
      Participant

      I read the report, how i read it was it was basically a shoot out over how quickly the malicious sites/URLs is updated.  as IE8 was technically the only “for pay” browser it SHOULD win.

      everything else is based on free labor or how quickly other users submit phishing/malicious sites and how quickly that gets propagated out.

      a better test would be to create varying levels of complexity phishing/browser exploitation sites and see how the browsers hold up, i’d think most will fail miserably together.

    • #26155
      hackster117
      Participant

      Hmm…Interesting; I always though that Firefox was the most secure, but I use Internet Explorer.

    • #26156
      Clay Briggs
      Participant

      Firefox or Opera with no script (or the equiv) is about the only thing I’ve used that works well.  Black listing vs white listing… honestly, I’ll tell my browser what I think is kosher, I’m sure as h3ll not letting M$ tell me what it thinks is secure.

    • #26157
      timmedin
      Participant

      @jason wrote:

      I’ll be sticking with Firefox and the Noscript plugin.

      That is not for the feint of heart, and not something I could realistically recommend for not IT people.

    • #26158
      jason
      Participant

      It’s not much different, conceptually, than a popup blocker. I’ve taught non-technical family members to use it with no issues. Not implementing security because it’s hard might not be the best route to take.

    • #26159
      timmedin
      Participant

      @jason wrote:

      It’s not much different, conceptually, than a popup blocker. I’ve taught non-technical family members to use it with no issues. Not implementing security because it’s hard might not be the best route to take.

      But how many of your family members just click the “Allow All Scripts on this Page” button every time they go to a page? That is what I have always seen and it makes the security useless and just adds the pain of clicking the button. In our Web 2.0 world it is really hard to get away without using scripts.

    • #26160
      jason
      Participant

      @timmedin wrote:

      But how many of your family members just click the “Allow All Scripts on this Page” button every time they go to a page?

      None! This results in considerable hand slapping and birthday removal. For the most technically challenged of them, I just went through their list of common pages and trained noscript for them. They generally don’t visit a huge range of pages anyway, and for random surfing the text and graphical portions of most pages still work well enough. It’s really not been an issue.

    • #26161
      Clay Briggs
      Participant

      Likewise.  My grandmother checks her email, looks at the weather, and then goes and plays Cribbage.  Putting up something to keep her from getting infected from the craptacular links her siblings computers send her. (notice, I said their computers… not them… since some are questionably malicious) saves me time.

Viewing 19 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?