It’s ugly, but…

By on May 18, 2013 9:05:55 AM from JoeUser Forums JoeUser Forums

DrJBHL

Join Date 04/2002
+2168

 

NSS Labs surveyed the five browsers with the most market share for security against “socially engineered” malware. The browsers tested were Apple, Google, Microsoft, Mozilla and Opera.

You can view the NSS report here: https://www.nsslabs.com/reports/2013-browser-security-comparative-analysis-socially-engineered-malware

The test is aimed at mobile devices (however, syncing will affect the non-mobile machines as well).

The results were pretty amazing:

 

 

The way the browsers did the malware blocking was interesting, as they did it differently:

 

 

The actual statistics are in the report (link above), but here are their findings, summarized (image manipulated for ease of viewing):

 

 

and their recommendations:

 

 

As the title says…it might be ugly, but it does have the best security around. I look forward to Chrome’s future, however.

As for Apple, Mozilla and Opera: This really should be a serious wake up call.

 

Sources:

http://www.pcworld.com/article/2038792/testing-firm-internet-explorer-tops-browsers-for-malware-protection.html

https://www.nsslabs.com/reports/2013-browser-security-comparative-analysis-socially-engineered-malware

12 Replies
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
May 18, 2013 9:46:48 AM from WinCustomize Forums WinCustomize Forums

well it is nss, microsoft likes paying for reports like these ...

Reason for Karma (Optional)
Successfully updated karma reason!
May 18, 2013 11:18:11 AM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

I did not expect IE to rate that high.

Chrome was pretty much what we all expected and it's the browser I use solely.

Reason for Karma (Optional)
Successfully updated karma reason!
May 18, 2013 11:19:45 AM from Elemental Forums Elemental Forums

IE 10 is not among the five browsers with the most market share; as of May 1 -- less than three weeks ago -- IE 10 only had 6% of the market share:  http://news.cnet.com/8301-1023_3-57582279-93/ie-10-doubles-its-share-of-desktop-browser-market/

IE 9 and IE 8 both have much larger market shares, but the 'lab' forgets those basic facts which discredits their report and the lab's report does not consider the versions of IE with greater market share while claiming its testing the browsers with the greatest market share (which, again, is a false claim).

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
May 18, 2013 11:32:55 AM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

The "browsers" are not IE 8, IE 9, IE 10 etc...the "browsers" are IE, chrome, safari, etc....

IE as a whole is most certainly in the top 5, and as such the research used the best IE browser just as they used the best firefox and best chrome etc...

In any case, WHO CARES?  This is about being secure, and if IE10 is more secure than the other 4 does it really matter whether 6% or 60% use it?

FYI, since the focus is on mobile devices, there is no way IE9 or IE8 would have more market share since they are only for desktops and laptops...

Reason for Karma (Optional)
Successfully updated karma reason!
May 18, 2013 2:10:02 PM from Elemental Forums Elemental Forums

The report specifically stated IE 10 as one of the five most popular browsers, which is an untrue statement ... if they specify version, the version they specify needs to meet their qualifications, which it does not.  It did not test the security of the most popular versions of IE (9 and 8).  That's dishonest.

 

WHO CARES about integrity in advertisements claiming to be unbiased reports despite failing a cursory examination?  I do for one, as would anyone who cares about valid and accurate information from honest sources.  I don't care what the NSS lab's credentials are ... this report is self-evidently false.  Integrity and honesty are not trademarked logos to slap on something and scream that you have ... they have to actually mean something.

IE has earned a reputation for horrible security, vulnerability worsened by its deep integration into the Windows operating system.  The easily un-verified falsehood I found on the surface of the report establishes that the report is not credible.  Anyone citing or relying on such an easily discredited report are themsevles being dishonest ... this refutation of the report does not prove or disprove that IE 10 is or is not secure, but such an obvious falsehood in the report coupled with Microsoft's renowned history of promising every new iteration of an old product is better, faster, more productive, more secure, etc. which has rung false so many times (yes, I am aware Microsoft is not the only developer guilty of this, but given this report tries to dismiss IE's earned ill-reputation while the report itself presents a false claim as to IE 10's marketplace dominance, for the purpose of this rebuttal its very relevant).

Popularity and honesty are not congruent.  If you are able to convince 99.9% of all computer users with a false report like this that IE is secure, that does not mean IE is actually secure.  No one who buys a Windows computer has an option to not have IE, so even if popularity were a valid measure of security, in the case of IE, its a fraudulently inflated market share that only exists due to ongoing antitrust violations by Microsoft.

Reason for Karma (Optional)
Successfully updated karma reason!
May 18, 2013 2:48:19 PM from WinCustomize Forums WinCustomize Forums

there are a few misinterpretations here:

the original report is not about browsers with the most marketshare, it is about "leading" browsers.

the report is not focused on mobile devices. It just briefly mentions "mobile operations" in one of the first paragraphs. they tested the desktop versions.

Reason for Karma (Optional)
Successfully updated karma reason!
May 18, 2013 3:37:07 PM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

It's a good test for morons, but if you're not a moron, "socially engineered malware" is shit you'll never get to begin with.  Unless something has changed, IE 10 has terrible ratings against exploits in general, and only becomes a semi secure environment if you cripple functionality with a high security setting.

 

I'm more interested in how easily the browser gets hijacked, whether that wonderful flash ad can infect me with something, things I don't have to be a complete retard to have a problem with in the first place.  Strange files off the internet are like email attachments from people you don't know, stop running them without checking them out first.

Reason for Karma (Optional)
Successfully updated karma reason!
May 18, 2013 7:40:16 PM from GalCiv II Forums GalCiv II Forums

The lab boys aren't really in touch with reality.  Internet Explorer might have a whole bunch of out-of-box blocking capability, but load Firefox up with AdBlock, NoFlash and NoScript and straight away you're protected against a number of cheap tricks.  The strength is in the ability for security to be extended by extensions.

 

Reason for Karma (Optional)
Successfully updated karma reason!
May 18, 2013 10:14:37 PM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

I think the real issue is that a similar study done by Accuvant showed that all browsers were more or less equally competent (or incompetent) at the same thing measured here by NSS...the main difference is that Accuvant used a lot more sites and apps compared to NSS...

It isn't too far fetched to imagine that NSS simply picked websites that IE 10 will block but the other browsers don't...

Reason for Karma (Optional)
Successfully updated karma reason!
May 18, 2013 10:58:04 PM from WinCustomize Forums WinCustomize Forums

NSS Labs have been found to create reports to reach criteria and outcomes, which the financier had ask for. They have been doing this for years. Microsoft gets a headline, NSS loses creditability. I treat anything that comes out of NSS with a grain of salt.

Reason for Karma (Optional)
Successfully updated karma reason!
May 24, 2013 3:12:36 PM from Stardock Forums Stardock Forums

Quoting MarvinKosh,
Internet Explorer might have a whole bunch of out-of-box blocking capability, but load Firefox up with AdBlock, NoFlash and NoScript and straight away you're protected against a number of cheap tricks. The strength is in the ability for security to be extended by extensions.

 

 

Is that really any different from checking/unchecking a few boxes/options in IE?   Either way you are really just talking about 'changing' the browser's defaults.

 

Reason for Karma (Optional)
Successfully updated karma reason!
May 27, 2013 2:19:16 AM from GalCiv II Forums GalCiv II Forums

Well I don't use IE at all, so I don't know if it has the ability to whitelist particular sites.  What that basically means for the NoScript extension is that by default none of the javascript loads unless you have specifically told it that scripts running from a particular domain are okay.

Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #108433  walnut3   Server Load Time: 00:00:00.0000516   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2014 Stardock Corporation. All Rights Reserved.