| 4U Computers
|
September 2009
Internet Explorer 8
- Web Browsers Test Results
- Subscriptions
- Contact Details
- Unsubscribe
- Disclaimer
|
September 2009
Internet Explorer 8
You may have seen or heard about the latest Internet browser from Microsoft.
You may have already down loaded it and be using Internet Explorer 8
espcially if you have automatic down loads turned on.
Personally I have not loaded this browser on any of my computers
except for a test machine.
Not because I don't like it, in fact I do, but I like to ensure applications are
proven before I install them on my working system.
I recently came across the following article by Michael Kassner where he talks about
a published report stating that Internet Explorer 8 out-performs every other
Web browser when it comes to detecting socially-engineered malware.
I will let you be the judge on this one.
|
Web Browsers Test Results
|
Internet Explorer: Is it time for some respect?
Date: August 18th, 2009
Author: Michael Kassner
An independent testing lab published a report stating that Internet Explorer 8
out-performs every other Web browser when it comes to detecting socially-engineered
malware.
Last month (July 2009), NSS released test results comparing how each of
the major Web browsers dealt with socially-engineered malware.
I was going to write about it then. But, every time I came close to posting,
new information came to light. It’s finally time to sort this out.
What is socially-engineered malware
My friends Google and Wikipedia were of no help. Finally, about a third of
the way through the report, NSS defined socially-engineered malware as:
“A web page link that directly leads to a ‘download’ that delivers a malicious
payload whose content type would lead to execution.”
I get it. Socially-engineered malware is referring to malicious or compromised
Web sites containing dropper programs. That’s a good test; dropper programs are
currently one of the most successful method of infecting computers.
What’s being tested
Modern-day browsers automatically check the reputation of Web sites before
allowing content to be downloaded. The report explains how:
“The foundation is an in-the-cloud reputation-based system which scours the
Internet for malicious websites and categorizes content accordingly; either by
adding it to a black or white list, or assigning a score (depending on the vendor’s
approach). This may be performed manually, automatically, or some combination thereof.
The second functional component resides within the web browser and requests
reputation information from the in-the-cloud systems about specific URLs and then
enforces warning and blocking functions.”
To put it simply, NSS is checking the quality of each Web browser’s malicious-URL
data base, how long it takes the database to be updated with new information,
and how the Web browser reacts when a match is found.
Test results
NSS screened a total of 12, 000 malicious URLs, finally deciding on 608 URLs
that met their requirements. During the test, NSS introduced a certain number of
the chosen malicious URLs every day, recording each Web browser’s ability to block
the threat. The first graph shows the percentage of malicious URLs each browser
successfully detected and blocked (courtesy of NSS):
NSS also recorded whether the Web-browser’s database contained information about
each threat. If information about a specific threat was missing, NSS kept track of
how long it took before the database was updated. Those results are shown in the
following graph (courtesy of NSS):
Meaning what
The graphs bode well for Internet Explorer 8 when it comes to blocking
socially-engineering malware URLs. NSS ran similar tests looking at how each
Web browser blocked phishing URLs and Internet Explorer 8 was on top again.
Many security analysts are concerned that Microsoft paid for the tests. Evidently,
Microsoft’s on-line security-engineering team hired NSS to run the benchmark tests.
In fairness to Microsoft, Rick Moy president of NSS mentioned to Ars Technica that:
“This stuff is expensive to do right, and we need to monetize it somehow.
We invited Google, Mozilla, Apple, and Opera to participate, but they didn’t even
bother to respond, except for Opera, which stated they don’t really focus on malware.”
Final thoughts
Are the tests valid? Consider the following:
• NSS is not saying much about the malicious-URL list.
• NSS is not telling why it left out certain exploit sites.
• Microsoft paid for the tests.
Have a great month.
Sydney Mounsey.
Director.
If you wish to subscribe to our newsletter, send an email to
Info@4ucomputers.co.nz
with the words ‘subscribe to newsletter’ in the subject line.
If you wish to receive emails about our hot specials, send an email to
Info@4ucomputers.co.nz
with the words ‘subscribe to specials’ in the subject line.
For personal or business computer needs or enquiries please don't
hesitate to contact us. We are happy to help.
Orders can be place by phone or email.
Phone: 027 457 8822 or 07 843 1669
Email:info@4ucomputers.co.nz
Web Address:www.4ucomputers.co.nz
This information is provided by
4U Computers Limited
We do not sell or distribute your email address.
If you wish to unsubscribe from this newsletter then send an email to:
Info@4ucomputers.co.nz
with the words ‘unsubscribe from newsletter’
in the subject line.
You should scan all downloaded files for virus & spyware.
We take no responsibility for incorrectly install software.
This electronic message, together with any
attachments is confidential and may be privileged. If you are not the
intended recipient:
1. do not copy, disclose or use the contents in any way.
2. please let us know by return email immediately and then destroy
the message.
4U Computers Limited is not responsible for any changes made
to this message and/or attachments after sending. Before opening or using
attachments, check them for viruses and spyware. Every endeavour is made to
ensure this email and attachments are free from viruses and or spyware. 4U
Computers Limited takes no responsibility for affected emails or attachments.
4U Computers Limited
website is www.4Ucomputers.co.nz
|
