The Safest Browser Against Malware? IE9

[hellwig]

NSS said it used about 650 sites as test sample, which it collected via spam emails, instant messages social networks and its own honeypots.

Ok, but HOW did it get those sites, and HOW does it know those sites are in any way dangerous? It certainly didn't employ people to open up their Spam boxes and copy and paste links in there. There has to be some sort of method to determine that the site is truly malicious. After all, just because something is advertised via spam, doesn't mean the site is in any way harmful. My guess is, they got this list from some security firm, and I'm also going to guess that Microsoft uses the same firm for determining their own blacklist.

Basically, the NSS used a blacklist to collect a list of malicious websites, then tested those sites against the other companies' blacklists. Microsoft's latest happened to match 100%, good for them. I bet if they had picked 650 sites from Opera's blacklist, Opera would have passed 100%, same with Chrome, Firefox, and Safari.

What the NSS NEEDS to do is create websites with certain vulnerabilities and check to see if the browsers can detect them. Throwing a very small subset of known bad sites ata browser doesn't prove much, except which browser makers consult with which security firms.

And before you claim I didn't read the article, I read the linked PDF file. Firefox, Opera, Chrome, Safari, and IE8 web browsers blocked sites based purely on "URL Reputation" (i.e. a blacklist). IE9 blocked 92% of websites based on URL Reputation. It blocked another 8% based on "Application Reputation", which they don't even bother to elaborate on, but basically means Microsoft is keeping track of every file everyone downloads, and whether or not that file might be infected (probably tied to their own antivirus software).

So yeah, your browser can be safer, assuming everything you do is tracked by the browser manufacturer (including which files you download), and that those same files are later scanned by that manufacturers antivirus software. Makes me wonder why Chrome isn't more secure (from a blacklist perspective). Makes sense why Safari, Opera and Firefox aren't so secure.

 

[ralfthedog]

[citation][nom]EnFoRceR22[/nom]When ever i read this kind of dribble i wonder what kind of gay fettish child porn they brows so much. Since windows 95 has this ever once happened to me or anyone i have ever known or heard of. You are either a total moron who clicks yes to anything on the screen or you need to stay away from the 10 year old porn.[/citation]

I have connected to a hotel network and had virus alarms and random popups start going off in seconds, before I hit any websites. (It reminded me of the 4th of July.) It just takes one infected computer to contaminate the entire network.

 

[cadder]

[citation][nom]chickenhoagie[/nom]For some reason, I feel that your claims are either untrue, or very exaggerated. And I could explain why, but I don't feel like typing up an essay.[/citation]

This is a true story, unembelished. I ran IE for a long time before I worried about malware. When I started scanning for malware I was surprised at how much I found on my hard drive. I switched to FF, ran it for awhile, and my scans were mostly clean. That is when I discovered how much more secure FF was than IE.

That time at the hotel is the only time that this has happened to me, and I attribute it to the unscrupulous ISP that the hotel used. It happened right after logging into the hotel's ISP and aggreeing to their $10 per day charge to be added to your room rate. I didn't even have to do any other browsing to get infected. My normal browsing is to sites that are safe, but occasionally you follow somebody's link to look at a video or whatever. The riskiest thing to me now seems to be if you do google searches for common images such as images of Angelina. Some of the images found by google will take you to dangerous websites.

 

[MrBig55]

Internet Explorer 9 MAY be the best, but no computer technology would compare to something like "Web of Trust" Firefox extension that allows HUMANS to rate the sites and leave feedback behind ^^

 

[Kamab]

Cherry picking your data leads to meaningful results?

 

[beayn]

[citation][nom]cadder[/nom]I'm sorry but it's not even close. I took a new laptop on a trip and connected to the unscrupulous ISP that the hotel had contracted with. Immediately the machine filled will malware from that ISP. I had gone on this trip suddenly and didn't have time to set up the laptop by installing Firefox and so forth, so I was using IE. The security holes in IE rendered the laptop almost unusable in seconds.[/citation]

I think maybe you shouldn't have clicked "YES" to install that pornviewer app from the questionable sites you were on. It would have happened even if you used Firefox.

 

[heroictofu]

[citation][nom]visa[/nom]I agree with the other posts, nothing is foolproof and many users will end up doing something foolish to install malware themselves. Instead of a warning, they need a USB add-on that will give the user a quick squirt from a water bottle. Worked pretty well when my cat had a bad habit of sharpening her claws on the sofa.[/citation]

Well this post made my day, hilarious!

 

[_Cubase_]

[citation][nom]JOSHSKORN[/nom]Oh here we go again, testing the latest version of IE against outdated versions from competitors. C'mon, isn't Firefox 5 and Chrome 12 out? Nevermind...I'll answer that question for you. YES![/citation]

That's a stupid comment... everybody knows FF and Chrome constantly update their software and call them "major releases" after adding just a new hat. In fact, since you posted that comment Firefox 7 and Chrome 28 ware released.

Edit > Since posting this comment, Firefox 8 and Chrome 39 was released.

Edit 2 > Chrome 40.

 

[eadthem]

"Excluded from the test were typical browser vulnerabilities, as well as sites that integrate nasty clickjacking or drive-by downloads."

So pretty much all the real hazardous stuff, that requires no user intervention to install, that IE has been victim to for its entire existence. Was not tested.

Choose your result, and then make the test so it proves those results. I love it.

 

[proton9]

ff5 with noscript ftw

 

[back_by_demand]

[citation][nom]mobrocket[/nom]other newsNSS thanks MSFT for its recent unrelated donation... does it really matter, cus the USER will happly install most malware themselves...[/citation]
The users need all the help they can get, if MS didn't do this they would get slated, they did do this and they are being slated again.

They just can't win against the fanbois.

What exactly would MS have to do to gain your confidence, have Ed Gibson drive over and watch over your shoulder and warn you of impending malware before each click, whilst simultaniously providing you with a never ending supply of hot pockets and mountain dew?

 

[geoffs]

[citation][nom]back_by_demand[/nom]The users need all the help they can get, if MS didn't do this they would get slated, they did do this and they are being slated again.They just can't win against the fanbois.[/citation]MS can win, they just have to stop contracting with and publishing reports from companies like NSS Labs that have repeatedly published biased reports and have ignored all feedback about how to make an unbiased test. Since MS keeps hiring unreliable people to do the tests, and they keep publishing those flawed results, so they're complicit in the deception.

 

[Guest]

You have to be kidding me! lol! How much did they pay for this, wonder if they paid as much as Google did for their report comparing Chrome to Firefox. IE is nothing but a pain in the ass to any web developer, it is slow, not just loading but also keeping up with the changes in web languages. IE is only good for 1 of either - downloading Firefox or downloading Chrome - depending on your personnel browsing habits! IE hurry up and die and Mircosoft focus on what your good at!