About two weeks ago I saw a discussion thread on the GIAC Advisory Board that was entitled, “NSS report on browser security (is IE8 or FF more secure?)”. Intrigued, I flagged the discussion as something to read when I had time. Well… I got around to reading the thread and while the discussion wasn’t the flame war I had hoped, the source for the discussion was interesting enough that I decided to blog about it.
The report that the thread references is entitled, “Web Browser Security Socially-Engineered Malware Protection Comparative Test Results”. If you want to read the report for yourself, you can find it here: Link. In the report, NSS Labs goes about testing all of the various latest versions of web browsers and how they perform when protecting users from socially-engineered malware which is defined as: “A web page link that directly leads to a download that delivers a malicious payload whose content type would lead to execution.” In other words, the tests performed in this report by NSS Labs are used to verify how well each browser protects users from known bad URLs that might cause a user to download “something” that may cause the execution of malware.
Based on the results found in this report, IE8 seems to perform very well at protecting users from socially-engineered malware. In fact, one might say that IE8 smashes the others browsers:
- IE8 caught 85% of the live threats.
- Apple Safari caught 29% of the live threats.
- Mozilla Firefox 3.5 caught 29% of the live threats.
- Google Chrome 4 caught 17% of the live threats.
- Opera 10 caught less of the 1% of the live threats.
To better understand what this means. We need to first understand how this type of protection works. Basically, each of these browsers use a cloud based reputation system that helps determine if a URL contains malware. In the case of IE8, it uses Microsoft’s SmartScreen reputation system which is a huge database in the sky about Internet based abuse. For other browsers, they all pretty much use the reputation information provided by Google's SafeBrowsing Initiative via the SafeBrowsing API.
Given that Microsoft and Google are both giant information sinks, I’m actually a bit surprised that there is such a huge difference. However, if the information in this report is accurate, then the proof is in the numbers that Microsoft seems to be doing a better job at collecting information about evil doers. Then again, Microsoft does has a bit of an edge given its market share and the telemetry data if can gather about possible threats. Either way, kudos to Microsoft for putting together such a great real-time threat monitoring system. Too bad Microsoft and Google do not go one step further and start sharing the data. Can you image the possibilities if the giants worked together to protect everyone. Kinda like how most security related technologies should operate. For the betterment of everyone and not the profit associated with their well protected silo of information.
If you like this, check out some other posts from Tyson:
- When a computer science degree matters, and when it doesn't
- Since when did cloud computing become/need a manifesto?
- Why would one phish using a Certificate Authority (CA) as bait?
- Would I trust you, if everyone else trusted you?
- Here is a good question: Is scripting programming or just systems administration?
- PowerShell boy and the case of the missing cmdlets!
- Fun with PowerShell 2.0 Eventing!
- Creating a custom 404 page to handle link redirection for ASP.NET web applications
Or if you want, you can also check out some of Tyson's latest publications:
- Windows PowerShell Unleashed (2ndEdition)
- Windows Server 2008 Unleashed (Yes, I did help on this book)