About two weeks ago I saw a discussion thread on the GIAC Advisory Board that was entitled, “NSS report on browser security (is IE8 or FF more secure?)”. Intrigued, I flagged the discussion as something to read when I had time. Well… I got around to reading the thread and while the discussion wasn’t the flame war I had hoped, the source for the discussion was interesting enough that I decided to blog about it.
The report that the thread references is entitled, “Web Browser Security Socially-Engineered Malware Protection Comparative Test Results”. If you want to read the report for yourself, you can find it here: Link. In the report, NSS Labs goes about testing all of the various latest versions of web browsers and how they perform when protecting users from socially-engineered malware which is defined as: “A web page link that directly leads to a download that delivers a malicious payload whose content type would lead to execution.” In other words, the tests performed in this report by NSS Labs are used to verify how well each browser protects users from known bad URLs that might cause a user to download “something” that may cause the execution of malware.
Based on the results found in this report, IE8 seems to perform very well at protecting users from socially-engineered malware. In fact, one might say that IE8 smashes the others browsers:
To better understand what this means. We need to first understand how this type of protection works. Basically, each of these browsers use a cloud based reputation system that helps determine if a URL contains malware. In the case of IE8, it uses Microsoft’s SmartScreen reputation system which is a huge database in the sky about Internet based abuse. For other browsers, they all pretty much use the reputation information provided by Google's SafeBrowsing Initiative via the SafeBrowsing API.
Given that Microsoft and Google are both giant information sinks, I’m actually a bit surprised that there is such a huge difference. However, if the information in this report is accurate, then the proof is in the numbers that Microsoft seems to be doing a better job at collecting information about evil doers. Then again, Microsoft does has a bit of an edge given its market share and the telemetry data if can gather about possible threats. Either way, kudos to Microsoft for putting together such a great real-time threat monitoring system. Too bad Microsoft and Google do not go one step further and start sharing the data. Can you image the possibilities if the giants worked together to protect everyone. Kinda like how most security related technologies should operate. For the betterment of everyone and not the profit associated with their well protected silo of information.
If you like this, check out some other posts from Tyson:
Or if you want, you can also check out some of Tyson's latest publications:
With more than ten years of experience in IT, Tyson Kopczynski has become a specialist in Active Directory, Information Assurance, Windows automation, PKI, and IT security practices. Tyson is also the founding author of the Windows PowerShell Unleashed series and has been a contributing author for such books as Microsoft Internet Security and Acceleration (ISA) Server 2006 Unleashed and Microsoft Windows Server 2008 R2 Unleashed. He has also written many detailed technical papers and guides covering various technologies. As a consultant at Convergent Computing, Tyson works with and provides feedback for next generation Microsoft technologies since their inception and has also played a key role in expanding the automation and security practices at CCO. Tyson also holds such certifications as the Certified Information Systems Security Professional (CISSP), the SANS Security Essentials Certification (GSEC) and SANS Certified Incident Handler (GCIH), and the MCTS (Application Platform, Active Directory, and Network Infrastructure).