REALTIME IT NEWS
REALTIME IT NEWS
Newsletters Select newsletters below and click the button to sign up!
Internetnews BloggersRecent Entries
Archives
Monthly ArchivesSearch The Blog
« From the Moon to the Earth at 100 Mbps |
Sean Michael Kerner Blog
| KDE set to be default for openSUSE 11.2 »
IE most secure? Maybe, then again maybe not
From the 'Read The Fine Print' files:A new Microsoft-sponsored study from NSS Labs is out with a finding that IE 8 is the most secure browser, when it comes to catching, socially engineered malware. The study however did not look at the security of the browser or related plug-ins (like Flash). What is socially engineered malware? According to the NSS report, they defined a socially engineered malware URL as, "a web page link that directly leads to a 'download' that delivers a malicious payload whose content type would lead to execution." So for that type of scenario, NSS reported that IE 8 caught 81 percent of all threats. In contrast, Firefox 3 (they did their test prior to the final Firefox 3.5 release) only caught 27 percent while Google Chrome 2 caught 7 percent. The interesting part of the Firefox 3 to Chrome 2 comparison, in my opinion, is the fact that both Firefox and Chrome use Google's SafeBrowsing API. Firefox has been using Google's API since the Firefox 2 release. In 2006, a Mozilla-sponsored study found that Firefox 2 was superior at catching phishing sites. Another 2006 study, sponsored by Microsoft found that IE 7 had the best anti-phishing filter. So what's my point? No doubt Microsoft is investing in improving IE and its security features. But when it comes to saying which browser is best for security, it's a slippery slope. One particularly interesting tidbit that I found in the NSS study is a disclaimer found as a footnote at the bottom of the second page of the report. Note:This study does not compare browser security related to vulnerabilities in plug-ins or the browsers themselvesThat's kind of a big deal, isn't it? Flash has been a known route to exploitability. Specific browser issues in IE 8 led to an emergency out of band patch earlier this year. As well, when it comes to the socially engineered malware description, in Firefox even if the Google SafeBrowsing API didn't block the download, the user still has to click on the file to actually execute it. Most Windows users should have anti-virus protection and that would (hopefully) protect users. For Linux users, .exe files don't run so the risk is non-existent. I think the greatest risk continues to be the drive-by issue. Those are cases, where a user doesn't have to do anything (i.e click a file) to be at risk. I'd like to see a non-partisan third party study that gives all the major browser due diligence on that issue. 0 TrackBacksListed below are links to blogs that reference this entry: IE most secure? Maybe, then again maybe not. TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/8763 |
||||||||||||||||||||||||||||||||||||||||||||
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
|
SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports Ipswitch Video: A Closer Look--WS_FTP Server |
MORE WEBCASTS, PODCASTS, AND VIDEOS |
|
Iron Speed Designer Application Generator |
MORE DOWNLOADS, EKITS, AND FREE TRIALS |
Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
Leave a comment