NSS Labs, an independent security research group, found that Internet Explorer 8 was the best browser tested at thwarting phishing attempts. Firefox was statistically tied with IE for first with Opera and Chrome bringing up the rear. Safari was the real loser of the group with only 2% of phishing attempts blocked and there was no difference between the Mac or Windows client.Phishing is a way in which a hacker lures an unsuspecting person into giving away their credentials or personal information by using a website that appears to be legitimate. This fraud has been growing over the past several years and novices are at risk more now than ever. The interesting statistic from the tests is that phishing sites have an average life of only 52 hours, making it extremely difficult to block or stop these sites.
The study used several thousands of malicious pages over the course of July and also timed how long it took for each browser to add the page to a black list. Internet Explorer took an average of just under five hours, with Firefox not far behind. Again Safari lagged behind taking over 54 hours to block a hazardous site.
NSS Labs has a full PDF file detailing the entire testing process and their results.
Thanks to The Patri0t for the tip!
Stop living with IE6 history. IE8 is awesome.
Yup, I've read reports on this before, and various comparisons, and this is pretty much The Thing it's best on.
Apparently you aren't using the more modern web technologies like SVG, HTML 5.
If the web didn't have IE (including IE
This is a big deal.
Besides, IE doesn't support XHTML very well unless the web developer goes through hoops:
http://www.w3.org/MarkUp/2004/xhtml-faq#ie
It usually renders XHTML documents as HTML. Or always, if you haven't done that, and serve the document with the HTML MIME type.
Since you're serving XHTML 1.1, it's even against the spec to probably do it the way you do to get IE to render it, without going through the aforementioned hoops:
XHTML 1.1 is pure XML, and only intended to be XML. It cannot reliably be sent to legacy browsers. Therefore XHTML 1.1 documents must be sent with an XML-related media type, such as application/xhtml+xml.
I'd suggest following the standards more easily, and only build HTML 4.01 documents, until IE fully supports XHTML without these hacks.
Last edited by Jugalator on 14 Aug 2009 - 08:34
IE8 is great for viewing websites that use today's technology. If you want to use "beta" technology then you can use Firefox/Opera/Chrome, but that doesn't mean in any way that IE is a bad browser.
And that's just pointless cynicism. Seriously, do you actually believe all new web tech brings nothing to the table?
If the web didn't have IE (including IE
This is a big deal.
Besides, IE doesn't support XHTML very well unless the web developer goes through hoops:
http://www.w3.org/MarkUp/2004/xhtml-faq#ie
It usually renders XHTML documents as HTML. Or always, if you haven't done that, and serve the document with the HTML MIME type.
Since you're serving XHTML 1.1, it's even against the spec to probably do it the way you do to get IE to render it, without going through the aforementioned hoops:
XHTML 1.1 is pure XML, and only intended to be XML. It cannot reliably be sent to legacy browsers. Therefore XHTML 1.1 documents must be sent with an XML-related media type, such as application/xhtml+xml.
I'd suggest following the standards more easily, and only build HTML 4.01 documents, until IE fully supports XHTML without these hacks.
HTML5 and CSS3 aren't finished, thus not W3C recommendations.
And FYI, there was a revision to XHTML 1.1 recently that allows it to be sent with the text/html MIME type, the validator no longer throws a warning and pages render fine for me in IE8.
Wikipedia seems to be able to render SVG output to PNG fine for IE or non-SVG supporting browsers last time I checked.
I like the way you dodge an issue by giving an example of a site which supplies alternate content to various browsers. By your logic IE6 works fine because _insert site here_ facilitates IE6 via a separate style sheet.
I like the way you to try to compare a vital part of a webpage to something that isn't, even if every browser supported it. By your logic we wouldn't distinguish between anything.
This is more FUD, like Steve Ballmer's "Most Netbooks returned run Linux" FUD which Dell disproved recently. They make it sound like there is a significant advantage to IE, but there isn't. Look at the test results, statistically there's no difference between IE and Firefox.
Mean block rate for phishing:
IE8 - 83%
Firefox - 80%
Margin of error = 3.96%
Zero hour attack protection (new sites):
IE8 - 52-71%
Firefox - 48-66%
Average response time (in hours):
IE8 - 4.96
Firefox - 5.24
I've been working on a project where I've had to make workarounds for every single browser: IE, Opera, Firefox, Safari.
The other browsers are only starting to get up to snuff with standards just as IE is. FF2 imo was just as bad with standards as IE6.
You had a bad addon. Bad addons break Firefox, too.
I use the netcraft bar on IE and Mozilla. Wouldn't know anything on IE actually blocking something
Maybe it doesn't support everything latest and new (beta), but it does support the most current standards (stable).
I never had any slow experiences using IE8. It works just as well as the other browsers I've used on this computer.
ROFL. Now it all makes sense.
Is Google a random commentator? It's the first or second hit...
http://www.pcworld.com/article/170231
/ie_8_beats_competition_in_microsoftsponsored_security_tests_updated.html://http://www.pcworld.com/article/1702...ts_updated.html
IE 8 Beats Competition in Microsoft-sponsored Security Tests
In the Microsoft-sponsored tests, Firefox 3 came in at a distant second with 27 percent. Safari 4 scored 21 percent, Chrome 2 blocked 7 percent, and the Opera 10 beta was barely there with a 1 percent block rate. The tests did not include sites that use hidden exploits and drive-by-download attacks to attempt to install malware without your ever having a chance to recognize an attack.
Rick Moy, President of NSS Labs, provided details about the company's test methodology, URL sources and why it left out exploit testing.
Per Moy, the company's methodology was in place before Microsoft contacted NSS Labs about performing the test. Microsoft asked plenty of questions about the methodology, but NSS Labs didn't change the methods used for Microsoft's test. Microsoft paid for a private report, and presumably could have chosen to not release the results had they not been complimentary, but Moy says Microsoft didn't push to change the methodology or source URLs to favor its browser.
IMHO, this is as relevant as one trillion Firefox downloads, it's meaningless statistics. Pretty much any modern browser will give you reasonable security, and you know what? People will still get exploited, because the biggest security flaw is the bit between the keyboard and the chair.
No, I would trust the fanboy who can't believe that MS could not do anything wrong. He must be right!!!
Your not actually trying to say that the results are a lie are you? I don't know about in America, but in the UK that sort of thing isn't only immoral, but it's illegal.. false advertising. Microsoft may have paid for the study, but I highly doubt the results have been fabricated.
It is not illegal in the US. In the UK they made a fuss about iphone ad claims taht you could view all the net, when it didn't have flash. No such problem in the UK. In fact, it is fine to outright lie in the US, just look at fox news.
Remember, this is a lab test. Is a replication of phishing, and by the sounds of it, the same codes is repeatedly. If Safari just does not response to this type, then it just doesn't response. But it may be better in other areas, hence 2% is not an indicative value.
Remember, this is a lab test. Is a replication of phishing, and by the sounds of it, the same codes is repeatedly. If Safari just does not response to this type, then it just doesn't response. But it may be better in other areas, hence 2% is not an indicative value.
I don't get your point: the value is low, yes. Why does this make it "wrong"?
I think the problem you have is your network speed.
It takes a little over a second for IE to render Neowin, it takes Chrome and Firefox about the same, give ot take a few milliseconds. That's what I care about.
I wonder if that would have made a difference.
It should be 3.5 vs IE8 or 3.0 vs IE7.
I wonder if that would have made a difference.
wasnt ff released after this test was made?
"We would have liked to have been able to test Firefox 3.5 which was released June 30, 2009, and attempted to test it alongside the other browsers. However, serious instability where the browser repeatedly crashed (a widely reported issue) along with poor results prevented its inclusion for the sake of fairness."
that kind of explains why they didn't use Firefox 3.5
why? 3.5 only just came out of beta ie8 has been out of beta for a while (along with 3.0)
3.5 can go with IE9
Also see http://arstechnica.com/microsoft/news/2009...most-secure.ars
Link > http://nsslabs.blogspot.com/2009/03/web-br...y-socially.html
For this report, they only say: NSS Labs live testing methodology represents an accurate, real-world testing that can be performed on information security products.
So take it for what's it worth...
Link > http://nsslabs.blogspot.com/2009/03/web-br...y-socially.html
For this report, they only say: NSS Labs live testing methodology represents an accurate, real-world testing that can be performed on information security products.
So take it for what's it worth...
The source of funding doesn't immediately bias results, y'know. Say MS wanted people to see all the work they've been putting in, and no-one's done an independent test to prove it: what do you expect them to do?
perhaps next time, those companies will take these NSS guys more seriously...
So title is a bit misleading
this surely means that 3.5.2 had beaten IE8 in the test , moreover http://www.favbrowser.com/wp-content/uploa...08/security.gif in this pic (taken from favbrowser) u can see that firefox 3 is close enough to IE8
this surely means that 3.5.2 had beaten IE8 in the test , moreover http://www.favbrowser.com/wp-content/uploa...08/security.gif in this pic (taken from favbrowser) u can see that firefox 3 is close enough to IE8
What makes you think 3.5 would do that much better than 3.0?
Because it claims improved phishing filter abilities and has also mysteriously been omitted from this test.
As bogas pointed out, there is no logical reason for the omission of FF 3.5 other than to intentionally distort the test. Even if we're to presume the test was conducted a long time ago, before 3.5 went gold, then that would mean Opera 10 beta wouldn't be included either since Firefox was already in RC status by the time Opera released their v.10 beta.
As bogas pointed out, there is no logical reason for the omission of FF 3.5 other than to intentionally distort the test. Even if we're to presume the test was conducted a long time ago, before 3.5 went gold, then that would mean Opera 10 beta wouldn't be included either since Firefox was already in RC status by the time Opera released their v.10 beta.
So, the fact they gave a reason why 3.5 was missing doesn't matter to your conspiracy theories then?
It does indeed have improved phishing filters, but you can't put a value on how much better it would perform.
Why would I trust them this time?
Quickly reading through the report and I noticed they say they "removed firefox 3.5" from the test, because it :
And yet, they keep opera 10, despite saying:
Why do different things for opera and firefox, when both are unstable? Because of the "poor results" in firefox 3.5? Opera 10 was (and still is) in beta. A beta means that the software can cause problems and is not stable. Beta's are never solid and stable, but that's why those releases are being called beta
Why would I trust them this time?
Quickly reading through the report and I noticed they say they "removed firefox 3.5" from the test, because it :
And yet, they keep opera 10, despite saying:
Why do different things for opera and firefox, when both are unstable? Because of the "poor results" in firefox 3.5? Opera 10 was (and still is) in beta. A beta means that the software can cause problems and is not stable. Beta's are never solid and stable, but that's why those releases are being called beta
Aren't you ignoring the severity of the issue? I'm sure if Opera was repeatedly crashing, they'd have gone back to a previous version too. However, why would it be being a beta make the results different? Generally by that stage most browsers are feature complete.
Opera experienced operational issues during the latter part of testing which dragged down Opera 10's effectiveness. Prior to those issues, Opera 10 was comparable with Internet Explorer 8 and Firefox 3.
Same with Seamonkey, K-Meleon, SRWare Iron and Opera!
Couldn't stand IE7.
For those of you who THINK you know what's good, the phishing filter isn't the only thing IE is better at than Firefox either.
As for spell-checking, I'm pretty sure there's an add-on for that. Or just spell correctly; it's not that hard. ;-)
i dont want nothing looking over everything i typed! if i misspell something i did it on puropse!!
What about using WOT and OpenDNS with IE ... or Opera ... or Safari?
The answer: they aren't core browser technologies.
Firefox, Safari, Chrome etc all periodically downloads FILTERS at certain intervals that determine if the website is 'malicious' or not.
Opera and Internet Explorer, however, asks an anti-malware database whether the website is malware-free or not, on each new webpage/domain.
The anti-phishing scores are NOT related to the browsers themselves. Rather, the winner just uses the most accurate anti-phishing list/database.
Firefox chrashes a lot when playing farmtown in facebook. LOL
Wat.
Yeah, I know exactly what you mean... I mean, most of them can't even spell.
oh, no! the spelling nazi
Statistically speaking, if they're all using the same blocklist from Google, why the hell aren't they all the same?
Unless it's a dick-measuring contest over who has a better blocklist, which in that case, this study is a steaming pile :-/.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.