IE9 Blocks 99% of Socially-Engineering Malware

By WindowsFanatic
in Back Page News

 Share

Recommended Posts

Enthusiast

WindowsFanatic

Posted
Posted

IE9 Blocks 99% of Socially-Engineering Malware

  Quote

Capable of blocking 99% of all socially-engineered malware, Internet Explorer 9 is the best browser to protect users against attacks for which there?s no patch, since there are no actual code vulnerabilities targeted.

Attacks involving social engineering are designed to ?exploit? users rather than actual security flaws, through a variety of techniques from offering victims the promise of cash incentives to scaring them into doing an action which will backfire and infect their computers with malicious code.

While there?s no patch for ?problems? that actually sit between the chair and the computer monitor, IE9 is the next best thing, a security barrier against socially-engineered malware as close to impassible as possible.

Just 1% of social engineering attacks bypass IE9, with the browser blocking or warning customers for the rest of 99% of socially-engineered malware. Huge compared to Opera 10 for example, which lets all attacks pass.

The statistics come from NSS Labs, information security research and testing organization, which tested browser resilience against malware in the past as well.

?With a unique URL blocking score of 94% and over-time protection rating of 99%, Internet Explorer 9 was by far the best at protecting users against socially-engineered malware,? NSS Labs revealed.

IE9 has quite an advantage over IE8 as well, which block 90% of socially-engineered malware, and Microsoft reveals that responsible is the evolution of security features in Internet Explorer 9.

?Through its SmartScreen technology, Internet Explorer 8 and Internet Explorer 9 Beta help protect customers by detecting and blocking websites that distribute socially-engineered malware and phishing attacks.

"The difference in performance between IE8 and IE9 above comes from the addition of innovative features such as SmartScreen Application Reputation,? explained Roger Capriotti, Director, Internet Explorer Product Marketing.

?This new feature for Internet Explorer 9 adds an additional layer of protection by warning users when they attempt to download a higher risk application.?

Source

Grand Master

farmeunit

Posted
Posted

How about they build that into the OS instead of just the browser? I know they have that other stuff in place, if it based on someone clicking and running something, that's ultimately down to the OS or MSE, for instance.

Mentor

ncc50446

Posted
Posted

How come they can't ever give results on all browsers? If they include Firefox/Chrome/Safari, they ignore Opera. If they include Opera, they ignore Firefox/Chrome/Safari. What is up with that? lol

And why compare a beta with a final? Wouldn't the latest beta against latest beta be better? Opera 11 has improved security over 10.

Anyways, interesting article. At least Microsoft is working more on security than they have in the past. IE6 was horrible for stuff like that...So always good to see :)

Grand Master

HawkMan

Posted
Posted
  On 15/12/2010 at 08:24, WindowsFanatic said:

Then just imagine what 100% would do (which you get when using Opera)?

See the thing is, if you use Opera, you're a smart person, and thus you are already 110% protected from social engineering :p

Grand Master

soldier1st

Posted
Posted

lol ms nice one, for one thing IE9 is not even final yet and yet you deliberatly leave other browsers out. if you want to win users over you are going to have to play fair ball with the rest and be honest and don't give just numbers but actual facts as numbers only say 1/10th of the story but actual facts say at least 8/10 and customers reviews and ideas say the rest.

Grand Master

Mr. Gibs

Posted
Posted
  On 15/12/2010 at 09:42, soldier1st said:

lol ms nice one, for one thing IE9 is not even final yet and yet you deliberatly leave other browsers out. if you want to win users over you are going to have to play fair ball with the rest and be honest and don't give just numbers but actual facts as numbers only say 1/10th of the story but actual facts say at least 8/10 and customers reviews and ideas say the rest.

:rolleyes:

  Quote
The statistics come from NSS Labs, information security research and testing organization, which tested browser resilience against malware in the past as well.

http://www.nsslabs.com/assets/noreg-reports/NSS%20Labs_Q32010_Browser-SEM.pdf

Rising Star

R1pper

Posted
Posted

i really enjoy the new ie9(beta) browser. very very top notch browser, the only thing that will make a real killer, is dedicated addons community.

in tech terms, ie9 set new standard.(hardware acceleration) in very fast.

it seems that microsoft came to understand the market a lot better, and rectify their unflexible POV. and you can see it in all their segments products.

and most important, bring back microsoft bob. :p

Community Regular

Astrum

Posted
Posted

I can understand Microsoft being the first in protecting from social engineered software with all its power to collect and analyze relevant data. I can not understand how come some NSS lab could test such a thing. Exploits are listed, but who would list the junk software? To me the test results seem to be a fake and complete nonsense.

Grand Master

Mr. Gibs

Posted
Posted
  On 15/12/2010 at 10:21, Astrum said:

I can understand Microsoft being the first in protecting from social engineered software with all its power to collect and analyze relevant data. I can not understand how come some NSS lab could test such a thing. Exploits are listed, but who would list the junk software? To me the test results seem to be a fake and complete nonsense.

You know Google is always your friend:

http://www.malwaredomains.com/

http://www.malwaredomainlist.com/mdl.php

And I'm pretty sure NSS labs would make their own sample to test against too.

Community Regular

Astrum

Posted
Posted
  On 15/12/2010 at 10:24, /- Razorfold said:

You know Google is always your friend:

http://www.malwaredomains.com/

http://www.malwaredomainlist.com/mdl.php

And I'm pretty sure NSS labs would make their own sample to test against too.

Malwaredomains.com typically lists viruses and exploits. As stated in NSS lab report: "Exploits that install malware without the user being aware (also referred to as ?clickjacking? and ?drive-by downloads?) are not included in this particular study."

Grand Master

HawkMan

Posted
Posted
  On 15/12/2010 at 10:28, Astrum said:

Malwaredomains.com typically lists viruses and exploits. As stated in NSS lab report: "Exploits that install malware without the user being aware (also referred to as ?clickjacking? and ?drive-by downloads?) are not included in this particular study."

You do of course understand what "Social engineering" is and that those are not social engineering attacks ?

Grand Master

Mr. Gibs

Posted
Posted
  On 15/12/2010 at 10:28, Astrum said:

Malwaredomains.com typically lists viruses and exploits. As stated in NSS lab report: "Exploits that install malware without the user being aware (also referred to as “clickjacking” and “drive-by downloads”) are not included in this particular study."

There are a good amount of sites in that list that don't exploit anything or ask you download...go look through it.

IE9 - Warns you that the site is potentially malware

Chromium 10 - No warning

Opera 11 RC1 - Says the site has a clean record

Community Regular

Astrum

Posted
Posted
  On 15/12/2010 at 10:30, HawkMan said:

You do of course understand what "Social engineering" is and that those are not social engineering attacks ?

Yes, that's why I'm saying it is impossible to test.

  On 15/12/2010 at 10:31, /- Razorfold said:

There are a good amount of sites in that list that don't exploit anything or ask you download...go look through it.

Hell here's a random domain for you from that list (page 1): http://ozone777.com/2/bmauesknauxnyvxzkuyp.php

IE9 - Warns you that the site is potentially malware

Chromium 10 - No warning

Opera 11 RC1 - Says the site has a clean record

This link is marked as "Phoenix exploit kit" - one of the most dangerous kits! If you have clicked that link, man you could be in real trouble!! No joking.

Grand Master

Mr. Gibs

Posted
Posted
  Quote
Yes, that's why I'm saying it is impossible to test.

How exactly is it impossible to test? You've never ever gotten an email that links to a fake site? Hell my spam email gets like 10 wow ones a day telling me my wow account is locked. All it would take is for someone to compile that in a list and test it.

NSS Labs is a security firm, you really think they wouldn't do such a thing? Then you have to consider they do this 4 times a year, so obviously they have some sort of sample list they go from.

AV test firms work in similar ways, they don't just suddenly magically come up 105k viruses to test from and its not like theres a site where anyone can download a virus and test it.

  Quote
This link is marked as "Phoenix exploit kit" - one of the most dangerous kits! If you have clicked that link, man you could be in real trouble!! No joking.

Actually you'll find that site doesn't exist anymore ;) Which is especially why I linked it lol. And then well there you go again, if the site was real why doesn't Chrome and Opera block it?

And just for the note, I use Opera and have used it for well over a year now. The only reason I have IE9 installed is for testing, that's it.

Community Regular

Astrum

Posted
Posted
  On 15/12/2010 at 10:49, /- Razorfold said:

NSS Labs is a security firm, you really think they wouldn't do such a thing? Then you have to consider they do this 4 times a year, so obviously they have some sort of sample list they go from.

AV test firms work in similar ways, they don't just suddenly magically come up 105k viruses to test from and its not like theres a site where anyone can download a virus and test it.

NSS labs present no proof, and I don't think they have any. AV tests is a different story.

Grand Master

Mr. Gibs

Posted
Posted
  On 15/12/2010 at 10:59, Astrum said:

NSS labs present no proof, and I don't think they have any. AV tests is a different story.

How exactly, maybe you should read through the report...specifically page 13 and 14:

  Quote
5.2.1 SOURCES

First, NSS Labs operates its own network of spam traps and honeypots. These e-mail accounts with

high-volume traffic yield thousands of unique e-mails, and several hundred unique URLs per day. NSS

Labs’ continuously growing archive of malware and viruses contains gigabytes of confirmed samples.

In addition, NSS Labs maintains relationships with other independent security researchers, networks,

and security companies, which provide access to URLs and malicious content. Sample sets contain

malicious URLs distributed via: e-mail, instant messaging, social networks, and malicious websites. No

content was used from the tested parties.

Exploits containing malware payloads (exploits plus malware), also known as “clickjacking” or “driveby

downloads” were excluded from the test. Every effort was made to consider submissions that

reflect a real-world distribution of malware—categorically, geographically, and by platform.

In addition, NSS Labs maintains a collection of “clean URLs” which includes sites from Yahoo, Amazon,

Microsoft, Google, NSS Labs, major banks, and others. Periodically, clean URLs were run through the

system to verify that the browsers were not over-blocking.

And how are AV tests a different story? Do they show me proof of having those viruses in a system? Do they show me proof of the virus scan taking place and detecting such a virus? Oh wait no they don't. They just show you a chart saying so and so detected some amount of viruses.

---

Know what I find funny? If this topic said Google Chrome or Firefox was best at preventing phishing, this entire topic would be filled with people going YEH GO FIREFOX etc. But since it says IE9 is in the top, then its all oh god this report is faked, Microsoft is a liar :rolleyes:

Enthusiast

WindowsFanatic

Posted
  • Author
Posted

Here is the comparison of different browsers in this respect:

6443.clip_5F00_image002_5F00_thumb_5F00_16BC78D5.png

Source

  On 15/12/2010 at 11:01, /- Razorfold said:

Know what I find funny? If this topic said Google Chrome or Firefox was best at preventing phishing, this entire topic would be filled with people going YEH GO FIREFOX etc. But since it says IE9 is in the top, then its all oh god this report is faked, Microsoft is a liar :rolleyes:

Couldn't agree with you more. It's not the first time this has happened. Over the last couple of years it has been proven over and over again beyond any doubt that IE8/9 running in Protected Mode in Windows 7/Vista is the most secure browser in the world. But the Luddites find this truth very disturbing.

Community Regular

Astrum

Posted
Posted

There is no proof in saying they have "continuously growing archive of malware and viruses contains gigabytes of confirmed samples".

AV tests are different because you have a fixed virus sample on one side, and certain antivirus (OS, v-signatures db, etc) on the other side. Interaction result is a fact, easy to replicate. URLs come and go. What kind of proof they could have?

Still I'm easy to believe IE9 is the best in that respect.

Grand Master

Mr. Gibs

Posted
Posted
  On 15/12/2010 at 11:51, Astrum said:

There is no proof in saying they have "continuously growing archive of malware and viruses contains gigabytes of confirmed samples".

AV tests are different because you have a fixed virus sample on one side, and certain antivirus (OS, v-signatures db, etc) on the other side. Interaction result is a fact, easy to replicate. URLs come and go. What kind of proof they could have?

Still I'm easy to believe IE9 is the best in that respect.

Maybe you should read the report then?

  Quote
From an initial list of 8,000 new suspicious sites, 1,209 potentially-malicious URLs were pre-screened

for inclusion in the test and were available at the time of entry into the test. These were successfully

accessed by the browsers in at least one run. We removed samples that did not pass our validation

criteria, including those containing adware or that were not valid malware. Ultimately 636 URLs

passed our post-validation process and are included in the final results, providing a margin of error of

3.88% with a confidence interval of 95%.

2.1.2 AVERAGE NUMBER OF MALICIOUS URLS ADDED PER DAY

On average, 124 new URLs were added to the test set per day. On certain days, however, more or

fewer URLs were added to the test set as criminal activity levels fluctuated.

After their first test, they reported all the URLs to the relevant w/e its called (lol)..ie Microsoft it's Smartscreen, google and safari share the same filter etc. And then rescanned it after a set period of time to see how many of the sites that a browser missed on its first test get caught the second time around.

And then they repeated this over a period of 11 days with new samples added in each day.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.