IE9 Blocks 99% of Socially-Engineering Malware

[Astrum]

  On 15/12/2010 at 11:55, /- Razorfold said:

Maybe you should read the report then?

What if say 500 out of 6791 good sites (8000-1209) would actually be poisoned and were never tested by mistake? With Norman and Sunbelt Software that NSS Labs use, I would expect that. What are those confirmed 636 URLs? And even if those are available to check, what if most of them is already dead now? It is very wishy-washy to me.

[Mr. Gibs]

  On 15/12/2010 at 12:18, Astrum said:

What if say 500 out of 6791 good sites (8000-1209) would actually be poisoned and were never tested by mistake? With Norman and Sunbelt Software that NSS Labs use, I would expect that. What are those confirmed 636 URLs? And even if those are available to check, what if most of them is already dead now? It is very wishy-washy to me.

They did say out of 8000 sites, 1209 are selected and then pre-screened to make sure they do involving phishing of some sort. And then they also gave their margin of error.

Like I said they tested this over 11 days with new samples added every day, hence any URLs that get deleted will most likely be replaced. AND they tested to see the browser manufacturers response time.

As for the confirmed URLs I dunno? But where are those confirmed virus samples from AV tests? For all I know they could be testing like 5 viruses and claiming to test 10500.

Sure most of the links may be dead after a few days but that's another topic. This test, which is repeated four times a year (you can find past reports on their site), shows that the Microsoft's smartscreen filter is the most and fastest updated one. When the filter is updated, the protection for the user is improved. Simple. And I also highly doubt Google / Microsoft / Opera regularly go through their lists and prune sites that no longer exist...just wouldn't make sense and would be too time consuming.

The only flaw I can see in their testing is they used Opera 10 and not 11. They both share the same filter, but I don't think 10 automatically checked the site unless you asked it too. 11, on the other hand, has an icon right next to the address bar informing you.

[HawkMan]

Just like viruses you can't stop zero day attacks. and that's not what they're testing, they're testing if the built in filtering in browsers stop known and verified sites.

of course a good dose of common sense will stop zero day social engineering attacks as well.

[Astrum]

"Known and verified" is vague. I would block sites promoting global warming theory, for instance, but who cares? I think fake and misleading information is worse than any virus.

[Mr. Gibs]

  On 15/12/2010 at 12:45, Astrum said:

"Known and verified" is vague. I would block sites promoting global warming theory, for instance, but who cares? I think fake and misleading information is worse than any virus.

Considering NSS labs is independent I highly doubt they gain anything for saying IE has the best phishing protection..Now if you can prove MS somehow paid them to run this test 4 times a year for the past few years, then yeh you might have something.

Why would they lie about their sample? Are they on the side of the scammers / malware writers? I highly doubt that since they get paid to prevent **** like that from happens. Not to mention the phishing protection in every browser is free, so its not like they're promoting their own software or encouraging you to buy someone else's software.

Like I said, if you're going to sit here and say all this is BS because it says "known and verified" I want you to go find me definitive proof that AV test sites aren't lying to us when they say they tested 20 AVs against "105k known viruses". Or go run your own tests and then report back with your findings in extreme amounts of detail...ie I want to see every single site you used with screenshots proving you tested them.

[Astrum]

Well AV-Comparatives is paid, and NSS could be paid too:

http://viruslab.blog.avg.com/2010/03/nss-labs-questionable-report.html

http://www.thetechherald.com/article.php/200912/3268/Can-you-trust-the-NSS-Labs-report-touting-the-benefits-of-IE8

[Mr. Gibs]

  Quote

http://viruslab.blog.avg.com/2010/03/nss-labs-questionable-report.html

Ok so 1 AV manufacturer has an issue...and its happened before with like every AV test anyways.

Plus, it is AVG who can't even update their software without causing massive amounts of bluescreens (and the recent incident wasn't their first time either...). I guess they shouldn't have been messing around with the kernel eh?

  Quote

http://www.thetechherald.com/article.php/200912/3268/Can-you-trust-the-NSS-Labs-report-touting-the-benefits-of-IE8

That article makes no sense...sure I can improve firefox's security by downloading an addon but that doesn't mean every single person who uses Firefox will do that. Hell just go and look at the amount of noscript downloads, FF has over 500 million users but noscript has only been downloaded 78 million times (I think updates are also calculated in that) so that means less than 20% of Firefox users use noscript.

Hell I can go one step further and say well I use the hosts file to block most malware sites, who needs browser filters. Yet again 90% of the world won't do that either, so claiming that makes it a bit pointless.

And then the article goes and claims the report was funded by Microsoft...but offers no proof.

---

This is just another repeat of the Pwn2Own results where all the hackers said IE8 was the hardest to exploit:

  Quote

Despite the survival of Google Chrome and the fall of Internet Explorer 8 (running on Windows 7), all the browser hackers at the contest maintained that Microsoft's browser is by far the most difficult to exploit. For starters, IE 8 is the only browser to fully -- and properly -- implement ASLR (see explanation from Nils). Peter Vreugdenhil, the researcher behind the successful IE 8 hack, needed two different vulnerabilities and several exploitation tricks (see paper - pdf) to get it to work. However, because IE is the world's most widely deployed browser, it will continue to attract the attention of hackers and malware writers. Security doesn't equate to safety.

Source: http://threatpost.com/en_us/slideshow/10%20Lessons%20From%20The%20Pwn2Own%20Hacker%20Contest?page=4

But if you mention that, then you're either a fanboy or its all flawed :rolleyes:

[hagjohn]

It's funny... everyone whines because IE is crap and when MS does something to make it better they still whine.

[TDT]

  On 15/12/2010 at 13:52, hagjohn said:

It's funny... everyone whines because IE is crap and when MS does something to make it better they still whine.

+1. Those people will never ever be satisfied, maybe MS should include a bonus blow job for every run of IE9.

[Astrum]

  On 15/12/2010 at 13:30, /- Razorfold said:

I guess they shouldn't have been messing around with the kernel eh?

I don't think it is kernel.

Anyway, I did not say they got paid, I said they could.

[Mr. Gibs]

  Quote

I don't think it is kernel.

Hmm you might be right. I just assumed it was because AVG tried patching the kernel or something (Doing so on x64 systems will cause a BSOD because of PatchGuard)...something AV manufacturers used to do quite a lot till MS implemented PGG.

[Mr aldo]

How is this at all surprising? Microsoft has had a phishing filters for years...

For the longest time, Safari had none. Remember when Paypal said they were going to stop serving Safari users because they had no phishing protection.

Google's Chrome uses their URL filter thingy, and Firefox didn't get one too long ago.

Over and over (did I say over?) again SmartScreen has been proven superior to any other. I have seen it myself. New phishing sites were blocked by IE very quickly, Firefox's took awhile.

But, in an article I wrote, I said: "While this research shows that Internet Explorer is the best at blocking or warning against socially engineered malware attacks ? by far ? one could argue that while other browsers are horrible at detecting such attacks, it doesn?t matter.

What I mean is that most people who use Firefox, Google Chrome and/or Opera tend to know better when it comes to randomly clicking on links, downloading possibly infected files from shady websites and so on. "

[zhangm Supervisor]

  On 15/12/2010 at 23:19, Mr aldo said:

How is this at all surprising? Microsoft has had a phishing filters for years...

Over and over (did I say over?) again SmartScreen has been proven superior to any other. I have seen it myself. New phishing sites were blocked by IE very quickly, Firefox's took awhile.

I'm getting pleasantly surprised by IE's filters. They have improved phenomenally over the last 18 months or so. I used to report phishing links in e-mails, but now I find that every time I try to visit one of those links, it has already been blocked by the filterset.

One aspect that I'd like to see improvements on is the ability to report a link without visiting it.

[spudtrooper]

  On 15/12/2010 at 09:22, HawkMan said:

See the thing is, if you use Opera, you're a smart person, and thus you are already 110% protected from social engineering :p

hahaha, i wish that were true.

For 99.9% of the people infected out there, it isn't because of their browser choice, but because of poor browsing choices - downloading warez, bad borne sites, finding things "Too good to be true" or bittorrenting everything under the sun and not running a virus checker/malware checker.

[Yusuf M. Veteran]

When it comes to socially-engineered malware, Microsoft definitely has the ball with protection on a browser level. IE8 already overs 90% protection. Unfortunately, the other major browsers offer little to no protection at all.

[LittleNeutrino Veteran]

if this is accurate i still would not use it :p

[benplace]

I bet the virus writers out there will take this as a dare!

[Mr aldo]

  On 15/12/2010 at 23:51, Relativity_17 said:

I'm getting pleasantly surprised by IE's filters. They have improved phenomenally over the last 18 months or so. I used to report phishing links in e-mails, but now I find that every time I try to visit one of those links, it has already been blocked by the filterset.

One aspect that I'd like to see improvements on is the ability to report a link without visiting it.

Yeah, it is good. Sad thing is Microsoft uses SmartScreen as a spam filter (in part) for Hotmail, which doesn't work well. Lol.

[bjoswald]

Beneath Protected Mode, InPrivate Filtering, Ad Muncher, a router, Windows Firewall, OpenDNS, and a HOSTS file, I think I'm pretty safe. I'm even starting to lose interest in Chrome these days because I lost faith in a lot of third-party junk floating around the web.