Internet Explorer 9 utterly dominates malware-blocking stats

[Chiefcrowe]

http://arstechnica.com/microsoft/ne...hnica/index+(Ars+Technica+-+Featured+Content)

 

[thescreensavers]

interesting.

I wonder how FF 5.0 with No Script and AdBlock would fair

 

[wirednuts]

what do cows have to do with this again? so private browsing mode in ie9 is the best porn transmitter to date?

 

[FishAk]

I wonder how FF 5.0 with No Script and AdBlock would fair

The study only looked at sites that depended on tricking users into installing malicious software; anything that used browser flaws to run wasn't included in the test.

It probably wouldn't have made too much difference, since they were testing the user, not really the browser. The only reason IE9 did better than the others, is because Microsoft wouldn't accept foolish user commands when run through their own browser. Microsoft will allow the socially engineered exploits to run from other browsers, but not theirs.

It's more of an advertisement than a test, in my view. Microsoft found a nitch their browser is better at because it is integrated into the OS- ie protecting from ignorant users. Implied, but not stated in the article, is the inherent danger of an integrated browser. The danger is that, if an exploit can get a foothold through IE, it is better equipped to do substantially more damage than it would be possible through an unintegrated browser.

 

[Slugbait]

It probably wouldn't have made too much difference, since they were testing the user, not really the browser.

Except that the SmartScreen filter doesn't test the user...it simply blocks bad URLs. AppRep is the "are you sure you really, really wanna do this" backup.

The only reason IE9 did better than the others, is because Microsoft wouldn't accept foolish user commands when run through their own browser. Microsoft will allow the socially engineered exploits to run from other browsers, but not theirs.

Except that there weren't any foolish user commands other than "yes, I really, really wanna do this", which you can do with every browser. Also, MS has literally zero control on whether or not socially engineered exploits can or cannot run from other browsers...install those webkit browsers on a Mac, and the results will likely be the same.

It's more of an advertisement than a test, in my view.

No, the results we saw back in December were an advertisement. These results were from an independent lab.

Microsoft found a nitch their browser is better at because it is integrated into the OS- ie protecting from ignorant users. Implied, but not stated in the article, is the inherent danger of an integrated browser. The danger is that, if an exploit can get a foothold through IE, it is better equipped to do substantially more damage than it would be possible through an unintegrated browser.

You do realize that IE has been integrated with the OS shell since OSR2 was released, right? The shell experience is enhanced by IE, not the other way around. And according to how I read the wording of the article, you are significantly more vulnerable using a non-integrated browser...much more.

 

[Udgnim]

The study only looked at sites that depended on tricking users into installing malicious software; anything that used browser flaws to run wasn't included in the test.

isn't this the biggest reason to not use Internet Explorer and instead use a different browser?

I guess it's too much to assume that employees will have an idea of what they might be potentially downloading to their PC though.

 

[Slugbait]

isn't this the biggest reason to not use Internet Explorer and instead use a different browser?

It's hard to beat zero-day exploits when most people go with the default settings for Automatic Update. The biggest security flaw has been, and always will be, behind the keyboard. As a result, the most common way to infect somebody's machine is to trick them into giving you permission to do it.

But I digress...if you believe Bit9, Chrome claimed first place and Safari finished second in the number of critical vulnerabilities last year, while Firefox finished fifth. IE claimed the eighth spot.

Back in 2008 IE didn't even make it into the Top 12, while Firefox finished in first place.

Right around IE3.01, MS instituted a policy of investigating reported vulnerabilities within 24 hours, and if necessary prop a fix within 48 hours...considering this was the dawn of e-commerce, and how far ahead Netscape was in browser usage, this tactic played a crucial role in the demise of Navigator. And after the implementation of the Trustworthy Computing Initiative back in 2002, MS has been somewhat rabid about security.

IE usage has dropped significantly over the last three years. More vulnerable browsers are claiming more usage every month...malware authors are gleefully aware of this, so it wouldn't be wise to think that you're safer just because you're using a different browser.

 

[lowrider69]

I'll stick with Firefox w/NoScript and AdBlock Plus.

 

[Texashiker]

The study only looked at sites that depended on tricking users into installing malicious software; anything that used browser flaws to run wasn't included in the test.

Test looks like a lop-sided microsoft promotion.

Lets see a test that used browser exploits, because that is what people are going to be running into.

When someone lands on an attack page, let see how well ie 9 stands up then.

 

[Slugbait]

Test looks like a lop-sided microsoft promotion.

As I alluded to earlier (and will now include a link), the results released in December were a MS-funded study (http://www.computerworld.com/s/arti...Rep_bumps_browser_s_anti_malware_score_to_99_), while this came from an independent lab.

Lets see a test that used browser exploits, because that is what people are going to be running into.

That will primarily impact only the people who turn off Automatic Update, so a browser exploit is what most people are not going to be running into.

When someone lands on an attack page, let see how well ie 9 stands up then.

And thus the beauty of SmartScreen...if the attack page is known, it's completely blocked. If the attack page is not known, IE9 should stand up to it just as well as your favorite third-party browser...possibly better, since SmartScreen can analyze webpages and determine if they have any characteristics that might be suspicious and then warn the PEBKAC that the site may be unsafe.

 

[LiuKangBakinPie]

thats BS. Check the versions that was used and what malware samples were used? No one use firefox just plain. It got add ons for a reason

 

[Slugbait]

thats BS. Check the versions that was used and what malware samples were used? No one use firefox just plain. It got add ons for a reason

You're BS (see also, http://forums.anandtech.com/showthread.php?t=2168158).

Versions used were (at the time of testing) current releases, they were even listed. No one you know uses firefox just plain...tens of millions of others do. And firefox has dozens of reason for having add-on capabilities...enhancing security is only one of them.

And pulling the add-on argument after pulling the version argument is a crutch.

 

[LiuKangBakinPie]

You're BS (see also, http://forums.anandtech.com/showthread.php?t=2168158).

Versions used were (at the time of testing) current releases, they were even listed. No one you know uses firefox just plain...tens of millions of others do. And firefox has dozens of reason for having add-on capabilities...enhancing security is only one of them.

And pulling the add-on argument after pulling the version argument is a crutch.

Please tell me what versions were used?
Again its BS

Internet Explorer 9 blocked 92 percent of malware with its URL-based filtering, and 100 percent with Application-based filtering enabled. Internet Explorer 8, in second place, blocked 90 percent of malware. Tied for third place were Safari 5, Chrome 10, and Firefox 4, each blocking just 13 percent. Bringing up the rear was Opera 11, blocking just 5 percent of malware.

Everyone knows malware use exploits. Thats why we update things. So version is one of the most important things doing such tests cause all you do is use old exploits on the older versions when the newer versions are patched up. Will it be fare to test a outdated av with a dated one and say the version number is not a excuse? They used the latest version of IE but older versions of FF and Chrome. Chrome 10??????????????????????? Chrome is at 14 already. So nice try try again
oh PS http://forums.anandtech.com/showthread.php?t=2168158&page=2

 

[Slugbait]

Please tell me what versions were used? Again its BS

If you're not going to read it yourself, you don't get the privilege to call BS.

And I sure as hell ain't gonna waste time holding your limp hand thru it.

Everyone knows malware use exploits.

Stop listening to your imaginary friends. They're stupid.

 

[LiuKangBakinPie]

If you're not going to read it yourself, you don't get the privilege to call BS.

And I sure as hell ain't gonna waste time holding your limp hand thru it.Stop listening to your imaginary friends. They're stupid.

Talking to yourself again? That test is BS.
http://www.zdnet.com/blog/security/microsoft-expecting-exploits-for-critical-ie-vulnerabilities/9244
http://www.zdnet.com/blog/security/...ng-holes-haunt-internet-explorer-browser/8767
http://www.techrepublic.com/blog/security/microsoft-makes-firefox-vulnerable-mozilla-responds/2522

None what so ever over the testing method that was used which makes it as valuable as toiletpaper. Go to av-comparitives and see how testing should look like. No wonder the security world is going to hell thx to so called experts thinking they know whats best. Do me a favour use a linux box and go do some russian surfing a bit.

oh forgot about this one
http://mcpmag.com/articles/2011/05/23/internet-explorer-9-security.aspx

here its 96 percent
http://www.zdnet.com/blog/hardware/...rowsers/14258?tag=search-results-rivers;item1

 

[Slugbait]

Talking to yourself again?

I might as well be...I sure as hell ain't gonna talk to you again.

I will, on the other hand, continuously interrupt your dazzling intellect to inform people who are new to this forum to simply regard you as the official town drunk (which means I need to find the official plaque I was given years ago and FedEx it to you...dammit, where did I put that thing...)






Good gawd, you linked zdnet...?

 

[Absolution75]

Last time I checked there were more browser exploits for Firefox last year than IE. IE also has significantly better XSS protection than firefox (at least since FF 4.0, not sure if they've improved it at all since then). Add on IE protected mode and IE is clearly the most secure browser on Windows. Now add in their malware blocking and you get 4 wins for IE for security.

This just goes against convention, people are used to MS sucking with regards to security. If you blindly accept when people say FF is the most secure browser and has been forever, think again.

http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2009.pdf
http://www.symantec.com/business/th...nerability_trends&aid=browser_vulnerabilities


I don't count opera because security through obscurity doesn't really count imo. Its also not widely used.


That all given, I still use FF due to its better interface.