Browser

Internet Explorer: Is it time for some respect? (Updated)

An independent testing lab published a report stating that Internet Explorer 8 out-performs every other Web browser when it comes to detecting socially-engineered malware. Michael Kassner takes a look at the tests and results.

Last month (July 2009), NSS released test results comparing how each of the major Web browsers dealt with socially-engineered malware. I was going to write about it then. But, every time I came close to posting, new information came to light. It's finally time to sort this out.

What is socially-engineered malware

My friends Google and Wikipedia were of no help. Finally, about a third of the way through the report, NSS defined socially-engineered malware as:

"A web page link that directly leads to a ‘download' that delivers a malicious payload whose content type would lead to execution."

I get it. Socially-engineered malware is referring to malicious or compromised Web sites containing dropper programs. That's a good test; dropper programs are currently one of the most successful method of infecting computers.

What's being tested

Modern-day browsers automatically check the reputation of Web sites before allowing content to be downloaded. The report explains how:

"The foundation is an in-the-cloud reputation-based system which scours the Internet for malicious websites and categorizes content accordingly; either by adding it to a black or white list, or assigning a score (depending on the vendor's approach). This may be performed manually, automatically, or some combination thereof.

The second functional component resides within the web browser and requests reputation information from the in-the-cloud systems about specific URLs and then enforces warning and blocking functions."

To put it simply, NSS is checking the quality of each Web browser's malicious-URL data base, how long it takes the database to be updated with new information, and how the Web browser reacts when a match is found.

Test results

NSS screened a total of 12, 000 malicious URLs, finally deciding on 608 URLs that met their requirements. During the test, NSS introduced a certain number of the chosen malicious URLs every day, recording each Web browser's ability to block the threat. The first graph shows the percentage of malicious URLs each browser successfully detected and blocked (courtesy of NSS):

NSS also recorded whether the Web-browser's database contained information about each threat. If information about a specific threat was missing, NSS kept track of how long it took before the database was updated. Those results are shown in the following graph (courtesy of NSS):

Meaning what

The graphs bode well for Internet Explorer 8 when it comes to blocking socially-engineering malware URLs. NSS ran similar tests looking at how each Web browser blocked phishing URLs and Internet Explorer 8 was on top again.

Many security analysts are concerned that Microsoft paid for the tests. Evidently, Microsoft's on-line security-engineering team hired NSS to run the benchmark tests. In fairness to Microsoft, Rick Moy president of NSS mentioned to Ars Technica that:

"This stuff is expensive to do right, and we need to monetize it somehow. We invited Google, Mozilla, Apple, and Opera to participate, but they didn't even bother to respond, except for Opera, which stated they don't really focus on malware."

Final thoughts

Are the tests valid? Consider the following:

  • NSS is not saying much about the malicious-URL list.
  • NSS is not telling why it left out certain exploit sites.
  • Microsoft paid for the tests.
Update (19 Aug 2009)

I presented Rick Moy (president of NSS ) some of the questions you the members were asking:

1. Where did NSS obtain the list of 12,000 malicious websites?

"We obtained Sites from our own research, crawling, spam traps, etc. As well as from other parties not involved in the test - eg Mailshell, Sunbelt. No vendor had access to test URLs prior to the test."

2. What were the exact criteria for including a website in the test??

"Socially engineered malware as defined in the report. This is an attack on the user, not an exploit on the software. That is a future test."

Here is the definition: A web page link that directly leads to a ‘download' that delivers a malicious payload whose content type would lead to execution. I was confused by the definition, until Mr. Moy explained. The user has to consciously click on a link to start the exploit process.

3. A website can use "social engineering" (without Javascript required) to persuade visitors to select a hyperlink that will cause the browser to download a malware installation package and execute it. Were any such websites in the test suite??

"Yes. "

In explanation: NSS defines socially-engineered malware as the process of enticing the user to click on a link.

4. Were the malicious URLs linked to fake malicious Web sites or subverted official Web sites?

"We saw both."

5. How much input did MS have in the process?

"This test was part of a recurring test program we have been running for about 9 months. All the browser vendors and some AV vendors had a chance to review the test methodology and make comments. Final decisions made by NSS exclusively. We encourage everyone to review the methodology and decide for themselves if this reflects a reasonable real-world test. We will review and consider all comments. Note that to date we have received no substantive critique on this test methodology."

Kudos

I would like to thank the members for providing the questions, with a special nod to Ocie3. I also would like to thank Mr. Moy for taking the time to answer them.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

91 comments
Michael Kassner
Michael Kassner

Independent tests show that Internet Explorer out-performs all other popular Web browsers when it comes to detecting socially-engineered malware URLs. Do you agree with the results?

Aaron A Baker
Aaron A Baker

I do have one question. Since the advent of my instalation of I E 8, "My ENTIRE SYSTEM'slowed down. With EI8 in place, there isn't one thing that I could use withought noticing that it had slowed down. I remove the IE8 replaced it with IE7 and voila, problem solved, my system ws up tp Full speed again. Why is that?? Aaron PC Specs Operating System System Model Windows XP Professional Service Pack 2 (build 2600) PCCHIPS A15G 2.0 System Serial Number: Unknow Asset Tag: Unknow Chassis Serial Number: Unknow Processor a Main Circuit Board b 2.70 gigahertz AMD Athlon 64 256 kilobyte primary memory cache 1024 kilobyte secondary memory cache Board: PCCHIPS A15G 2.0 Serial Number: OEM Bus Clock: 201 megahertz BIOS: Phoenix Technologies, LTD 6.00 PG 12/05/2007 Drives Memory Modules c,d 320.07 Gigabytes Usable Hard Drive Capacity 237.48 Gigabytes Hard Drive Free Space HL-DT-ST DVD-RAM GH22NP20 [CD-ROM drive] 3.5" format removeable media [Floppy drive] WDC WD3200AAKS-75B3A0 [Hard drive] (320.07 GB) -- drive 0, s/n WD-WCAT13035258, rev 01.03A01, SMART Status: Healthy 1920 Megabytes Installed Memory Slot 'A0' has 2048 MB Slot 'A1' is Empty Slot 'A2' is Empty Slot 'A3' is Empty Local Drive Volumes c: (on drive 0) 55.98 GB 43.77 GB free d: (on drive 0) 47.45 GB 34.67 GB free e: (on drive 0) 62.71 GB 44.61 GB free f: (on drive 0) 59.54 GB 55.88 GB free g: (on drive 0) 94.39 GB 58.56 GB free

ultimitloozer
ultimitloozer

I'm just glad that many of the people who have responded in this thread do not work for any kind of testing company since their comments clearly indicate that they could not perform independent testing and they would skew their testing procedures or results to favor the sponsor of the test. In no thime, the comopany would be CTD. As far as respect for IE, that possibility will open up once MS fixes their 2 year old XSS vulnerability.

QAonCall
QAonCall

I think your story should have added more INFORMATION, it might have lowered the rhetoric a bit First: During Q1, 2009 NSS Labs performed the industry?s first comprehensive test of web browser protection against socially engineered malware. This report is based upon empirically validated evidence gathered by NSS Labs during 12 days of 24x7 testing. Generally available software releases were used in all cases. Each product was updated to the most current version available at the time testing began. 154,702 unique results were collected from 141 discrete tests conducted without interruption over 282 hours (every 2 hours for 12 days). From a collection of over 60,000 URLs, 5,149 distinct URLs were selected for inclusion in this test. Of those, 1,779 were available at the time of entry into the test and were successfully accessed by the browsers in at least one run. We removed samples that did not pass our validation criteria, including those tainted by exploits. Thus, ultimately 492 URLs were included in our final set of malware sites ? providing a margin of error of 3.76%. Second: Web-based malware attacks pose a significant risk to individuals and organizations alike by threatening to compromise, damage or acquire sensitive personal and corporate information. 2008 and 2009 statistics show no abatement of the trend. Indeed detecting and preventing these threats continues to be a challenge as criminals remain aggressive. Antivirus researchers estimate between 15,000 and 50,000 new malware samples per day. And increasingly, social engineering techniques are being applied to the web to quickly distribute malware and evade traditional security programs. 53% of malware is now delivered via Internet download versus just 12% via email, while IFrame exploits and other vulnerabilities comprise 7% and 5%, respectively, of the global malware infection vectors, according to statistics from Trend Micro. 1 Thus, criminals have adapted to take advantage of newer social networking sites (i.e. Facebook, MySpace, LinkedIn, etc.) and user-contributed content (i.e blogs, twitter, etc.) which allow for rapid publishing and anonymity. Furthermore, the speed at which these threats are ?rotated? to new locations is staggering and poses a significant challenge to security vendors. Third (AND APPARENTLY REALLY HARD ONE!): Recently, web browsers have stepped up their role in protecting clients by adding mechanisms for preventing users from infecting themselves with Malware. This report examines the ability of six different web browsers to protect users from socially engineered malware.2 Each of the six web browsers has added security technologies to combat web-based threats. However, not all of them have taken the same approach, nor claim to stop the same breadth of attacks.3 Browser Protection contains 2 main functional components: The foundation is an in-the-cloud reputation-based system which scours the Internet for malicious websites and categorizes content according; either by adding it to a black or white list, or assigning a score (depending on the vendor?s approach). This may be performed manually, automatically, or some combination thereof. The second functional component resides within the web browser and requests reputation information from the in-the-cloud systems about specific URLs and then enforces warning and blocking functions. For the purposes of this test the following definition is used for socially-engineered malware: following a URL link directly leads to a ?download? that delivers a malicious payload whose content type would lead to execution. When results are returned that a site is ?bad?, the Web Browser redirects the user to a warning message/page instructing that the URL was malicious. In the event that the URL is a download, the web browser instructs the user that the content about to be downloaded (or being downloaded) is malicious and that the download should be aborted / cancelled. Conversely, when a website is determined to be ?good?, the web browser takes no action and the user is unaware that a security check was just performed by the browser. Summary of Three: All are attempting to do the same thing, IN DIFFERENT WAYS, this report measures the most effective! MOST EFFECTIVE AT BLOCKING! WARNING THE USER THIS IS BAD!!!!!!!!!! This table answers the question: how long on average must a user wait before a visited malicious site is added to the block list? It shows the average time to block a malware site once it was introduced into the test set. This can be misleading in some cases. For instance, Firefox shows a quicker block time, but it blocked significantly fewer malware sites. The mean time to block a site (if it is blocked at all) is 13.8 hours. Browser Avg. Add Time Firefox 6.0 Chrome 6.9 IE8 11.7 Opera 12.0 Safari 18.9 IE7 27.3 mean 13.8 In summary of the report: It became obvious as the results were tallied that Microsoft has made considerable achievements in adding protection from socially engineered malware into Internet Explorer v8 (SmartScreen). With a protection rating of 69%, Microsoft IE8 was by far the best at protecting against socially engineered malware and adds an excellent layer of protection on top of other endpoint protection solutions. We were impressed by the stability of IE8 (RC1). And although the browser did crash a few times during the test, it recovered gracefully with no long-term ramifications. Coming in second, Mozilla Firefox achieved just over 30% protection rating against malware ? less than half the protection offered by IE8. Apple Safari crashed repeatedly until we slowed down the test to accommodate a 10-15 second pause between URL lookups. Then Safari?s stability improved (no more crashes) and its block rate tallied up to 24%. Google Chrome started out with comparable protection ratings to Firefox and Safari, yet then, inexplicably deteriorated rapidly ? bringing down the average catch rate to 16%. We were concerned that this was somehow an artifact of our test harness and spent extensive time manually verifying results. Our findings were that Chrome?s protection did indeed drop off significantly. In addition, we found Chrome crashed repeatedly and without recourse; requiring manual intervention to kill the process in Task Manager. Google Chrome is obviously a version 1.0 product ? demonstrating poor stability and lacking feature maturity. Generally, there is a configurable separation between software updates and database or signature updates ? to draw analogies from the antivirus, IPS and general software practices. However, some browsers, including Google Chrome and Safari attempted to update themselves automatically without any user permission. This caused problems for our testing harness, which were eventually overcome during pre-testing. But it is notable that this practice would not work well in a controlled enterprise environment, where change control and patch management are important processes to ensure security and interoperability. Neither Opera nor Microsoft IE7 offered much protection, achieving 5% and 4% protection ratings respectively. Nothing here is personal; nothing here is NOT factual, from the report. If you have FACTS to dispute the report, you should present them. Facts are not opinions, innuendoes, dislikes etc.

leo8888
leo8888

Just wondering why no mention of SeaMonkey? Is it because there is nothing in SeaMonkey to warn about malicious web sites? Or is it maybe because SeaMonkey does not execute active-x so the tests would not apply? We have been using it in our company for a long time and have had great success keeping viruses and malware out. Of course for certain web sites that require active-x we have to fall back to I.E.

seanferd
seanferd

First, I don't expect my browser to be a malware-blocking engine. Second, I sure don't want my browser phoning home for anything. If I want updates, or anything else, I'll check. Third, I don't expect the database to be up to date, with good data, all the time. And what happens when the server goes down, the data selection is gamed, or MS (or whomever) decides arbitrarily that something I want is malware? How do you get a link de-listed if it was a bad call, or if the site is fixed? Edit: Hm, I though I was responding to the article, not the first post. How odd.

Ocie3
Ocie3

I hesitate to offer an opinion. It is most curious that the malicious websites chosen for testing the browsers were not selected randomly. (I assume that, if they were chosen randomly, then that would have been prominently mentioned.) What were the exact criteria for including a website in the test?? Perhaps each and every one of the 12,000 malicious websites does not attempt to infect a visitor's computer by using Javascript to install a "dropper" which downloads and installs other malware from the website. There is no defense against that in I.E. -- if the user doesn't enable Javascript (implicitly, for each and every website), then MS will make them wish that they had. If a user decides to disenable Javascript in Firefox, the only result is likely to be a message from almost every website that they visit that Javascript and "all (third party) cookies" must be enabled to use the website's features. A website can use "social engineering" (without Javascript required) to persuade visitors to select a hyperlink that will cause the browser to download a malware installation package and execute it. Were any such websites in the test suite?? What I would also like to know is from whom did NSS obtain the list of 12,000 malicious websites?? Were all of them confirmed as engaged in malicious behavior or was it just a list of websites that were simply suspect for some reason or another?? Also, I wonder just how valid any blacklist can be. Given the ease with which anyone who has the money can register a domain(s), it seems to me that criminals can create websites faster than anyone else can discover which are malicious and which are not. I would expect that a blacklist would include many invalid URLs for websites that no longer exist, and not contain the URLs for malicious websites that have been created most recently. That said, insofar as Microsoft would prefer that I.E. gain respect among its critics, then they would best continue to examine I.E. (and Windows) for vulnerabilities and patch them!! Since the software cannot contain an infinite number of such flaws, someday MS might eventually run out of any more to patch. :-)

rfolden
rfolden

It can't protect itself from itself. Witness the problem when your temp folder is set somewhere else other than the default location, OR when you have moved your "My Documents" folder to somplace on the local disc other than the default... Witness the rampant problem of EVERY time you open IE8 you get: "1) A program on my computer has corrupted IE8 default search provider settings. 2) IE8 will reset the search provider setting to default setting of live search. 3) IE8 will open the search provider dialog where I can change my search provider." 1)No it hasn't... it is just confused. 2)Of course it will... to Widows Live! 3)Yes it will, but good luck changing or removing windows live. (Of course this can be fixed with regedit, but it really burns my butt like a "flame amout this high".)

derek
derek

There is always going to be a thought in people's minds when someone 'pays' for the test if there is foul play. I think what is more important is the motive for the tests. If Microsoft was looking to improve their browser and paid a consulting company to test it and they did, they found out what they needed to know.... What is not being mentioned in the articles I am reading very much is the fact that microsoft does have some things to work on as well as the other browsers. 80% is okay, but many of us would like 100%. To me the rebellious OpenSource advocates should respond like they always do and step up... give the consumer reason to choose theirs. Based upon the findings... I am not too confident of the other browsers and the admittance of the other vendors that there are these holes... Some might say I am a microsoft fan... and I hope that is not what I am implying... however, if a company has dedicated, paid folks who are supposed to work on a product compared to Uncle Ferd in his attack banging out code after work, then their product SHOULD be better due to the focus and effort. IMHO, I am tired of the browser wars, from a helpdesk, techsupport stance, there is problems with all of them, at least with IE, I know where to get a solution, and possibly a fix.

mrdt
mrdt

Considering that Microsoft paid for the test, it is not independent. There could have been negative results but those wouldn't be allowed to be published, so the test's could have been altered to produce results that would give Internet Explore 8 favourable results.

JohnOfStony
JohnOfStony

If I remember correctly, Eysenck in the 1950s concluded that black people were less intelligent than white people based on his IQ tests which were designed by a white man with a white cultural background. I wonder what the results would have been had the tests been designed by a black man with a black cultural background? I suspect the opposite. Is it possible that tests sponsored by Microsoft may have been selected based on Microsoft's design criteria for IE8, and might the results have been very different had they been sponsored by Mozilla?

wyattharris
wyattharris

You've got to imagine that with the amount of time, resources and experience that Microsoft has spent in fighting vulnerabilities and improving security that they should be pinnacle of secure software. Guess we'll find out if they have actually put any of that to practice.

csmith.kaze
csmith.kaze

Umm, if the subject of the test pays you for the test, then it is not an "Independent test". sorry, but it isn't.

The 'G-Man.'
The 'G-Man.'

It's a culture thing I think. Depends on where you use the browser I guess.

Michael Kassner
Michael Kassner

I can't find it, but someone else commented about similar circumstances. That person also reverted back to 7. Have you considered Firefox at all? I will try to find the comment as it is a know MS issue.

Deadly Ernest
Deadly Ernest

quote Recently, web browsers have stepped up their role in protecting clients by adding mechanisms for preventing users from infecting themselves with Malware. end quote A mechanism that gives the user a warning does NOT, and can NOT, PREVENT users from infecting themselves. fast finger Freddy behaviour will still see people infected anyway. If the system did as claimed Freddy could do no harm at all. A second aspect is the whole thing is predicated on a database using some weighted scale decided on by the keepers of the database. And we all know how trust worthy they are. A proposal here in Australia at the moment is for a compulsory filter to block kiddie porn, it will have a database. A pilot is in use as a voluntary system. When someone broke down the blacklist of sites they found sites promoting euthanasia in there as well - I'm still trying to figure out how that subject relates to kiddie porn, but I do know how it relates to the religious / political stance of the politician promoting the filter.

seanferd
seanferd

in the ALL CAPS section. As to the contents of the report itself - so what? I don't care to dispute the validity of the report, but nothing in said report proves anything. Methodology, raw data, and replication by other parties of the same test (if the test itself is valid) would be needed to begin to verify anything. Nor do the contents of the report address (nor can they) any possible bias. I do realize that this is generally not the way things are done tech sector, which is too bad, really. "Summary of Three: All are attempting to do the same thing, IN DIFFERENT WAYS, this report measures the most effective! MOST EFFECTIVE AT BLOCKING! WARNING THE USER THIS IS BAD!!!!!!!!!!" I think you need to re-examine your summary. "All three" are entirely different things, not three tests. 1 - How we chose test URLs. 2 - Summary of some analysis and description of malware vectors. 3 - Explanation of the purpose of the test and the testing procedure. All three are vague to varying degrees. While I have no particular reasons to dispute the test results, I think it is a big yawn. Additionally, the term "socially engineered malware" simply doesn't make any sense at all. Makes it sound like someone convinced some bit of malcode to email its bank account info to Nigeria. Not to mention, this has nothing to do with malware directly at all. "Social engineering link" might be somewhat better.

Michael Kassner
Michael Kassner

Sure what you are trying to say. Could you provide more details, please?

seanferd
seanferd

And it is Mozilla-based, like FF. Depends on which branch you are using - the 2.0beta would be more similar to the current FF, but if it is actually a test of the database to which the browser refers for these things, SM and FF would be using the same one. I've seen alternative browser lists with rather more obscure browsers, and still no mention of SM. In short here, though - MS didn't pay to have SeaMonkey tested. Only interested in the somewhat larger competitors. Mozilla/5.0 Gecko/20090717 SeaMonkey/2.0b1 - Build ID: 20090717105808

ccann24
ccann24

Hello Rfolden I like your post and agree with you regarding IE8. I am having the same problem with everytime I open IE8. I have even uninstalled and reinstalled IE and same is occuring but with live this time instead of bing. You mentioned this could be fixed with regedit. Would you be willing to provide me the instructions, so I can take care of the annoyance once and for all.

stuffinator
stuffinator

From what I understand, we're talking about a browser detecting that a site is trying to fool someone trying to download programs that can bypass execution locks. Phishing scams are important "holes" because the mere fact that they are visited is already a security risk. Droppers on the other hand, as I understand them, by themselves aren't holes. The real "holes" come in when the droppers themselves run without permission, which is conspicuously not the metric of the test. Think of a security detail posted outside of a building. "detecting" droppers is something like writing suspicious characters in the log and questioning them IF they try to go in. Suspicious characters can be detected from behavior, or from a police database, but if you use the latter, your database will, by definition, always lag reality. It's still comforting, but the real problem is not what suspicious characters you can detect (the essence of blacklisting), but whether or not characters, suspicious or not, can clear the building entrance without proper authorization. Don't most other browsers pretty much prevent /all/ programs from running? In English, NSS's definition could be read as "websites whose downloads execute things". It should be obvious to a techie that the problem is less of "we have to block websites that allow downloads to execute things" and more of "since when should downloads be executing things?"

Michael Kassner
Michael Kassner

To find more information on how the tests were setup and managed.

Michael Kassner
Michael Kassner

The big thing in this technology is the breadth of the database. The larger it is and the more up-to date it is the better. MS probably does have the advantage there with all of the reports they get back from their security tools.

csmith.kaze
csmith.kaze

time spent spreading FUD about other platforms and not actually fixing anything? Isn't there a blog lately about a two year patch? It's like congress. We pay them more and more and get less and less.

asia.williams
asia.williams

You are correct. However, the article stated that they all were asked if they wanted to fund this test. Microsoft agreed. Do not get me wrong, here. I am no Microsoft spokesperson and try to be objective. If the providers were given the option to fund the hypothesis and chose not to participate, one can assume they had no confidence in their product. It's not like they were "not" given the option to present funding. I don't believe that because Microsoft provided the funds that the outcome was in their favor. Now, usually I am not quick to defend Microsoft. However, from personal experience with these browsers, the outcome is believable.

viajero4
viajero4

I agree. Unfortunately, the mere fact that MS commissioned the tests casts suspicion on the results. To be believable, I think a disinterested third-party is going to have to repeat the tests, using protocols and criteria not specified by the testees. The ultimate results may be the same, but would have more meaning if they are not MS-generated.

JCitizen
JCitizen

I meant to reply to his post earlier, but have been staying up too late, and my brains have been all out of kilter lately. Some folks probably think I'm out of kilter all ready! HA! :^0

Michael Kassner
Michael Kassner

To get the member that gave me the heads up to respond. He's a sharp guy and has this figured out.

Aaron A Baker
Aaron A Baker

Actually, I hadn't thought of any other Browser and it never occurred to me, to switch.I repeated the IE8Installation and the same thing happened again. My entire system slows down. Menus are slow to open,Click on the Browser and wait a few seconds for the page to open. I really got frustrated so took it out again. However I must confess, the thought of switching to another simply never occurred to me. Hmm, will give that one some thought. I appreciate the time you took to give me the heads up. Thanks Michael. PS If I thought it could help, I'm prepared to list my entire list of Programs as I haven't been able to detect anything wrong, other than with the IE8. Maybe I need fresh eyes??

Michael Kassner
Michael Kassner

Your statement: "If they think this way, chances are they would probably work the same way." I'm just trying to understand your viewpoint as you were one of the few to follow this tack.

ultimitloozer
ultimitloozer

If you look at a lot of the comments regarding the testing, people tend to say that Microsoft paid for the results they wanted. If they think this way, chances are they would probably work the same way. About respect for IE: If MS would finally fix an old XSS vulnerability in IE7 & 8, it would go a long way towards earning some respect. Vulnerabilities left open for so long, in my opinion, are unconscionable.

Deadly Ernest
Deadly Ernest

warning does not. Look at it this way - A level crossing boom gate drops down to prevent vehicles entering the crossing, you have to actual deliberately crash through with some power to break the barrier. A condom prevents pregnancy unless it's broken through. A warning doesn't even slow you down in any way as it requires you to: 1. read the warnings, 2. respect the warnings, 3. act as stated by the warning. Relate it to a traffic situation, how many people drive through a railway crossing barrier that's down, and hoe many people drive through Stop signs - hmmm. Warnings may be ignored by accident, inattention, or just to fast an action. A prevention requires a deliberate thought out intent and strong action to overcome. This is only a warning. Now if the software denied all access to the site, then it would be a prevention and then there would be major screams as that gives the database people control over censorship of your web browsing.

Michael Kassner
Michael Kassner

One could argue that a warning is indeed a preventative measure.

ultimitloozer
ultimitloozer

There is a registry hack that will move the menubar back to it's "expected" position under the title bar for IE7 & 8: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] ?ITBar7Position?=dword:00000001

roy.evison
roy.evison

Then try opera.Is this not prejudice?

Jaqui
Jaqui

since I don't like the FF ui anyway I don't keep up with the way they change anything with FF. at least they let you move them around, IE 7 and IE8 they are locked in position.

Deadly Ernest
Deadly Ernest

the menu bar was above the button bar, but you could shift them around if you wanted to. I've actually used the Customise option for the toolbars to place the menu bar, button bar and url window in the same line as save space. Although I use FF in Linux and it is a bit different to the Windows version you can also do the changes in the Windows version, done it on another machine.

Jaqui
Jaqui

FF3 do what MS did with IE7 and move the menu bar to below the url / button bar? I personally won't use an app that doesn't have the menu bar right under the title bar, so even if IE ran on linux, it wouldn't be on my systems, just like I won't touch Firefox.

JCitizen
JCitizen

I like playing with NoScript to see how granular it is, as well. Your idea seems even more secure! If I'm not mistaken, it offers, (or did offer), more security that IE8, even after giving full page permission; besides the cross-scripting and click-jacking protection features. I haven't dug into it deep enough to give a link or a list. But then, I'm a FF newbie, I only started using it because of the last two months of java, and adobe vulnerabilities. I was misunderstanding Secunia PSI's warnings and thought the x64 IE8 was in more danger than it was. I've since learned more how to interpret their data, on the consol. But then, this is the first time, I've seen an unpatched known vulnerability stay in force for so long. A very disquieting condition. I would switch to Linux if I could, but MCard DRM, makes the migration impossible at this point.

leo8888
leo8888

Since I couldn't reply directly to JCitizen's post about playing flash in SeaMonkey I am posting at this level. There are many plugins available for SeaMonkey to make it capable of handing almost any type of content. I keep a folder on my flash drive with the SeaMonkey installer and some of the plugins I have found to be most useful such as: Adobe Reader, Flash Player, Java, Shockwave, Quicktime, Realplayer and one of my favorites Flash Blocker. I love being able to quickly display websites that use too much flash and decide which flash objects I want to see.

JCitizen
JCitizen

to render flash type news video. I know that may not be important to you, but I'm just asking. I really don't know why news services aren't migrating to silverlight, as it has not had a known vulnerability since it was introduced; not that I can find anyway.

seanferd
seanferd

And I'll have to answer it in light of another post I made in this thread. Short version: I don't want my browser to be an anti-malware machine. That being said, anything that gives me more control over the browser itself, and browser-related internet communication. NoScript: Not something anti-malware will do, belongs in a browser (IMO). Perspectives: directly related to secure site communication. I still can't use it in SM, but I don't do a lot of important SSL. When I do, I use FF if I feel wary. MyWOT: I've never really been interested. Other good FF security addons that won't work with SM? Name them, and I'll have a look. I'm always up for that. :) But I don't particularly even care for FF/Google (or even OpenDNS :0) filtering phishing sites for me. I don't mind them, but I don't feel that I need such a service. As long as a security function gives me more control, I'm all for it. If I can turn it on/off, and configure settings (the more granular, the better), that's fantastic. Generally, I've never had a problem running the security add-ons I want with SeaMonkey. It's a Mozilla browser, too. (Actually, I'd argue that it is the Mozilla browser, if anyone wants to fight about it. :^0 )

leo8888
leo8888

It definitely has a small but loyal group of followers. I do computer repairs outside of my full time job as a network admin and I have turned many people on to SeaMonkey after cleaning viruses and spyware from their computers. One they have switched from I.E. the incidence of reinfection is very low.

seanferd
seanferd

I'll have email and a browser open at the same time, anyway. Why add more overhead? Although I wish they'd stop trying to make it more FF-like in the new version. But I'll still like SM the best, for the foreseeable future. Even though I've had some rather annoying issues with it (both branches). And it definitely has a "cult" following, if nothing else.

leo8888
leo8888

it's a shame more people haven't tried it, it's a very good browser and having the email client integrated is why I chose it over FF. I think the interface is much cleaner than FF also but thats just my 2 cents...

JCitizen
JCitizen

I am not the best communicator. I was referring to just XP protections. I had a fairly knowledgeable user that was on a perfectly legitimate website while reading on an application he was planing to go to. His keyboard and mouse had been inactive for quite some time and the mouse was not parked on any object on the web page, in fact it wasn't on the web-page at all. Everything went bad instantly after he saw a flash advertisement change state; which is what they do often on web pages. Avira recognized the injection zip file but was too slow to stop the attack, and within a matter of seconds, this .bat file(Avira's definition) had taken the un-password protected administrators account and uninstalled all, AS solutions except Avira,disabled any control panel or other administrative functions, so he couldn't regain control. And basically displayed a you've been pwned box, with the usual pay here and get the antivirus that will set you free message. Fortunately this old 'puter was expendable, and not worth the trouble of recovery. So he happily sledge hammered the drive, and promptly started listening to everything I had been warning him about for years. Now, my experience is different, as I run a lab honeypot hoping to get attacked, but I always run as restricted user, as I am not completely a fool. Almost all the attacks on my XP honeypot, are directed at one or the other well known vulnerable applications. But, because I keep them patched the attack is quite comical, if it weren't so un-funny! Typically it starts with the malware coming from an ad or link that is clicked on or hovered over, and sometimes just opening the page starts the attack. However the malware can't complete the attack as Windows restrictions are in force and the program cannot get admin permissions to do it's dirty work. On one such attack a Google link led to Adobe PDF trying to open three times in about as many seconds before NOD32 kicked some butt, and Comodo blocked the attack at the firewall level. Then I typically clean the temp files with CCleaner, reboot and drive on, looking for the next landmine. The sneakier smarter designs simply try to hook my screen or my keyboard, but since MBAM, that has gone away for now. Snoopfree keeps them from reading I/O until one or the other malware products I have on-board, scans and destroys them. I've often heard Chrome uses sandboxing, and I was thinking of installing it on my XP machines for administrative purposes. But I'm not familiar enough with it. It won't run on Vista x64 on the restricted side. I haven't tried any sandboxing as NTFS restrictions seem to be just as affective for me in the battlefields on the internet.

Ocie3
Ocie3

?? I don't recognize your phrase "flash add" as something of which I know the meaning. Since AUTOEXEC.BAT and CONFIG.SYS became meaningless, I don't recall ever seeing a .BAT file that was executed without the user ordering the command-line processor to do it. But there is the risk of an AUTORUN.INF execution of malware when a CD, DVD or USB drive is a peripheral. Just for the purpose of classifying threats, I would not consider that as a "download", unless there is some way that downloading an ISO image to a HDD can cause a file on it to be automatically run. How is Adobe Reader subject to "Windows user restrictions"?? (I don't have experience with Vista or Windows 7. I don't plan to ever use Vista, but I might run Windows 7 on "my next computer" -- perhaps in 2011). Using a "limited" account does not always protect a computer from malware, especially if the malware exploits a vulnerability in the operating system or in other software that is running. I've read that some malware processes have been known to escalate a "limited" user's privileges to "admin"; if memory serves, Conficker is one. The program iPodder has been impossible to run in a Sandboxie (SBIE) sandbox. Prior to SBIE 2.38, when iPodder was launched in a sandbox, either iPodder or some other process (not SBIE) displayed a message which declared that the user did not have "sufficient privileges" to run the program. Even after limitations of user privileges were added to SBIE sandboxes, that message never made sense, if only because iPodder is not a "system file". It simply downloads podcasts (RSS), and it runs without incident when I launch it via its desktop shortcut or the Start Menu. Since I installed Sandboxie 2.38, the message -- apparently from Windows -- has simply changed to "access denied (Error 5)"; SBIE is simply not allowed to run the program, although I am using my administrator account. Go figure.

JCitizen
JCitizen

as a download, then yes, it can execute without user intervention on XP. Of course the client was on the administrator side at the time; but I've just clicked on a google link and was hit by an adobe exploit attempt, that hit before the page even started downloading! Of course I had Adobe Reader fully updated and the attack didn't work as I was running as a user with restricted privileges. This gave NOD32 time to splatter it, and Comodo to block the transmission completely. I was attacked three times in succession in about four seconds. Adobe Reader would attempt to open each time, but was thwarted by Windows user restrictions.

stuffinator
stuffinator

which is related, I'll give you that, but I surmise the most important part of the issue still follows the same assessment: The problem is not that you don't know about /some/ malicious javascript out there. It's that malicious javascript can even exist in the first place. Javascript shouldn't be able to touch your files, system, or unrelated tabs - there are some problems, but the other browsers have held up to this part pretty well so far, haven't they? A realtime blocklist helps, but it's sort of besides the point.

santeewelding
santeewelding

A little closer to what you are saying. So far: impressive.

Ocie3
Ocie3

Since Netscape invented Javascript circa 1994 (?). The "download" in this case is, of course, a page from a website. We have to stop the browser(s) from fetching a page(s) from the websites that have malicious Javascript (which will install a "dropper"), and/or from websites that have malicious hyperlinks with "social engineering" to induce the website visitor to select them.

Michael Kassner
Michael Kassner

I agree with your assessment. I suspect that information was duplicated as NSS ran a phishing test as well.

JCitizen
JCitizen

Okay; I got it! I was toggling between 32bit and 64bit without even realizing this! I was relying on my previous start link from category view, and selecting 32bit - probably going back and forth depending how I selected it in the GUI! What a moron I am!!!! :8} Thank you ultimatelooser for pushing me to check into this; I could have been hosed back when java and adobe were vulnerable. Michael - If you can see this, yer 'ol Jay buddy is REALLY LOSING IT! Damn that makes me mad at myself X-( I think I'll go back in the corner and put my dunce cap on!

ultimitloozer
ultimitloozer

You have to be talking about using a 32-bit web browser on a 64-bit platform (the default behavior for Win x64 platforms) then because if you go to the Adobe site using a 64-bit browser and click on the Get Flash Player button, it will tell you that there is no support for it, but you can use Flash by using a 32-bit browser on a 64-bit sytstem. Of course Secunia wouldn't list the 64-bit version of IE as vulnerable to those attacks. You didn't have a 64-bit version of Sun's JRE or Adobe's Flash installed, so those attack vectors would not have worked! (Hence, not vulnerable.)

JCitizen
JCitizen

which fortunately was patched before the criminals could use it in the wild. I would disagree with you on the average ability of the normal malware in gaining administrative access to a Vista x64 install, or any NT 6 kernel. It would require an exploit to either the operating system or an application that has administrative privileges. This is why Secunia PSI is getting so popular, as one can just about immunize their Vista install by keeping everything patched and running as a restricted user. The UAC does run on the administrative side, it just doesn't require a password to initiate. Like I said - I still feel my clients had a miracle they didn't get malware, whether it runs on x64 or not, the AV/AS scanner should have found the uninstalled injection pack or exe file in one or the other of the various temp folders Windows has on its operating system. My security solutions find these inactive files once and a while, but simply running CCleaner regularly deletes them anyway. Since 32bit software [b]does[/b] run on Vista x64 and it [u]does[/u] have a built in 32bit Internet Explorer, it is easy to expose one's self to the same threats as a user in Vista 32bit. Needless to say I avoid running the 32 bit version like the plague. Vista x64 has several security advantages in its program structure beyond obscurity in code. I don't have the list, but I think Michael has written at least one article discussing it. FireFox is way safer for 32 bit operation, and I can't remember the last time one or the other browser could not open a web page. In fact, I rarely ever have to click the compatibility mode icon on IE 8 x64, to get pages to render anymore. Also, I do agree that their are many ways to run processes in that particular logon session that could do malicious things like keylogging and even worse, video hooking. I am still looking for a good Vista capable I/O firewall that will intercept video hooks like Snoopfree Privacy shield did for XP. As far as the code type running in session for AV/AS solutions, there are now many of them running in pure x64 mode. MBAM, which runs a 32bit GUI was developed by a former Microsoft MVP, and he had an advantage in knowing the source code I suspect, so that is probably why it works so well for my clients and I. The base .exe file in many anti-malware solutions run in 32 bit(probably so it can interact with 32bit malware). Similar threads run in the other security software I use. NIS 2009 provides my site adviser, and I believe it runs in partial x64 mode as well as the other IE 8 addons it uses. I find it way more accurate that McAfee's product, and it works on FireFox as well. The NIS GUI runs in 32bit. I actually find fewer and fewer processes that need 32 bit, here's a list of what is on my machine: ccSvcHst.exe *32bit-----Symantec GUI AAWTray.exe *32--------AdAware Tray Application firefox.exe (")--------------FireFox x64 compatible IAAnotif.exe*32-----------Event Monitor User Not.. iexplore.exe (")------------Internet Explorer(32bit) KBD.EXE *32-------------Logitec driver mbamgui.exe (")----------MBAM console soffice.bin (")--------------Open Office soffice.exe (")-------------____(")____ wmplayer. *32------------Windows Media Player Every thing else is purely x64 which is a long list on the task manager. Including the x64 version of IE 8.

Ocie3
Ocie3

Are Firefox, McAfee Site Advisor, MBAM - and the other software which you mentioned running - still 32-bit? In theory, a 64-bit system can run 32-bit software, just as, in fact, all of the Intel 32-bit microprocessors that I knew of (at least before the turn of the millienium) were ordinarily able to run 16-bit DOS, utility and application software. But you [i]might[/i] need a 64-bit compiler to recompile the source code of most of the software that you ran on a 32-bit system if you want to run it on a 64-bit system. So the question becomes. how much malware is able to run on Intel 64-bit?? I would expect that almost all malware is Intel 32-bit software that might not function as expected on a 64-bit system -- unless and until its source code is either recompiled or reassembled and re-linked. The OS is also a consideration. Many malware programs had to be re-designed and re-introduced simply because Vista has a different stack than previous Windows versions. For what it may be worth, a few weeks ago (maybe longer), I read a report that the "first known" Intel 64-bit worm had been discovered. I don't recall seeing anything about it since. Enjoy the "grace period" while you can. :-) P.S. If someone is running "on DSL as an administrator" then I don't see that UAC will matter, should something attempt to install malware on their computer. Even as a Windows XP "limited user", I found that I could install [i]some[/i] software, especially if it did not access the Registry. I don't have enough experience with Vista or Windows 7 to say whether that might be possible for a non-administrator to do. However, I have read that it is very common (and not especially difficult) for a malware installer to "escalate" the privileges of a non-admin account to gain the ones that the user must have for the malware to be installed and/or loaded and ran. The malware itself often also has the ability to gain permission to "run as admin". If memory serves, Conficker is an example of that.

JCitizen
JCitizen

for x64 as it seems to work very fast. It still has a 32bit process in the task manager though. I've always read Mozilla has its own java, but I never experimented with uninstalling Sun's newest version, to see if FireFox could render java objects without it. Of course I still need PDF capability, ect. To clarify again, NoScript runs very well on my x64 system, with NoScript and ABP fully in force. The NIS 2009 security add-on was broken on FireFox until the last Windows x64 updates. Must have been a Windows problem. Not surprising huh?!

JCitizen
JCitizen

and if I have no java or adobe abilities then [i]why do they work in my x64 browser?[/i](edited)[b] Incorrect - I was selecting the wrong browser unnaware![/b] :8} (edited)[b]INCORRECT[/b][u]There were almost NO sites that didn't work fully with these functions during the period in question.[/u] (I'm a moron - what can I say?) I had all java and adobe updates installed up to that time, Secunia did not list my x64 browser as vulnerable to any of them - only cross scripting. Chrome, IE 8 32bit, and FireFox were all listed as not safe to use with the known vulnerabilities at that time. All three of them were also fully updated. Now if you are saying Secunia is wrong, then I will gladly contact them and ask why this is so, and how they could avoid this mistake in the future! (edited) Also I have a question; since FF uses their own form a java, could removing Sun's version, and flash, ect. still render some pages well and retain java function?

JCitizen
JCitizen

I submit that during the last two months of open vulnerability, as long as I was running as a restricted user, and had all otherwise application vulnerabilities closed, and was running IE 8 in x64 bit, the attacker would only have been able to exploit cross-scripting. Since Windows alerts when another site is being accessed - hopefully the user is perceptive enough to know this isn't usual to the favorite site. Yes it nice to have NoScript but IE 8 x64 was [b]NOT[/b] vulnerable to those java and adobe exploits during this dangerous period. Hence, my decision to take my chances with IE 8 until the adobe and java updates. I and my clients need java and several adobe products to do business, so only the relatively safe(comparatively) cross-scripting block feature was the only advantage. Otherwise there were at least four or five open - known third party vulnerabilities on FireFox and Chrome. And I can't run chrome as restricted user on Vista x64 anyway. Looks like it was safer for me to take my chances with IE 8 before, but now that the patches have arrived, I'm back to using NoScript and FF, with a site advisor, password vault, and ABP. Just for information's sake I use MBAM with its active protection enabled, NIS 2009, SpywareBlaster, and AdWatch with the registry guard on. So yes, if the dropper got past IE 8 or my social skills, the third party could have perhaps dealt with it - but what hole would they have taken advantage of, to get past the browser - minus cross-scripting? I am increasingly finding new Vista x64 customers who are getting away with running on DSL as administrator, and the Windows firewall on, and Windows defender disabled; who miraculously have not one stitch of malware present! I still call this a miracle, but they never disobey the UAC or disable it either.

Michael Kassner
Michael Kassner

I didn't realize that. Thanks for pointing that out.

ultimitloozer
ultimitloozer

For users who have the 64-bit version of the JRE installed on their system, they were exposed to the exact same vulnerabilities as those who were using the 32-bit version. As for the Adobe vulnerabilities, the only reason the 64-bit browser was exempt is that there are no 64-bit plugins for the Adobe products.

Ocie3
Ocie3

Quote: ".... And before someone yells no-script, that doesn't do you any good when you give permission to your favorite site, and it has been cracked, does it?!!" Allowing Javascript to run after a page has been fetched from a website is just one feature of NoScript (not allowing Firefox to run Javascript is the default). Some people allow Javascript to be executed from every website; for example, when reviewing websites is essential to their work and they need to see all content of every page. However, they still use other NoScript features to provide some measure of safety, for example, to stop clickjacking. If NoScript has been instructed by the user to allow Firefox to run Javascript from a specific website, then there is a risk that the Javascript can install a "dropper" and enable the dropper to download and "install" malware. However, as the Wikipedia article states, the malware cannot execute unless either (1) it can exploit a vulnerability in the operating system or in other software that is running, or (2) the user can be persuaded to launch the malware, for example, by portraying it as security software that will scan the user's computer for malware. So, the "social engineering" aspect is, first, to persuade a computer user to select a hyperlink that leads to a website where a "dropper" will be downloaded (whether by Javascript) onto their computer. The second is, absent a vulnerability to exploit, to persuade the computer user to execute (or download, then execute) the malware from that website. Certainly, a legitimate website that has been, as you say, "cracked" might overcome the first challenge for the criminals. But the most common act of "cracking" a legitimate website is altering its content to include one or more hyperlinks to a malicious website(s). So the criminals still must use "social engineering" to persuade visitors to select a link to their malicious website, for example, by offering "free" software. If criminals have "cracked" a legitimate website enough to install a "dropper" and its attendant malware, then they still face the second challenge. Of course, if someone deliberately downloads some software from a website that they trust, then they are quite likely to install and run it (if not right away, then eventually). That does not apply to malware that is downloaded and installed gratuitously by a "dropper". If I am visiting a website from which I seldom download software, but the browser displays a dialog that commands me to run, or that recommends running, a program about which I know little or nothing, then you may be sure that I will see that dialog as a red flag. After the malware has been downloaded, whether also "installed", if the user's computer has an anti-malware program which is running with an "active scan" feature enabled, it might detect the presence of the malware and stop it from doing any harm. Some firewalls also have a Host Intrusion Prevention (HIPS) feature that can do the same thing, although they are usually designed to scan incoming packets (so they might detect the malware before it reaches the browser's downloading subroutine). Another defense is running the browser in a Sandboxie sandbox. Anything that is downloaded and "installed" remains in the browser's sandbox -- unless and until the user instructs Sandboxie to "recover" the file(s), which is not likely to happen if there is any hint that the downloaded software is malicious. Sandboxie will not allow the malware to make any changes to the actual operating system, for example, and it will inform the user that the software is behaving suspiciously. In my experience Sandboxie doesn't stop an anti-malware program from scanning the file(s) just after they are downloaded (but it might be necessary to add some scanner(s) to the configuration for the browser's sandbox). So, if a system is prepared with anti-malware, firewall HIPS and/or Sandboxie, it is not certain that someone who has been persuaded to run malware (without being aware that it is malware) will, in fact, trigger an unavoidable disaster.

Michael Kassner
Michael Kassner

I agree totally, but is it fair to compare 32 bit against 64 bit? The other browsers would be secure as well.

JCitizen
JCitizen

since IE 8 32/64bit still has the cross-scripting attack vector, that would be a piece of cake to "engineer". However, during the last two months, ALL the other top browsers were vulnerable to java, and adobe exploits. Not IE8x64! I would take the cross-script vuln to the others any day. And before someone yells no-script, that doesn't do you any good when you give permission to your favorite site, and it has been cracked, does it?!!

qwertyomen
qwertyomen

One thing that I haven't seen mentioned is that Microsoft has the most money! They funded it because they could afford to. The rest of the browsers are free and mainly supported off of people giving money freely. Google doesn't really count in Chrome, but they have a lot on their plate to deal with without the test.

Michael Kassner
Michael Kassner

NSS is a well-known research house. I don't think they would want to tarnish their reputation.

Michael Kassner
Michael Kassner

CEO of NSS mentioned to me that MS had no say in the test. You have good insight as is was not going to be advertised until the marketing department got hold of it.

Brenton Keegan
Brenton Keegan

because they knew it would look good. If IE8 is indeed better at blocking socially-engineered malware, they obviously spent time working on it and they want to show it off. Personally I have no issues with the fact that M$ paid for it.

csmith.kaze
csmith.kaze

The problem with letting marketing do that is now we have this shadow over the whole thing. Now everyone is just going to say "oh, well they paid for results" doesn't actually matter what went down. You live or die based on perceptions, never actual fact. Not sure why I am even posting here. It's not like I am Ms's target audience since I don't use Windows on my personal time. And wouldn't recommend it to a business either.

Michael Kassner
Michael Kassner

To CEO of NSS. He said MS did not have any input in test. In fact the security team that initially requested the test had no intention of publishing the results. MS marketing decided that.

csmith.kaze
csmith.kaze

if you were the person (sales ?) that took this and passed it on to your techs, wouldn't you pressure them to make the customer (MS) to look good? I'm just saying. MS has never been a fair player and the Ballmer Regime is ten times worse than Gates.

Michael Kassner
Michael Kassner

That MS specified the test procedures. At least, I didn't find any facts mentioning that.

JCitizen
JCitizen

less than 1Gb of RAM to be a bad candidate for IE 8, but I'm still tweaking. ON anything at or above, I noticed a performance increase; however my security solutions may have a hand in that. I hope to get my old Dell 700Mhz 768Mb RAM PC to swallow it eventually, if not there is always FireFox 3.5.2 for security, it runs pretty good on it.

JCitizen
JCitizen

that to gain administrative control without the UAC being able to stop it was the point of using application vulnerabilities. If the user is on the restricted account using a secure browser, the malware just sits in the temp folder unable to do anything. My AV/AS scanners find stuff like this all the time in my temp files if I forget to run CCleaner to dump them. NIS 2009, MBAM, SpywareBlaster, and Adaware are primarily responsible for blocking them in the first place. Javacools SpywareBlaster also works with FireFox and of course NoScript, and AdBlock Plus keep a lot of the miscreants off the computer too, as the malicious file server can't deliver the load. This probably happens most of the time with the dropper program mentioned too. It isn't the end all of security though, it still takes a blended defense, with Windows - some of the other third party mitigations are not mentioned yet in this discussion.

Michael Kassner
Michael Kassner

I think it can work both ways. It just depends on what the vulnerability is. Lately it's been Flash that getting hit. Who knows what is next.

asia.williams
asia.williams

QAonCall, IE8 has proven itself to me. Mozilla FireFox was my browser, also. IE8 has won me back. There are so many Microsoft naysayers (this is understandable) that the stigma over-rides the ability to be objective. Vista left such a bad taste in a lot of mouths, that Microsoft is a whipping-post. IE8 is the "most" productive and efficient browser currently available. I've read some posts about it slows down performance of the PC. I have one thing to say to that, "know your PC, folks"! If you know you only have 512 mb RAM, 60 GB HDD, and a crappy processor, don't try to build it into a Jaguar. I see so many hatchbacks being kitted up like their Volvos. Would you give a 10 year old kid a 100lb bag of groceries to carry? Then don't do it to your PC if it can't handle the load. I know we are all professionals here, but honestly, some folks give their PCs too much to do and wonder why performance is lacking. Also, maintenance is not performed regularly. What happens? They blame it on Microsoft. I agree Microsoft has caused more than enough of their share of issues, but as end-users, we also have a responsibility.

QAonCall
QAonCall

But missing the point. Many facet of IE8 are improved. I am MS Certed, and suport MS and other products, as well as being a MS Partner. For years I only kept IE for use on the Partner site, since it was requried in many of the uses on the partner site. Mozilla/Firefox was my browser. I am slowly being won BACK over to IE, specifically IE8. It is very solid overall, not just on security, and THAT is why your original post is correct, that it is time to start giving it some respect. This one small item is a symptom of a larger cure.

asia.williams
asia.williams

I've used all the browsers. Opera, forget it! They said what they meant and meant what they said. If your AV is not to par and Opera is your engine...let's just say, "so sorry". I concur. Comparing all the browsers mentioned, IE8 does outperform the others when it comes down to malware detection. Honestly, I gave each a fair shake in winning my love. I was attached to Firefox 3.0 in the beginning. The bells & whistles were fabulous. I thought the detective-looking dude was cool when he popped on the page to warn you. In the beginning, the browser seemed capable of detection and the proficiency was to code. They have taken a back-seat to IE8 within the past year. The only browsers that notified me when I was approaching a "danger zone" were IE8 and FireFox. The others are for the birds.

Ocie3
Ocie3

need a flaw in the browser software in order to be installed on the visitor's computer system?? Or is it sufficient for the browser to fetch a page that has a Javascript routine that downloads the "dropper" onto the visitor's computer?? If the website depends upon Javascript to do that, I can see why Microsoft would be so concerned about I.E.!!

Michael Kassner
Michael Kassner

What they are concerned about. Drive-by droppers are extremely popular pieces of malware and this test was to determine which browser was able to detect the most malicious Web sites.

QAonCall
QAonCall

Open IE 8 vs Firefox, Chrome, and Safari. Run All, while opening several tabs. Use common tabs like yahoo, google, youtube etc. Let stand for an hour, come back and check your task mgr. Several of these browsers are experiencing serious memory leaks. In addition, several of them are having some level of compatibility issues. The truth is they are all pertty good, but MS is still the dog, with fleas of course, but still the big dog!

Michael Kassner
Michael Kassner

I guess my concern is that it's another term being introduced that more than likely will add to the confusion. I personally have not heard drive-by droppers called that before.

The 'G-Man.'
The 'G-Man.'

But it is fair to say that depending on where the user is from and what they look at the social engineering will need to be different in order to tempt them! EDIT: Typo

Editor's Picks