When is the last time you took a close, objective look at your current web browser's security capabilities?
I want to address one misconception - I, in no way, have endorsed this study as proof that we should all adopt Internet Explorer. My purpose for any blog post on a recent news event is to start a conversation, which is what has happened.
I am not the expert here - you, members of TechRepublic, are.
Discussion on:
View:
Show:
I've been using Opera on Windows for years, and on Linux for the past year or so.
I skimmed through the PDF, interesting reading. If this testing is indeed on the
up and up, it kind of throws a monkey wrench into the standard "Internet Explorer
is full of security holes, use XXX browser" (insert your favorite in XXX) that many of
us see almost daily.
I skimmed through the PDF, interesting reading. If this testing is indeed on the
up and up, it kind of throws a monkey wrench into the standard "Internet Explorer
is full of security holes, use XXX browser" (insert your favorite in XXX) that many of
us see almost daily.
It seems like NSS (a Microsoft-funded company, right?) cranks out this kind of study at least once a year; this time it's conveniently near a Windows launch date. A few weeks back we had to ask all our users to discontinue IE until Microsoft released a patch (a few days later) since IE 7-9 had an exploit with no protection available. Whatever the paid experts say, our infection rates have dropped like a rock for Windows users on Firefox and Chrome. IE has gotten much better, but it's also a pain for web developers (and web app users) as MS often seems unwilling to apply some of the industry standards for scripting/CSS to their product. Definitely better than it used to be, though.
.... That someone would say NSS Labs was owned or paid by Microsoft.
You want people to use Chrome? Seen this? http://www.gfi.com/blog/research-web-browser-war-security-battle-in-2011/ [or are you going to say that Microsoft paid them as well].
You want people to use Chrome? Seen this? http://www.gfi.com/blog/research-web-browser-war-security-battle-in-2011/ [or are you going to say that Microsoft paid them as well].
Hmmmm, 2011 results from a post back in March,2012. Rather old. And, what's Google "Chorme"?? That's some technical typing/writing skills.
I don't disregard that Chrome just could be a better web browser, but, there's Malware out there that hits just about everything, and there is not one clear solution that will work to safely browse the Internet until script kiddies and malicious software/malware developers are eradicated, become good-hearted, or just stop, and all that crap is cleaned up on websites.
Sounds Utopian, I know.
I don't disregard that Chrome just could be a better web browser, but, there's Malware out there that hits just about everything, and there is not one clear solution that will work to safely browse the Internet until script kiddies and malicious software/malware developers are eradicated, become good-hearted, or just stop, and all that crap is cleaned up on websites.
Sounds Utopian, I know.
security settings that limit scripts running. The downside is every half brained, dim-witted, moron who can use drag and drop to create a web page via a piece of software that uses huge globs of javascript is now calling themselves a website designer and way too many people are using the idiots to create huge sites that display next to nothing in the way of static information and would have been a lot better if written in basic html. Thus any security settings also affect the performance of a lot of these crap designed sites.
You've got to be kidding! You actually think that building a huge site (your words) using static pages in 'basic html'? What would that accomplish? Security settings to limit scripts running? Good luck trying to find a setting that prevents php from running. You won't and the days of static websites are long gone. If you have ever had to try to maintaing a large static site, you'd know why.
Basic html is no longer very basic. From the early html with each browser writing their own rules through xhtml to html 5, the code base of html has changed dramataically.
Basic html is no longer very basic. From the early html with each browser writing their own rules through xhtml to html 5, the code base of html has changed dramataically.
great for them as being static info there is NO NEED to get data back from the client while using the site and the data being displayed doesn't change that often. Sure there's more that can be done in html 5 than any earlier versions, but the basic html code still works in html 5 and modern browsers, so why not save all that bandwidth and use basic html?
I've seen pages displaying static info like FAQs that have scripts that calls scripts that call scripts that call scripts as every damn thing is a very little script and called by a higher level script so they go together like lego, but require a damn sight more download to be sent than just doing it all in basic html.
One of the easiest anti-ad defences is to restrict script activity, and the second is to deny third party scripts, and it's easy to get add-ons that do that for most browsers.
I've seen pages displaying static info like FAQs that have scripts that calls scripts that call scripts that call scripts as every damn thing is a very little script and called by a higher level script so they go together like lego, but require a damn sight more download to be sent than just doing it all in basic html.
One of the easiest anti-ad defences is to restrict script activity, and the second is to deny third party scripts, and it's easy to get add-ons that do that for most browsers.
Three years ago, NSS published a report about Internet Explorer 8 being the safest web browser! The Tech Herald published an article with interesting insight and research about the report and its authors. Tech Republic should search a bit about who paid for a report before publishing such a breaking/broken piece of news.
Reference: http://www.thetechherald.com/articles/Can-you-trust-the-NSS-Labs-report-touting-the-benefits-of-IE8/5002/
Reference: http://www.thetechherald.com/articles/Can-you-trust-the-NSS-Labs-report-touting-the-benefits-of-IE8/5002/
but I had a quick look at it and noticed a couple of things that concerned me about it.
They tested against a list of known suspicious URLs, and the test method seemed NOT to be testing the quality of the browser, but the database the browser accesses over the Internet to see if the website you're going to is listed as a malware site.
I have a major issue with the claim about the level of protection if that's the case, as a LOT of people turn off that site list checking system due to access problems because they do NOT have broadband and it takes up a lot of time on dial-up - rural area issue and I'm in a rural area with many clients out of town. I also have an issue with the MS site list as it will often list a site as suspicious if the owners of that site do not jump through certain hoops for Microsoft. I've often seen MSIE kick a known and trusted site back as being a security issue on a regular basis since they stopped paying Microsoft for security verification services. No malware on the site, but no current MS verification, so it gets a big no-no sign.
I wonder how this test would have come out if they created a new site with some malware and accessed it? I also wonder how it would have come out if they hit the same list of suites with the over the Internet URL checking turned off so the browser was left up to its own internal capabilities and not remote control.
I do know of people who've been hit with malware from site while using MSIE 9 and I've hit the same sites using Fire Fox and had no problems.
Edit to add - did they also test MSIE 9 for the known vulnerabilities in earlier versions of MSIE where it was used to launch into Windows itself? And did they test for the past known vulnerabilities where other MS products were used to launch into MSIE?
They tested against a list of known suspicious URLs, and the test method seemed NOT to be testing the quality of the browser, but the database the browser accesses over the Internet to see if the website you're going to is listed as a malware site.
I have a major issue with the claim about the level of protection if that's the case, as a LOT of people turn off that site list checking system due to access problems because they do NOT have broadband and it takes up a lot of time on dial-up - rural area issue and I'm in a rural area with many clients out of town. I also have an issue with the MS site list as it will often list a site as suspicious if the owners of that site do not jump through certain hoops for Microsoft. I've often seen MSIE kick a known and trusted site back as being a security issue on a regular basis since they stopped paying Microsoft for security verification services. No malware on the site, but no current MS verification, so it gets a big no-no sign.
I wonder how this test would have come out if they created a new site with some malware and accessed it? I also wonder how it would have come out if they hit the same list of suites with the over the Internet URL checking turned off so the browser was left up to its own internal capabilities and not remote control.
I do know of people who've been hit with malware from site while using MSIE 9 and I've hit the same sites using Fire Fox and had no problems.
Edit to add - did they also test MSIE 9 for the known vulnerabilities in earlier versions of MSIE where it was used to launch into Windows itself? And did they test for the past known vulnerabilities where other MS products were used to launch into MSIE?
In fact, given the glaring hole in the argument, which you and others have quite rightly pointed out, I'm convinced of it...
I am sure you know about all these paid reports.
I saw lot of comments on these NSS paid reports. It's not accurate.
wth are you people talking about?
Explorer.exe != Iexplore.exe
Explorer.exe != Iexplore.exe
designed back doors that enabled malware to get into Windows via MSIE, the same happened with most of the MS applications as MS designed back doors to make their apps run faster in Windows by going around security measures.
This doesn't work anymore but
back in windows 9x era, you could actually type a web address into the address bar and the explorer window would half turn into a web browser and show the page, same as IE. Essentially IE was displaying your files and folders.
IE was also used for your desktop, even in XP. It was called Active Desktop.
back in windows 9x era, you could actually type a web address into the address bar and the explorer window would half turn into a web browser and show the page, same as IE. Essentially IE was displaying your files and folders.
IE was also used for your desktop, even in XP. It was called Active Desktop.
I go back a bit further...back in my "active" Win3X days I would get
the occasional urge to use IEXPLORE.EXE as the "shell"! I then
would write PIFs for my fav applications, associate the folder icon,
then launch everything in IEXPLORE, just to prove I could do it!
My favorite Win3X shell has always been Calmira (or Calypso, if
you were around even further back), Calmira gave Win3X the same
look and feel as Explorer did for Win9X, complete with Taskbar,
Start Menu, desktop icons, etc. Anyway, in Calmira you could
associate a web address URL with whatever browser you wanted,
open a little "run" command and type it in to launch your browser
with the URL loading.
Darn, I'm getting old...I sometimes miss those days!
Also, back in those days, I spent most of my time booted into plain
old DOS, my browser of choice Arachne...you could do similar things
with Arachne, just write a BATCH file to launch an app, copy it as an
OOK (copy myprog.bat myprog.ook) place the OOK file in a sub-
directory of your main Arachne program and Arachne would launch
your batch file and application, could even pass parameters to it!
Yeah, I did that just to prove I could, hehe!
the occasional urge to use IEXPLORE.EXE as the "shell"! I then
would write PIFs for my fav applications, associate the folder icon,
then launch everything in IEXPLORE, just to prove I could do it!
My favorite Win3X shell has always been Calmira (or Calypso, if
you were around even further back), Calmira gave Win3X the same
look and feel as Explorer did for Win9X, complete with Taskbar,
Start Menu, desktop icons, etc. Anyway, in Calmira you could
associate a web address URL with whatever browser you wanted,
open a little "run" command and type it in to launch your browser
with the URL loading.
Darn, I'm getting old...I sometimes miss those days!
Also, back in those days, I spent most of my time booted into plain
old DOS, my browser of choice Arachne...you could do similar things
with Arachne, just write a BATCH file to launch an app, copy it as an
OOK (copy myprog.bat myprog.ook) place the OOK file in a sub-
directory of your main Arachne program and Arachne would launch
your batch file and application, could even pass parameters to it!
Yeah, I did that just to prove I could, hehe!
back when Zone Alarm was a decent firewall, that Windows Explorer was constantly begging to access the Internet. Don't ask me, you reminded me. I'm weird that way.
He wasn't talking about launching windows as in the desktop, he was talking about whe IE was integrated into the OS, and so it's many functions were accessible through the browser.
A browser that accepted any foriegn code as executable.
That ran that code with the current users priveleges, which in most cases was admin, and even if it wasn't allowed unobtrusive privilege escalation anyway.
Sort yourself out
A browser that accepted any foriegn code as executable.
That ran that code with the current users priveleges, which in most cases was admin, and even if it wasn't allowed unobtrusive privilege escalation anyway.
Sort yourself out
His claim was that the windows shell is Internet Explorer, which is false.
Explorer.exe has the windows shell in it (Taskbar, mostly), and many other stuff (any WinAPI dweller knows them).
Like I said, this is false. The fact that the windows shell had internet browsing capabilities in it, doesn't make Internet Explorer the windows shell.
Sort _yourself_ out
Explorer.exe has the windows shell in it (Taskbar, mostly), and many other stuff (any WinAPI dweller knows them).
Like I said, this is false. The fact that the windows shell had internet browsing capabilities in it, doesn't make Internet Explorer the windows shell.
Sort _yourself_ out
Anyone capable of understanding the argument knows what he meant.
Obtuse it is.
Obtuse it is.
I'm not a security expert by any means, but I did read the study. The methodology seems sound to me, but I would tend to agree that the situation studied is very focused. But then again, NSS admits this and warns not to extrapolate too far from the studies parameters.
If any of the competing browsers had going through a whitelist / black list the results would have been different. The it would have been down to the integrity of the list and the cost of using it.
Worse still turn that feature off, along with UAC, and log on as admin like a typical windows appliance user, the numbers would have been dramatically different.
That's without considering the effect of anti-malware software, and add-ons such as NoScript.
The cynic in me can only assume that this was deliberate...
Worse still turn that feature off, along with UAC, and log on as admin like a typical windows appliance user, the numbers would have been dramatically different.
That's without considering the effect of anti-malware software, and add-ons such as NoScript.
The cynic in me can only assume that this was deliberate...
of the browsers but a test and comparison of the MSIE 9 capability to check the MS URL List, which is too often turned off to give the user some semblance of Internet usage as it takes up way too much bandwidth and time except on a high-speed broadband connection.
Never assume the blog and the title have the same origin.
A TR blog title can at best be seen as an exaggeration of a rough estimate of the general ballpark of the blog's topic
A TR blog title can at best be seen as an exaggeration of a rough estimate of the general ballpark of the blog's topic
where they say the sky is grey when they really mean blue, but not for them to say the sky is blue when they mean the sea is green.
How do you protect yourself from rogue js routines in IE?
I use FF + NoScript and I have a script that automatically runs CCleaner when I shut FF down.
I can't remember the last time I saw any malware in my quarantine/virus vault.
It must be over a year now.
I use FF + NoScript and I have a script that automatically runs CCleaner when I shut FF down.
I can't remember the last time I saw any malware in my quarantine/virus vault.
It must be over a year now.
White/black listing requires the url to have been already checked as good or bad. Leaving aside, all the issues of how the lists are maintained, and secured them selves, not to mention the overhead, it's effectively an authorisation mechanism.
It's not a safer browser, it's "safer" browsing. You can achieve the same thing with an extra bit of software on your machine, or better yet a proxy.
One as yet unidentified (or mis-identified) url in the list and the entire study, is proven to be complete bollocks.
If you are going to do any more security articles, get someone who knows what they are talking about to vet them first.
It's not a safer browser, it's "safer" browsing. You can achieve the same thing with an extra bit of software on your machine, or better yet a proxy.
One as yet unidentified (or mis-identified) url in the list and the entire study, is proven to be complete bollocks.
If you are going to do any more security articles, get someone who knows what they are talking about to vet them first.
Junk Science.
While within the very limited parameters described in it, it may be right it in no way implies that it is the definitive end work on the subject.
In the old days we had a saying that if the device wouldn't pass the test, rig the test so that the device passes. Those that did this where held in Low Regard and this report from the quick reading of it I did and the responses above I believe fall into this condition.
It is relying on a Layer of Software quite or most often turned off by the end user because it causes way too many False Positives. It may stop a lot of Infected Sites because they have Paid their Microsoft Tax and continue to but it will reject every site that doesn't contribute to Microsoft and their income stream. Incidently this is the majority of sites out there on the Net and not just those either paying Microsoft for the privilege or those sites run by Microsoft under the name Azure.
Also as mentioned above if you are on anything but High Speed Broadband this ups your Data Usage dramatically and kills any slower service from being useful. So how exactly could IE9 be considered as More Secure when the majority of the world have to have it turned off to get any sort of part way decent Internet Service that is able to load pages in under several minutes and access Web Pages that are not directly related to Microsoft in some way?
As things currently stand the vast majority outside of Major Population Centres even in the US would be balking at using things like this as their slow speed Internet is alread Bogged Down with too much Junk in the form of Scripts that are contained in the Page itself let alone a List Maintained by Microsoft that is constantly changing running on top of the various Web Sites that they want to visit.
It's reports like this that make people think that Scientists are all Charlatans who will give a response that the person paying the bills asks for which within the Limited Confines of the Parameters used is correct but totally meaningless to the great majority of users in the World. Scientifically it is possible to turn lead into gold but the value of the produced gold is far less than the cost of producing it and this report sounds very much to me at least that it's a Scientific Paper screaming out Turn Lead into Gold, Or Climate Scientist proves Global Warming isn't happening.
Col
While within the very limited parameters described in it, it may be right it in no way implies that it is the definitive end work on the subject.
In the old days we had a saying that if the device wouldn't pass the test, rig the test so that the device passes. Those that did this where held in Low Regard and this report from the quick reading of it I did and the responses above I believe fall into this condition.
It is relying on a Layer of Software quite or most often turned off by the end user because it causes way too many False Positives. It may stop a lot of Infected Sites because they have Paid their Microsoft Tax and continue to but it will reject every site that doesn't contribute to Microsoft and their income stream. Incidently this is the majority of sites out there on the Net and not just those either paying Microsoft for the privilege or those sites run by Microsoft under the name Azure.
Also as mentioned above if you are on anything but High Speed Broadband this ups your Data Usage dramatically and kills any slower service from being useful. So how exactly could IE9 be considered as More Secure when the majority of the world have to have it turned off to get any sort of part way decent Internet Service that is able to load pages in under several minutes and access Web Pages that are not directly related to Microsoft in some way?
As things currently stand the vast majority outside of Major Population Centres even in the US would be balking at using things like this as their slow speed Internet is alread Bogged Down with too much Junk in the form of Scripts that are contained in the Page itself let alone a List Maintained by Microsoft that is constantly changing running on top of the various Web Sites that they want to visit.
It's reports like this that make people think that Scientists are all Charlatans who will give a response that the person paying the bills asks for which within the Limited Confines of the Parameters used is correct but totally meaningless to the great majority of users in the World. Scientifically it is possible to turn lead into gold but the value of the produced gold is far less than the cost of producing it and this report sounds very much to me at least that it's a Scientific Paper screaming out Turn Lead into Gold, Or Climate Scientist proves Global Warming isn't happening.
Col
"In the old days we had a saying that if the device wouldn't pass the test, rig the test so that the device passes. Those that did this where held in Low Regard and this report from the quick reading of it I did and the responses above I believe fall into this condition........."
It's notoriously bad arguments like this that confirm my suspicions that the anti-Microsoft crowd is a cult and could never accept any test demonstrating results contrary to their religious-like convictions. In basic form, their thought processes go something like this:
Because Microsft is inherently evil and doesn't play by the rules and values that we accept as standard, true and good, anything suggesting otherwise is flawed by definition. Not only should such positive reports be utterly rejected but they're most certainly part of a well-organized conspiracy designed to continue oppressing unenlightened MS users for whom we've been given the sacred charge of emancipating.
Okay I'll fess up. I'm part of that well-organized MS conspiracy and wish I could get out from underneath the clutches of Microsoft's totalitarian regime. Help! Help! I'm being repressed!
It's notoriously bad arguments like this that confirm my suspicions that the anti-Microsoft crowd is a cult and could never accept any test demonstrating results contrary to their religious-like convictions. In basic form, their thought processes go something like this:
Because Microsft is inherently evil and doesn't play by the rules and values that we accept as standard, true and good, anything suggesting otherwise is flawed by definition. Not only should such positive reports be utterly rejected but they're most certainly part of a well-organized conspiracy designed to continue oppressing unenlightened MS users for whom we've been given the sacred charge of emancipating.
Okay I'll fess up. I'm part of that well-organized MS conspiracy and wish I could get out from underneath the clutches of Microsoft's totalitarian regime. Help! Help! I'm being repressed!
WOW you really don't like Microsoft do you?
I'm not aware of where I said anything even remotely close to that stupidity or in any way implied it above would you care to enlighten me?
OH and BTW I'm a Microsoft Partner and was commenting more on the Junk Science Involved and in this case by a company NOT Microsoft.
And I do spell Microsoft correctly so was that another shot at them by what you entered?
Col
I'm not aware of where I said anything even remotely close to that stupidity or in any way implied it above would you care to enlighten me?
OH and BTW I'm a Microsoft Partner and was commenting more on the Junk Science Involved and in this case by a company NOT Microsoft.
And I do spell Microsoft correctly so was that another shot at them by what you entered?
Col
You call the report "junk science" based on your "quick read" of the news story and a half dozen responses to this blog post... How would you have any idea of the science involved let alone the methodology used in the NSS report as a result?
My mistake was to suggest that you had made an argument or even a coherent claim. Rather, you spewed out a knee-jerk reaction to a news story about a report on which you had no basis to make any claim, least of which one that judges the scientific/methodological validity of the research involved.
It's this sort of nonsense that we've come to expect from the anti-Microsoft cult and your response fit the profile perfectly. And your above response continues in that tradition.
Next time, do a little more research before shooting from the hip. NSS Labs are a well-respected security research firm that is credited with exposing significant vulnerabilities within the security industry, e.g., the recent holes found in Siemens SCADA system. You can read a short piece about it here: http://www.pcworld.idg.com.au/article/387095/siemens_scada_hacking_talk_pulled_over_security_concerns/
My mistake was to suggest that you had made an argument or even a coherent claim. Rather, you spewed out a knee-jerk reaction to a news story about a report on which you had no basis to make any claim, least of which one that judges the scientific/methodological validity of the research involved.
It's this sort of nonsense that we've come to expect from the anti-Microsoft cult and your response fit the profile perfectly. And your above response continues in that tradition.
Next time, do a little more research before shooting from the hip. NSS Labs are a well-respected security research firm that is credited with exposing significant vulnerabilities within the security industry, e.g., the recent holes found in Siemens SCADA system. You can read a short piece about it here: http://www.pcworld.idg.com.au/article/387095/siemens_scada_hacking_talk_pulled_over_security_concerns/
a lot of well respected scientists told Goddard that rockets would NEVER work in space; boy, did they screw up. In this case they are making a false claim as the browser itself is NOT what they tested, the website listing system is what was tested.
I actually posted and I quote directly:- "Those that did this where held in Low Regard and this report from the quick reading of it I did and the responses above I believe fall into this condition."
Not sure where your response that specifically says :- "Rather, you spewed out a knee-jerk reaction to a news story about a report on which you had no basis to make any claim, least of which one that judges the scientific/methodological validity of the research involved."
So the news story that I read as you would want to believe is the Blog above when I said specifically Report is it? I read the NSS Report in Full and when I say a Quick Read this means I read it however I Did Not move it to a separate page and make annotations besides the various parts I found incorrect or just downright misleading. At no point in the above post that you are complaining about did I even make any reference to the Blog by Mark W. Kaelin I did however point out that I did read quickly the posts that had been posted at that time.
I do however note your complete inability to counter any of my perceived shortcomings of the Report all you can do apparently is call people names and do nothing at all constructive or supply any points of error, you seem incapable of doing anything more than spewing your personal venom at every opportunity and completely disregard the Facts.
So in completing I award you -5 for Reading Comprehension, =25 for failing to produce any form of argument to point out where I made any mistakes and I'll leave the rest of the grading as I've by now awarded a Z- as your Report Score. Your complete inability to Comprehend and point out errors is what gives you this ratting.
So now I invite you to critize the following
While within the very limited parameters described in it, it may be right it in no way implies that it is the definitive end work on the subject.
Whats wrong with that?
It is relying on a Layer of Software quite or most often turned off by the end user because it causes way too many False Positives.
This is exactly what is described in the report of NSS and nothing else is reported on.
It may stop a lot of Infected Sites because they have not Paid their Microsoft Tax and continue to but it will reject every site that doesn't contribute to Microsoft and their income stream.
However in no way does this reference to what is effectively a White List in any way prevent Hijacked Reported Safe Sites from infecting the system through the browser. The White List by its very nature rejects entries on it so whats wrong with that statement?
Incidently this is the majority of sites out there on the Net and not just those either paying Microsoft for the privilege or those sites run by Microsoft under the name Azure.
Again whats wrong with the above statement other than perhaps some nondiplomatic words. Any Site Accepted by Microsoft which they accept a fee for or any site hosted on their Cloud Service which they demand payment for is considered as Safe and any Sites who are not listed, and the owners who do not pay Microsoft are not.
Also as mentioned above if you are on anything but High Speed Broadband this ups your Data Usage dramatically and kills any slower service from being useful. So how exactly could IE9 be considered as More Secure when the majority of the world have to have it turned off to get any sort of part way decent Internet Service that is able to load pages in under several minutes and access Web Pages that are not directly related to Microsoft in some way?
Only an Idiot would disagree withe the above sentence because its so obviously correct where a connection to the internet at 256 KBS would be killed by using this part of IE9 and it would increase the Data Usage of the user to reach their Limit much more quickly than would otherwise happen.
As things currently stand the vast majority outside of Major Population Centres even in the US would be balking at using things like this as their slow speed Internet is alread Bogged Down with too much Junk in the form of Scripts that are contained in the Page itself let alone a List Maintained by Microsoft that is constantly changing running on top of the various Web Sites that they want to visit.
Again its impossible to argue with the above sentence as its correct the majority of the Population of any country including the USA live outside the Major Cities and so on and do not have the same benefits that City Dwellers do. So they have slower Internet Connections Lower Data Limits and Higher Bills Generally Speaking. This is simple economics if you do not have the same number of subscribers over the same area it costs more to provide the same service.
It's reports like this that make people think that Scientists are all Charlatans who will give a response that the person paying the bills asks for which within the Limited Confines of the Parameters used is correct but totally meaningless to the great majority of users in the World.
Again this is correct, badly researched or in this case Specified Reports give the multitude of Lay People the impression that All Scientists are Charlatans who will produce a report that states what the Company Paying for it want. This is wrong but as the majority of people not involved in Science do not understand the difference between a Guess and a Theory it is something that Reputable Scientists do their best to avoid.
Scientifically it is possible to turn lead into gold but the value of the produced gold is far less than the cost of producing it and this report sounds very much to me at least that it's a Scientific Paper screaming out Turn Lead into Gold
Again what is Scientifically wrong with the statement. With Atomic Physics it is possible to alter base metals into other materials and it currently is much cheaper to go out and dig up gold at a low end Gold Mine than it is to turn Lead into Gold.
Bad News the report that I read and responded above to is located here just as it is shown in the above Blog Entry.
https://www.nsslabs.com/reports/your-browser-putting-you-risk-part-1-general-malware-blocking
Because I did no Due Diligence and accepted things at Face Value I have not attempted to determine that the site http://www.nsslabs.com is actually in any way related to NSS Labs and as far as I know the listed report may be completely fictitious and in no way related to NSS Labs.
However none the less my Opinion of the linked report is still the same unless you can convince me otherwise its Junk Science.
Then to make matters worse my OS is Windows 7 64 Bit and my preferred Browser IE9 with a Update Identification of 9..0.10 and a Knowledge Base number of KB2744842 which I do not expect you to believe in the slightest but then again I dont expect you to be capable of mounting a valid argument against a single word that I have posted.
OH and the link to the Knoledge Base Article on Microsoft Support
http://support.microsoft.com/kb/2744842
Col [/sarcasm]
Not sure where your response that specifically says :- "Rather, you spewed out a knee-jerk reaction to a news story about a report on which you had no basis to make any claim, least of which one that judges the scientific/methodological validity of the research involved."
So the news story that I read as you would want to believe is the Blog above when I said specifically Report is it? I read the NSS Report in Full and when I say a Quick Read this means I read it however I Did Not move it to a separate page and make annotations besides the various parts I found incorrect or just downright misleading. At no point in the above post that you are complaining about did I even make any reference to the Blog by Mark W. Kaelin I did however point out that I did read quickly the posts that had been posted at that time.
I do however note your complete inability to counter any of my perceived shortcomings of the Report all you can do apparently is call people names and do nothing at all constructive or supply any points of error, you seem incapable of doing anything more than spewing your personal venom at every opportunity and completely disregard the Facts.
So in completing I award you -5 for Reading Comprehension, =25 for failing to produce any form of argument to point out where I made any mistakes and I'll leave the rest of the grading as I've by now awarded a Z- as your Report Score. Your complete inability to Comprehend and point out errors is what gives you this ratting.
So now I invite you to critize the following
While within the very limited parameters described in it, it may be right it in no way implies that it is the definitive end work on the subject.
Whats wrong with that?
It is relying on a Layer of Software quite or most often turned off by the end user because it causes way too many False Positives.
This is exactly what is described in the report of NSS and nothing else is reported on.
It may stop a lot of Infected Sites because they have not Paid their Microsoft Tax and continue to but it will reject every site that doesn't contribute to Microsoft and their income stream.
However in no way does this reference to what is effectively a White List in any way prevent Hijacked Reported Safe Sites from infecting the system through the browser. The White List by its very nature rejects entries on it so whats wrong with that statement?
Incidently this is the majority of sites out there on the Net and not just those either paying Microsoft for the privilege or those sites run by Microsoft under the name Azure.
Again whats wrong with the above statement other than perhaps some nondiplomatic words. Any Site Accepted by Microsoft which they accept a fee for or any site hosted on their Cloud Service which they demand payment for is considered as Safe and any Sites who are not listed, and the owners who do not pay Microsoft are not.
Also as mentioned above if you are on anything but High Speed Broadband this ups your Data Usage dramatically and kills any slower service from being useful. So how exactly could IE9 be considered as More Secure when the majority of the world have to have it turned off to get any sort of part way decent Internet Service that is able to load pages in under several minutes and access Web Pages that are not directly related to Microsoft in some way?
Only an Idiot would disagree withe the above sentence because its so obviously correct where a connection to the internet at 256 KBS would be killed by using this part of IE9 and it would increase the Data Usage of the user to reach their Limit much more quickly than would otherwise happen.
As things currently stand the vast majority outside of Major Population Centres even in the US would be balking at using things like this as their slow speed Internet is alread Bogged Down with too much Junk in the form of Scripts that are contained in the Page itself let alone a List Maintained by Microsoft that is constantly changing running on top of the various Web Sites that they want to visit.
Again its impossible to argue with the above sentence as its correct the majority of the Population of any country including the USA live outside the Major Cities and so on and do not have the same benefits that City Dwellers do. So they have slower Internet Connections Lower Data Limits and Higher Bills Generally Speaking. This is simple economics if you do not have the same number of subscribers over the same area it costs more to provide the same service.
It's reports like this that make people think that Scientists are all Charlatans who will give a response that the person paying the bills asks for which within the Limited Confines of the Parameters used is correct but totally meaningless to the great majority of users in the World.
Again this is correct, badly researched or in this case Specified Reports give the multitude of Lay People the impression that All Scientists are Charlatans who will produce a report that states what the Company Paying for it want. This is wrong but as the majority of people not involved in Science do not understand the difference between a Guess and a Theory it is something that Reputable Scientists do their best to avoid.
Scientifically it is possible to turn lead into gold but the value of the produced gold is far less than the cost of producing it and this report sounds very much to me at least that it's a Scientific Paper screaming out Turn Lead into Gold
Again what is Scientifically wrong with the statement. With Atomic Physics it is possible to alter base metals into other materials and it currently is much cheaper to go out and dig up gold at a low end Gold Mine than it is to turn Lead into Gold.
Bad News the report that I read and responded above to is located here just as it is shown in the above Blog Entry.
https://www.nsslabs.com/reports/your-browser-putting-you-risk-part-1-general-malware-blocking
Because I did no Due Diligence and accepted things at Face Value I have not attempted to determine that the site http://www.nsslabs.com is actually in any way related to NSS Labs and as far as I know the listed report may be completely fictitious and in no way related to NSS Labs.
However none the less my Opinion of the linked report is still the same unless you can convince me otherwise its Junk Science.
Then to make matters worse my OS is Windows 7 64 Bit and my preferred Browser IE9 with a Update Identification of 9..0.10 and a Knowledge Base number of KB2744842 which I do not expect you to believe in the slightest but then again I dont expect you to be capable of mounting a valid argument against a single word that I have posted.
OH and the link to the Knoledge Base Article on Microsoft Support
http://support.microsoft.com/kb/2744842
Col [/sarcasm]
"the majority of the Population of any country including the USA live outside the Major Cities and so on and do not have the same benefits that City Dwellers do."
That statement makes you sound like an absolute idiot! It effectively nullifies everything else that you said.
That statement makes you sound like an absolute idiot! It effectively nullifies everything else that you said.
is like, as it's a true statement. Do some real research on how many people who live in rural areas do NOT have broadband because the cost of wireless broadband is too high - most countries pay per MB of download, and they live a few kilometres from the exchange with no fibre optic cable going by their house.
Col often stands up for Microsoft when the heavy anti-MS crowd get going because he's a MS Partner and working on their gear is the bulk of his livelihood. However, unlike some people who are little more than shills for MS, Col looks at things honestly.
The report in question claims to be about the browser when it has NOTHING to do with the safety or performance of the browser as it's all based on the browser's access to a MS maintained website of websites listed as not being nice - with the definition of not nice being very much based on if they pay MS to be listed as good. The process is often turned off due to false positives and the way it slows the hell out of anything but a high speed broadband connection.
The report in question claims to be about the browser when it has NOTHING to do with the safety or performance of the browser as it's all based on the browser's access to a MS maintained website of websites listed as not being nice - with the definition of not nice being very much based on if they pay MS to be listed as good. The process is often turned off due to false positives and the way it slows the hell out of anything but a high speed broadband connection.
Which is probably what most of us visit by accident, or what about hijacked sites.
This report is crap, IE isn't secure, it just knows about more bad sites. When FF and Chrome get attacked, the attack fails.
It's kind of like saying IE avoids the dark alleys, FF and Chrome walk through the dark alleys wearing armor and force-fields.
This report is crap, IE isn't secure, it just knows about more bad sites. When FF and Chrome get attacked, the attack fails.
It's kind of like saying IE avoids the dark alleys, FF and Chrome walk through the dark alleys wearing armor and force-fields.
"When FF and Chrome get attacked, the attack fails." And how do you know this statement? Any facts? Or are you just guessing?
Tool bars appear, files appear, performance slows, stuff errors. etc.
There are plenty of malware types that are not obvious......zeus spyeye stuxnet. Sorry, your argument has some, but not a lot of, merit
You can use whichever one you want. I have no inner need to convince you to another choice. Pick your browser and live with the consequences, I will do the same.
Because thats the only way I see this making any sense
It has been conventional wisdom that Internet Explorer has vulnerabilities that many IT professionals managing networks could not abide. I am suggesting that perhaps that "conventional wisdom" derived in the past should be reexamined. It is not a question of idiocy - more like inertia.
MSIE still has so many problems that MS set up this checking system because they could NOT fix the browser itself. There is where the problem is and saying an external check makes the browser secure is wrong.
Two things.
First, I did try to install IE9, but it indicated that you must have the latest Windows (I was using Windows 7) to install.
Secondly, what was tested with Firefox? One thing I did find out was that blocking malware wasn't something that came out of the box, but through add-ons. My version of Firefox, with add ons, blocks malware and I haven't had a problem (based on cleaning program reports) for years.
This seems like more tripe from a Microsoft employee ... oh wait.
First, I did try to install IE9, but it indicated that you must have the latest Windows (I was using Windows 7) to install.
Secondly, what was tested with Firefox? One thing I did find out was that blocking malware wasn't something that came out of the box, but through add-ons. My version of Firefox, with add ons, blocks malware and I haven't had a problem (based on cleaning program reports) for years.
This seems like more tripe from a Microsoft employee ... oh wait.
good - they pay Microsoft to list them, or
bad - they don't pay Microsoft to list them, or they have really vicious malware
bad - they don't pay Microsoft to list them, or they have really vicious malware
Study schmudy. I've used Firefox, Chrome, and IE between home and office computers, each extensively and I can say with absolute confidence that IE is better overall at catching and blocking malware, hands down.
No, I'm not a M$ fanboy because I refused to use IE for about 3 or 4 years at home, being a big supporter of Firefox. But I noticed plenty of occurances where I would get a malware warning through IE (on my office computer) on a webpage that my home computer, using Firefox, would browse to without any indication of a problem whatsoever. Pull up the Malwarebytes, run a scan, and sure enough, a new freakin' infection that my office computer didn't have! I've been running IE at home for a couple years now, and my malware infection rate is MUCH lower, almost to the point of nonexistence. Studies be damned... real world experience is where you find the facts.
No, I'm not a M$ fanboy because I refused to use IE for about 3 or 4 years at home, being a big supporter of Firefox. But I noticed plenty of occurances where I would get a malware warning through IE (on my office computer) on a webpage that my home computer, using Firefox, would browse to without any indication of a problem whatsoever. Pull up the Malwarebytes, run a scan, and sure enough, a new freakin' infection that my office computer didn't have! I've been running IE at home for a couple years now, and my malware infection rate is MUCH lower, almost to the point of nonexistence. Studies be damned... real world experience is where you find the facts.
Your office machine will likely have devices filtering for you etc. and you will likely visit sites with less malware but comparing real world live data is a sound method.
This recent and more authoritative study shows IE being > 89 times worse when live 0-day exploits are taken into account.
http://www.h-online.com/security/news/item/Internet-Explorer-security-examined-1721876.html
This recent and more authoritative study shows IE being > 89 times worse when live 0-day exploits are taken into account.
http://www.h-online.com/security/news/item/Internet-Explorer-security-examined-1721876.html
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
