Forum
Comments:
-
- on Sat 15 Aug 2009
- 11:25:38 PM UTC
Re: Browser security tests
Looks like IE8 is now the most secure browser.
NSS Labs only tested URL blacklists, so IE is hardly the most secure browser. I believe the only reasonable way to measure browser security is to count the number of discovered security vulnerabilities, examine how serious they have been, and how long it took for the vulnerability to be patched. Unfortunately, this is still unfair to open source browsers, because Microsoft doesn't have to publish all IE security issues, but can patch them silently. Since the source code is closed, it also seems plausible that there are more undiscovered vulnerabilities in IE than in browsers whose source code can be freely examined.
-
- on Sun 16 Aug 2009
- 06:47:57 PM UTC
Open Source Advantage
Open Source software developers generally respond much quicker to exploits, partly just because of sheer numbers across the world versus what has to be an inferior number of Redmond employees.
In fact, I read a report about a year ago . . . don't remember if it was NSS labs, but it was very similar . . . that likewise listed IE8 as superior in security to Mozilla, but buried in the data . . . which the report DID NOT highlight . . . was the fact that exploits of FF were patched much quicker than IE. Can't remember the numbers exactly, but the response time from Redmond averaged much more than twice the time it took Mozilla to come out with a patch. It was pretty dramatic.
As I said, the data was buried deep within the report, and if you just read the summary you would get the distinct impression that IE was more secure.
I remember the Mozilla newsgroup was lit up with opinions on this report, and there was the usual conspiracy theory that Microsoft was behind the report.
Whether it was a conspiracy or not, it was clearly biased in that both sides of the browser wars argument were not presented.
Those browser wars will be perpetual . . . IE proponents will always insist that IE is more secure than FF (YoKenny?), and FF proponents will always insist that FF is more secure.
As it is, I pretty much agree with Sami's point that Microsoft may "hide" some vulnerabilities 'till they come out with a patch. Of course, the argument that Microsoft always makes there is that they don't want to tip off the malware writers. There's a counter-argument to that, and the counters go on ad infinitum.
And one more thing that Sami brought up which is very pertinent. The seriousness of the exploits has a lot to do with how the data is evaluated. In that report I referred to earlier, while FF was shown as suffering from more exploits than IE, once again buried deep within the data was the fact that the FF exploits were not as "critical" as the IE exploits. The report mentioned this in passing, but certainly did not highlight it, and definitely didn't even reference this in the summary.
If YoKenny had not been so volatile on the topic, we could have had a lively discussion here.
Personally, I think that Opera is the most secure, but until they duplicate the flexibility of FF add ons, their market share will remain minimal.
Of course, with add ons comes increased vulnerability, so Opera may never go that way.
-
- on Sun 16 Aug 2009
- 11:48:27 PM UTC
i don't think opera is most
i don't think opera is most secure just because they don't really support add-on or less people use or hack them (just look that 1% result vs IE 81%!)...
-__-; IE got 80%+ in both category w/o any AV & ad/host/IP/flash blocker...
as to the vulnerability/exploit, i think no matter how fast/much FF patched, new vulnerability/exploit will be discovered anyway & FF will still ended up only detecting about 27% threat unless they copy IE by using some kind of signature base thingy to block the malware 1st until they find a way to stop the exploit...
as for the critical exploit part, thats why u need some kind of AV/AS/AM etc...
btw, w/o adblock & no script, FF is seem weaker than IE...
-
- on Mon 17 Aug 2009
- 04:56:07 AM UTC
No, no, no . . .
"i don't think opera is most secure just because they don't really support add-on or less people use or hack them"
Opera's security doesn't have anything to do with add ons . . . I never said that. What I said was that since Opera doesn't support FF-like add ons (only widgets, which are much different), Opera's market share will not rise. That has nothing to do with security (well . . . in a way it does because malware writers get less bang for their buck if they target little used software . . . Linux is a prime example . . . consequently they focus their efforts on Windows and IE, which have the most market share).But the central reason that Opera is more secure is that it doesn't use ActiveX (Opera does not have in-built support for Microsoft's Windows-specific ActiveX technology or the VBScript scripting language) or complete support for Java (Opera uses the Java Runtime Environment (JRE) on your system directly instead of using the plug-in to run Java applets. It is not possible to use the Java plug-in with Opera).
Of course, that diminishes the browsing experience, so it's a trade off. One of my favorite truisms holds here: "Between the extremes of caution and blissful ignorance, there is some comfort point, which will be different for everyone. I choose to run some risks, if they entail compensatory advantages, while avoiding others."
"just look that 1% result vs IE 81%!"
As Sami has pointed out, the tests used URL blacklists ONLY. Hardly representative.Since the rest of your arguments are based on the test results, and my opinion is that the test criteria was too narrow (among other things), I guess we'll just have to agree to disagree.
-
- on Mon 17 Aug 2009
- 11:44:29 AM UTC
was this test supported by Microsoft?
today I read: http://www.heise.de/security/Studie-Internet-Explo... (German)
and they say that this test was supported by Microsoft,if this is true I can't believe that IE 8 is safer than FF or Opera (well I never believed it ;)
---------------------------------------------------------------
Signatur:Prevention is best protection...Stay safe.
/any questions? -leave a message thx\
-
- on Tue 18 Aug 2009
- 06:18:07 AM UTC
anti-malware test by
anti-malware test by mrizos...
IE
http://www.youtube.com/watch?v=O94v1MdMcxk&feature...
FF
http://www.youtube.com/watch?v=wJBCrXdz4ew&feature...
GG
http://www.youtube.com/watch?v=P6sNbNKt4hY&feature... -
- on Tue 18 Aug 2009
- 06:49:21 AM UTC
WOT Fails to Block Poor Reputation Site
The URL http://202.153.191.243/card.exe
is way more NASTY than others such as http://www.24hourwealth.comWith WOT set for BLOCKING, both IE 7.0 and Firefox 3.5 will block the 24hourwealth.com site.
I searched for 202.153.191.243 at http://www.mywot.com and it has a BAD reputation. If I use the URL http://202.153.191.243 it still opens but with a red circle up at the top in the Toolbar.Test procedure using Firefox:
1. WOT set for BLOCKING, in both IE 7.0 and Firefox 3.5
2. Erase all cookies, history and cache files for both Browsers.
3. End both browsers, then start Firefox only.
4. Go to http://202.153.191.243
5. It connects and displays "Fedora Test Page" with a red circle WOT icon.
6. Go to http://202.153.191.243/card.exe
7. It tries to download the executable file card.exe but Norton Blocks it.Test procedure using IE:
1. Erase all cookies, history and cache files for Firefox.
2. End Firefox, start IE only.
3. Go to http://202.153.191.243
4. It connects and displays "Fedora Test Page" with a red circle WOT icon.
5. Go to http://202.153.191.243/card.exe
6. It tries to download the executable file card.exe but Norton Blocks it.So WOT fails with both Browsers.
-
- on Tue 18 Aug 2009
- 06:53:07 AM UTC
Re: WOT Fails to Block Poor Reputation Site
The add-on doesn't block the site, because the confidence value for the reputation is below blocking threshold. Once more users rate the site, the confidence increases and the add-on starts blocking it. You should probably rate it yourself too.
-
- on Tue 18 Aug 2009
- 04:23:52 PM UTC
wot should add a confidence
wot should add a confidence value slider for blocking site so that u can choose to block red or orange site w low confidence level...
-
- on Tue 18 Aug 2009
- 10:07:51 PM UTC
@demonluo: there is already
@demonluo:
there is already a setting option:
http://www.mywot.com/en/settings/en-en/firefox/200...or click on WOT Icon there is a settings or preferences option
---------------------------------------------------------------
Signatur:Prevention is best protection...Stay safe.
/any questions? -leave a message thx\
Browser security tests
Looks like IE8 is now the most secure browser. Hopefully the Firefox team catches up quickly.
Sunbelt Blog - Browsers tested for phishing and social engineering malware
"NSS Labs has posted the results of its testing of the big six browsers for their ability to repel social engineering malware and phishing attacks. “The results are based upon empirically validated evidence gathered by NSS Labs during continuous 24x7 testing against fresh, live malicious sites” they said.
Social engineering threats caught:
-- Microsoft Internet Explorer v8 (81 percent)
-- Mozilla Firefox v3 (27 percent)
-- Apple Safari v4 (21 percent)
-- Google Chrome 2 (7 percent)
-- Opera 10 Beta (1 percent)
Phishing threats caught:
-- Microsoft Internet Explorer v8 (83 percent)
-- Mozilla Firefox v3 (80 percent)
-- Opera 10 Beta (54 percent)
-- Google Chrome 2 (26 percent)
-- Apple Safari v4 (2 percent)
Test results here.
Tom Kelchner"
Anti Spam | Wot Tutorials