back to article Google questions tests that praise IE's bad website blocker

The methodology of tests that found IE is tops for blocking a particular type of malware attack have come under fire from Google. NSS Labs was commissioned by Microsoft to access the ability of browser to block socially engineered malware attack URLs. The exercise focused on the effectiveness of in-built browser technology to …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Headmaster

    access...

    ...or assess?

  2. M Gale

    Hm.

    Plenty of times I've had Chrome flash up a warning telling me that such-and-such a site has had some kind of malware on it recently.

    I've never seen that in IE, yet.

    So. Survey commissioned by Microsoft reveals results that are favourable to Microsoft. Blimey, UK.gov should have took Microsoft's help with the NIR when offered!

  3. Anonymous Coward
    Anonymous Coward

    You have to laugh....

    It's like watching Dr. Evil arguing with Dark Helmet over who's doomsday weapon is deadlier.

  4. Cunningly Linguistic

    "open sauce browser"

    Love it :)

  5. stucs201
    Joke

    open sauce browser

    Is that ketchup or HP?

  6. ratfox
    Jobs Halo

    Biased much

    IE 9 beta: 99%

    IE 8: 90%

    Firefox 3.6: 19%

    Safari 5: 11%

    Chrome 6: 3%

    This does look suspicious. I freely admit I have never studied the question, and I have no idea what techniques different browsers use, but I have trouble believing the results. Of course, the fact that Microsoft commissioned the study does not help any...

    I would also be more interested if I was actually scared of getting malware from a web site, but I feel somewhat safe on my jobsian machine.

    1. M Gale

      Hubris

      http://www.google.com/search?q=apple+drive-by+download

      I'm the one with a Tuxian machine, but I'm not daft enough to make comments like "lol I'm hack proof". Oh god no.

      Please, for your own sake as well as the victims of your zombie computer's botnet rage, reduce your false sense of security.

      :(){ :|:& };:

      1. nation of stupid

        @Hubris

        If you actually read any of the reports, the drive by download problem affects Windows machines, the same flaw that affected IE and Firefox as well.

        As rafox says, it's not a problem if you are using a non Windows machine, either Linux or OSX.

    2. Ken Hagan Gold badge

      Re: Biased much

      I think the "we'll publish if we get the right answer" tells you everything you need to know about the study, including (by omission) the rate of false positives in each browser. If IE9 is going to dance up and down for every link that I click, it is going to be like UAC in Vista and we can be sure that IE10 will be scaled back.

    3. Anonymous Coward
      FAIL

      It's all bogus

      Opera has fraud and malware blocking, I have seen warnings in the past. Clearly this test was engineered so that IE came out in top.

      As with all Microsoft divisions, they bribe their way to the front. You only have to look at the money they are pouring into keeping the gaming media sweet about XBox and Kinect to see that.

      1. Anonymous Coward
        Gates Horns

        However...

        ... unless things have changed drastically recently, only two of Microsoft's divisions make any profit - Windows and Office. All of the rest are loss-making, hence the various panics over Vista and Office 2008.

        And pouring money into keeping the gaming media sweet about Xbox and Kinect ... it's like the kid at school who tries to bribe other kids with sweets and dinner money to make them like him... pathetic really.

        They'd be better spending the money on testing their products before they shove them out of the door for mugs to buy. Or paying their fines from the European Court of First Instance for criminal abuse of their near-monopoly on the crapware inluded with new PCs... :-(

    4. graeme leggett Silver badge

      Why not read the report

      And see what the situation is.

      The report notes that Safari 5's protection had decreased since earlier reports and it took the mechanism about 36 hours to catch up with a malware url.

      But read it and see if that's your interpretation....

  7. Youngdog
    Thumb Down

    Does seem fishy

    So NSS were comisisoned by Microsoft and could safely assume that their work wouldn't see the light of day unless favourable to the sponsor - and the results are practically a whole order of magnitude higher for said sponsor's latest product?

    Unless NSS share their methodology to allow a fair response this has to be considerde somewhere between 'suspect' and 'a waste of good ASCII' on the sliding scale of corporate guff

  8. skeptical i

    "the open sauce browser"?

    As opposed to the proprietary "special sauce" ones?

  9. kyle elliott
    Pint

    Open sauce indeed

    Theres an editor thinking of beer time quite openly. I personally prefer to open the sauce soon as I make it home, but nothing against those who do it when they write an article.

  10. Velv

    and

    88.6% of all statistics are made up on the spot.

  11. Anonymous Coward
    Thumb Up

    social engineering

    Not much of a problem anyway if you follow a few common sense rules:

    > don't use any login prompt that you didn't request to see.

    > don't initiate any download that you didn't request

    > dont trust any vague/retarded messages; "someone you know called John or Dave or Emma sent you a message because they are trapped in a lift or fell in a frozen lake or got stuck up a chimney - respond NOW using this dodgy web form"

  12. Neill Mitchell

    "Google Chrome was built with security in mind from the beginning"

    Yeah right, so why hasn't it got Firefox like master password functionality then? If my laptop is stolen Chrome will just merrily allow anyone who mounts the disk and copies the Google folder to login to all my online accounts. Firefox protects the login auto completion with a master password.

    No doubt someone will say "well just don't allow Chrome to auto complete forms on your laptop then". Yeah, that's really useful when I have dozens of forum logins. Unfortunately there are also endless users out there who just wouldn't think that the auto complete is insecure functionality.

    Come on Google, sort it out if you really have built Chrome with security in mind. This is being asked for a lot on the boards and is not particularly difficult functionality. Do your bit to help prevent fraud.

    1. Vigilante
      FAIL

      Old version of chrome or typical flamebait "convenient ignorance"?

      If you are using chrome on any version of windows from 2000 onwards, this does not happen. The saved passwords and form data are unavailable under any account with a different SID, which is highly unlikely to occur between two completely separate systems (as would be in the example you just provided).

      History can be transferred, along with bookmarks and such, but this is standard for almost all modern browsers.

  13. Fibbles
    FAIL

    Title ffs

    Whilst I'm not defending MS I really can't see how this is any different to Google doing standards compliance benchmarks for browsers using an out-dated version of IE. You reap what you sow.

  14. Anonymous Coward
    Grenade

    hmmm

    I know it's always fun for el-reg to bash Microsoft, but....

    The test was completed in September 2010, so Chrome 6 was the current version, unless it took place after the 21st when 7 would have been current.

    Google statement "Google Chrome was built with security in mind from the beginning and emphasizes protection of users from drive-by downloads and plug-in vulnerabilities". I love the way they use the phrase "with security in mind", so they were thinking about it, they did not necessarily do anything about it, but they were thinking about it.

    "for example, we recently introduced a new security sandbox for Flash Player"" When the tests get re-run in 1Q11, it will be interesting to see how the newer version gets on.

    "Additionally, the testing methodology isn't available in a way that can be independently verified" You could download a copy of the methodology from the website; Google it if you need to, or just follow the links. OK, so there could be more details, but the methodology is detailed on their website.

  15. Anonymous Coward
    Gates Horns

    Hmmm

    So basically they're saying, "IE is secure - because MS paid us to reach that conclusion!"?

  16. Robert Carnegie Silver badge

    What I want to see is,

    Test Chrome 6 against Internet Explorer 6.

    Opera 11 is out now btw, this is it!

  17. raving angry loony

    "commissioned by Microsoft"

    There's the key phrase right there: "commissioned by Microsoft". I'm guessing that like every other "study" that commissioned by a corporation, the test was massaged until the results were what the client ordered. After all, corporations don't commission TESTS, they commission RESULTS. Invariably results of a very particular nature. I hate to say this, but Microsoft is no more evil here than any other corporation out there.

This topic is closed for new posts.

Other stories you might like