access...
...or assess?
The methodology of tests that found IE is tops for blocking a particular type of malware attack have come under fire from Google. NSS Labs was commissioned by Microsoft to access the ability of browser to block socially engineered malware attack URLs. The exercise focused on the effectiveness of in-built browser technology to …
Plenty of times I've had Chrome flash up a warning telling me that such-and-such a site has had some kind of malware on it recently.
I've never seen that in IE, yet.
So. Survey commissioned by Microsoft reveals results that are favourable to Microsoft. Blimey, UK.gov should have took Microsoft's help with the NIR when offered!
IE 9 beta: 99%
IE 8: 90%
Firefox 3.6: 19%
Safari 5: 11%
Chrome 6: 3%
This does look suspicious. I freely admit I have never studied the question, and I have no idea what techniques different browsers use, but I have trouble believing the results. Of course, the fact that Microsoft commissioned the study does not help any...
I would also be more interested if I was actually scared of getting malware from a web site, but I feel somewhat safe on my jobsian machine.
http://www.google.com/search?q=apple+drive-by+download
I'm the one with a Tuxian machine, but I'm not daft enough to make comments like "lol I'm hack proof". Oh god no.
Please, for your own sake as well as the victims of your zombie computer's botnet rage, reduce your false sense of security.
:(){ :|:& };:
I think the "we'll publish if we get the right answer" tells you everything you need to know about the study, including (by omission) the rate of false positives in each browser. If IE9 is going to dance up and down for every link that I click, it is going to be like UAC in Vista and we can be sure that IE10 will be scaled back.
Opera has fraud and malware blocking, I have seen warnings in the past. Clearly this test was engineered so that IE came out in top.
As with all Microsoft divisions, they bribe their way to the front. You only have to look at the money they are pouring into keeping the gaming media sweet about XBox and Kinect to see that.
... unless things have changed drastically recently, only two of Microsoft's divisions make any profit - Windows and Office. All of the rest are loss-making, hence the various panics over Vista and Office 2008.
And pouring money into keeping the gaming media sweet about Xbox and Kinect ... it's like the kid at school who tries to bribe other kids with sweets and dinner money to make them like him... pathetic really.
They'd be better spending the money on testing their products before they shove them out of the door for mugs to buy. Or paying their fines from the European Court of First Instance for criminal abuse of their near-monopoly on the crapware inluded with new PCs... :-(
So NSS were comisisoned by Microsoft and could safely assume that their work wouldn't see the light of day unless favourable to the sponsor - and the results are practically a whole order of magnitude higher for said sponsor's latest product?
Unless NSS share their methodology to allow a fair response this has to be considerde somewhere between 'suspect' and 'a waste of good ASCII' on the sliding scale of corporate guff
Not much of a problem anyway if you follow a few common sense rules:
> don't use any login prompt that you didn't request to see.
> don't initiate any download that you didn't request
> dont trust any vague/retarded messages; "someone you know called John or Dave or Emma sent you a message because they are trapped in a lift or fell in a frozen lake or got stuck up a chimney - respond NOW using this dodgy web form"
Yeah right, so why hasn't it got Firefox like master password functionality then? If my laptop is stolen Chrome will just merrily allow anyone who mounts the disk and copies the Google folder to login to all my online accounts. Firefox protects the login auto completion with a master password.
No doubt someone will say "well just don't allow Chrome to auto complete forms on your laptop then". Yeah, that's really useful when I have dozens of forum logins. Unfortunately there are also endless users out there who just wouldn't think that the auto complete is insecure functionality.
Come on Google, sort it out if you really have built Chrome with security in mind. This is being asked for a lot on the boards and is not particularly difficult functionality. Do your bit to help prevent fraud.
If you are using chrome on any version of windows from 2000 onwards, this does not happen. The saved passwords and form data are unavailable under any account with a different SID, which is highly unlikely to occur between two completely separate systems (as would be in the example you just provided).
History can be transferred, along with bookmarks and such, but this is standard for almost all modern browsers.
I know it's always fun for el-reg to bash Microsoft, but....
The test was completed in September 2010, so Chrome 6 was the current version, unless it took place after the 21st when 7 would have been current.
Google statement "Google Chrome was built with security in mind from the beginning and emphasizes protection of users from drive-by downloads and plug-in vulnerabilities". I love the way they use the phrase "with security in mind", so they were thinking about it, they did not necessarily do anything about it, but they were thinking about it.
"for example, we recently introduced a new security sandbox for Flash Player"" When the tests get re-run in 1Q11, it will be interesting to see how the newer version gets on.
"Additionally, the testing methodology isn't available in a way that can be independently verified" You could download a copy of the methodology from the website; Google it if you need to, or just follow the links. OK, so there could be more details, but the methodology is detailed on their website.
There's the key phrase right there: "commissioned by Microsoft". I'm guessing that like every other "study" that commissioned by a corporation, the test was massaged until the results were what the client ordered. After all, corporations don't commission TESTS, they commission RESULTS. Invariably results of a very particular nature. I hate to say this, but Microsoft is no more evil here than any other corporation out there.