Forgot your password?
typodupeerror
Microsoft Security

Microsoft Says IE9 Blocks More Malware Than Chrome 226

Posted by Unknown Lamer
from the i-heard-macs-don't-get-viruses dept.
CSHARP123 writes "In a move that's sure to raise some eyebrows, Microsoft today debuted a new web site designed to raise awareness of security issues in web browsers. When you visit the site, called Your Browser Matters, it allows you to see a score for the browser you're using. Only IE, Chrome, or Firefox are included — other browsers are excluded. Not surprisingly, Microsoft's latest release, Internet Explorer 9, gets a perfect 4 out of 4. Chrome or Firefox do not even come close to the score of 4. Even though the web site makes it easy for users to upgrade to the latest version of their choice of browser, Roger Capriotti hopes people will choose IE9, as it blocks more malware compared to Chrome or Firefox." Of note in the Windows Team post is that the latest Microsoft Security Intelligence Report discovered that 0-day exploits account for a mere tenth of a percent of all intrusions. Holes in outdated software and social engineering account for the majority of successful attacks.
This discussion has been archived. No new comments can be posted.

Microsoft Says IE9 Blocks More Malware Than Chrome

Comments Filter:
  • NoScript (Score:5, Insightful)

    by Hatta (162192) on Tuesday October 11, 2011 @05:38PM (#37684026) Journal

    NoScript blocks more malware than either.

    • Re: (Score:3, Insightful)

      by North Korea (2457866)
      Yes, and is pain in the ass to use and something that no normal person will ever do. Hell, even I don't want to use it while being a geek and fully understand it's potential.. but it's just so pain in the ass.
      • Re:NoScript (Score:4, Insightful)

        by Hatta (162192) on Tuesday October 11, 2011 @05:48PM (#37684134) Journal

        If my artist girlfriend can use it with no instruction from me, complaints about complexity ring hollow.

        Personally, I find that javascript on average detracts more from the browsing experience than it adds. Slashdot is a perfect example, it's simply not usable with javascript enabled. So even if there was no security benefit at all, it would still be less of a pain in the ass to use NoScript than it would be to browse without it.

        • Re: (Score:3, Insightful)

          by TechLA (2482532)
          No one talked about complexity, but just being pain in the ass to use. You always have to keep reloading sites, allowing scripts and so on when you go new sites. And if you just allow most, then there's no point anyway. Most of the internet now relies on JavaScript and it really does make things easier, allows AJAX and so on. You break a lot of functionality without JavaScript. Yes, most good sites allow non-javascript fallback, but it's not as nice as with JavaScript enabled.
        • Slashdot is a perfect example, it's simply not usable with javascript enabled.

          So how do you explain all of the people, like myself, who use Slashdot with Javascript enabled? Your credibility is starting to ring a bit hollow. A lack of Javascript is not a security panacea, not by a long shot. Plugins are the problem, not scripting. Scripting only matters if you're defending against a script injection attack. It doesn't do squat if the server was hacked and the page has an iframe pointing to a PDF, Java applet, or Flash movie, and it does even less against a site that is simply ma

          • by Nadaka (224565)

            Sure it does, noscript blocks PDFs, applets and flash by default. This means that they can't sneak a hidden plugin attack in. The only way for those plugin attacks to work is if you intentionally approve the content.

            • Why not just set the browser to only load plugins on-demand? Is that possible with vanilla Firefox?

          • by errandum (2014454)

            I also use Slashdot with javascript enabled, but noscript, by default, also blocks the loading of those plugins in untrusted sites.

          • by causality (777677)

            Slashdot is a perfect example, it's simply not usable with javascript enabled.

            So how do you explain all of the people, like myself, who use Slashdot with Javascript enabled? Your credibility is starting to ring a bit hollow. A lack of Javascript is not a security panacea, not by a long shot. Plugins are the problem, not scripting. Scripting only matters if you're defending against a script injection attack. It doesn't do squat if the server was hacked and the page has an iframe pointing to a PDF, Java applet, or Flash movie, and it does even less against a site that is simply malicious.

            Did you know: NoScript blocks plugins, movies, and applets too? You would have known that, if you were actually in a good position to form an opinion about it. There's a reason it is "NoScript" not "NoJavaScript". Basically NoScript means you get just the basic page layout with nothing "active" like movies or scripts unless you explicitly choose to enable them on a case-by-case basis. To reiterate, you should really understand the most basic functions of NoScript if you're going to comment on it.

            Also

            • Did you know: NoScript blocks plugins, movies, and applets too?

              Obviously not. I try to avoid Firefox, and I don't need the functionality of NoScript in my browser of choice because most of it is built-in.

              There's a reason it is "NoScript" not "NoJavaScript".

              Since plugin blocking was added after the initial release, the initial intention (and name) was in fact blocking Javascript. From the changelog, it appears that plugin blocking was added in 1.1.

              They do still teach lawyers how to construct an argument, right?

              I wouldn't know, I'm not a lawyer, I just appreciate the work of some of them.

              • by causality (777677)

                Obviously not. I try to avoid Firefox, and I don't need the functionality of NoScript in my browser of choice because most of it is built-in.

                Fair enough, but can you see why that wouldn't put you in a good position to form opinions about it?

                Since plugin blocking was added after the initial release, the initial intention (and name) was in fact blocking Javascript. From the changelog, it appears that plugin blocking was added in 1.1.

                The initial release of Microsoft Windows was a graphical shell that ran on top of DOS. So that means Windows 7 is still based on 16-bit code, right? Because we all know, nothing ever grows or expands or evolves beyond its initial origins.

                I wouldn't know, I'm not a lawyer, I just appreciate the work of some of them.

                See there I did make an assumption and you rightly called me on it. I don't mind. Goose, gander, and all of that. Of course I could try to weasel out of that and say som

                • Fair enough, but can you see why that wouldn't put you in a good position to form opinions about it?

                  I can form an opinion about whatever I want, but I acknowledge that it's unwise to comment on features without knowing them. I haven't used NoScript in years.

                  The initial release of Microsoft Windows was a graphical shell that ran on top of DOS. So that means Windows 7 is still based on 16-bit code, right? Because we all know, nothing ever grows or expands or evolves beyond its initial origins.

                  You're still talking about the origin of the name "NoScript", right?

            • by gtall (79522)

              "with nothing "active" like movies or scripts " Yep, that's the best part of noScript. I very much dislike things jumping around on the pages. NoScript keeps them in check.

    • NoInternet blocks everything except those from local storage.

      Expecting novice users to understand and use NoScript is not tenable.

      • by causality (777677)

        NoInternet blocks everything except those from local storage.

        Expecting novice users to understand and use NoScript is not tenable.

        To expect them to automatically understand it "out of the box" as though their spirit guide slipped the knowledge into their minds while they slept, no that is not tenable. The expectation is that there will be a short period of adjustment that any literate adult of below-average or higher intelligence should be able to handle.

        What's REALLY not tenable and is accumulating untold amounts of cost and damage, is this un-negotiated, unwritten, often unspoken default assumption that "novice" should be a perm

    • Re: (Score:2, Funny)

      by Anonymous Coward

      NoScript blocks more malware than either.

      And abstinence provides better protection than condoms.

      • Re:NoScript (Score:4, Funny)

        by Hazel Bergeron (2015538) on Tuesday October 11, 2011 @05:48PM (#37684144) Journal

        To help geek up this analogy: enjoying the web without Javascript is like having sex but avoiding partners with STDs.

        • Re:NoScript (Score:4, Funny)

          by 93 Escort Wagon (326346) on Tuesday October 11, 2011 @05:58PM (#37684272)

          To help geek up this analogy: enjoying the web without Javascript is like having sex but avoiding partners with STDs.

          For a typical user, a better analogy would be: Enjoying the web without Javascript is like having sex while wearing a condom made of inch-thick rubber.

          • Re: (Score:2, Insightful)

            by Anonymous Coward

            To help geek up this analogy: enjoying the web without Javascript is like having sex but avoiding partners with STDs.

            For a typical user, a better analogy would be: Enjoying the web without Javascript is like having sex while wearing a condom made of inch-thick rubber.

            and while also wearing a blindfold...

          • To help geek up this analogy: enjoying the web without Javascript is like having sex but avoiding partners with STDs.

            For a typical user, a better analogy would be: Enjoying the web without Javascript is like having sex while wearing a condom made of inch-thick rubber.

            Well, it depends if you are the one wearing the condom or the other one.

          • Not only that, but blocking js also makes your computer run much faster. Not sure how that fits in with the analogy but Use Your Imagination

      • by TechLA (2482532)

        NoScript blocks more malware than either.

        And abstinence provides better protection than condoms.

        Yet, abstinence probably leads to much more serious things than possibility of some minor STD, including depression, anti-social behavior and stress. It's good to let go every once in a while.

        Of course, there is a good middle ground too. Serious STD's like HIV/AIDS generally do not spread orally. If you're on the receiving end of a blowjob, you have almost 0% change of catching HIV. Even with prostitutes. I learned this thing and have had sex with many ladyboys and never had any STD. Of course, while havi

        • by gmack (197796)

          NoScript blocks more malware than either.

          And abstinence provides better protection than condoms.

          Yet, abstinence probably leads to much more serious things than possibility of some minor STD, including depression, anti-social behavior and stress. It's good to let go every once in a while.

          Of course, there is a good middle ground too. Serious STD's like HIV/AIDS generally do not spread orally. If you're on the receiving end of a blowjob, you have almost 0% change of catching HIV. Even with prostitutes. I learned this thing and have had sex with many ladyboys and never had any STD. Of course, while having intercourse it's a good idea to use condom, but as a receiving end of a blowjob, you cannot get AIDS.

          This is dangerously wrong. The CDC reports that the risk is lower but still a risk with known infections. [cdc.gov]

    • by Baloroth (2370816)
      So does Lynx. Your point?
    • Re:NoScript (Score:4, Insightful)

      by Runaway1956 (1322357) on Tuesday October 11, 2011 @09:36PM (#37686048) Homepage Journal

      "WE CAN'T GIVE YOU A SCORE FOR YOUR BROWSER."

      "WHAT DOES THIS SCORE MEAN?"

      I guess that means that my browser is more secure than they expected, and they don't want to admit it? Or, they can't exploit a vulnerability that they expected to find in my browser? WTF?

      Chromium, with Ghostery, AdBlock Plus, Flashblock, and NoScript. Go figure . . .

      Let's see what it looks like in Firefox:

      "How well is your browser protecting you?

      We do not have any data for your browser, so we can’t give your browser a score.
      See how other browsers scored > "

      The site like my Firefox setup better than it liked my Chromium setup - I can at least advance through the menus. But, they can't rank my browser. Phht. Same old tired FUD, if you ask me. What a waste of bandwidth!

      • by bryan1945 (301828)

        Cute, half of the "Zero" scores comes from things like-
        "Does the browser process utilize Windows Protected Mode?"
        Well, no, I'm running a Mac!

        If you trying to pull a fast one, and least be clever about it.

    • by Tasha26 (1613349)
      Look at the title, "Microsoft says..." and about their own product. It must be true... right... umm?
    • by spongman (182339)

      FlashBlock (for Firefox [mozilla.org] and Chrome [google.com]) is a pretty good alternative. it doesn't block xss or clickjacking, but it does prevent malicious plugin exploits while leaving most of the rest of the web fully functional.

    • by Chrisq (894406)

      NoScript blocks more malware than either.

      And not browsing the web blocks more malware still

  • by Tridus (79566) on Tuesday October 11, 2011 @05:39PM (#37684034) Homepage

    I've seen the same data from Mcafee, and it was really something. For every computer exploited using a Windows flaw, 100 are exploited using Flash. Acrobat Reader and Java are the other major culprits.

    In a lot of ways, browser security itself has never been better. There's several highly capable ones out there in this area. The weak link is some truly terrible plugins.

    • I think Windows Defender or whatever they have by default on all machines should detect and warn about out of date Java, Flash and Reader at the minimum. Also, they should be made to auto update Chrome style by default unless turned off.

    • by clarkn0va (807617)
      Translation: We exported all of those problems [wikipedia.org] and their related functionality to some third-party modules.
      • Except that isn't what happened at all. There is plenty of stuff in a browser -- javascript to name one -- that would be blatantly insecure if the browser makers wrote code of the same quality as Adobe.

        The problem is actually a lack of competition: You can visit the same web page in Firefox as in Chrome, so the browser makers get their shit together or they lose users. But if you want to play a flash movie, you have to use Adobe's flash plugin. There is no viable alternative from the user's perspective, so

        • by tepples (727027)

          What would need to happen is for web developers to start using HTML5 instead of Flash. Which is starting to happen.

          But you're still not going to get existing animated films such as Weebl and Bob or Homestar Runner or 99% of the stuff on Newgrounds converted from Flash vector animation to HTML5 right away.

          • You don't have to convert everything. You just have to give Adobe a swift kick in the tail so they do something to fix the problem -- like open source Flash Player or publish RFCs sufficient for someone else to make one.

          • homestar runner is gone, tbh i think most flash animations are encoded as movies so they can go on youtube nowadays as well, it's just too easy not to do. it really is getting close to the end of flash, give it a couple of years.
        • by Cryacin (657549)
          As an RIA and web developer, let me tell you what would need to happen for me to start developing in HTML5.

          1. Every browser would need to implement the W3C standards as laid out. It's madness to go back to the days where you had to write the same code block in several different flavours, not only to support different browsers, but different VERSIONS of browsers. Wake up kiddies, a lot of corporates are still on IE6.
          2. When we have the full IDE toolset for HTML5 that we have for flash, and the frameworks
  • by LordLimecat (1103839) on Tuesday October 11, 2011 @05:42PM (#37684074)

    It might have been informative. Seriously, when you accuse Chrome of not meeting the requirement,
    "Does the browser help protect you from websites that are known to distribute socially engineered malware?"
    when google's anti-malware service is the basis for at least two browsers, and predates IE's effort by at least a year (probably more like 2), it sort of hampers your credibility.

    • It apparently gets better. They ding chrome for these as well:
      Does the browser automatically block insecure content from secure (HTTPs) pages?
      (Even though Chrome does in fact warn you of this. Props to MS, though, they HAVE warned about this since IE6-- though Im pretty sure IE9 does NOT block it automatically).

      And this...
      Does the browser have the ability to restrict an extension or a plugin on a per site basis?
      Even though I am unaware of IE havign that capability, while chrome has had it for a very long

      • by tepples (727027)

        Does the browser automatically block insecure content from secure (HTTPs) pages?
        (Even though Chrome does in fact warn you of this. Props to MS, though, they HAVE warned about this since IE6-- though Im pretty sure IE9 does NOT block it automatically).

        Even if Chrome warns the user, I guess what they're saying is after the page has loaded, it's too late. Any passive eavesdropper can see which included resources you've downloaded over an unencrypted connection.

        • by swillden (191260)

          Does the browser automatically block insecure content from secure (HTTPs) pages? (Even though Chrome does in fact warn you of this. Props to MS, though, they HAVE warned about this since IE6-- though Im pretty sure IE9 does NOT block it automatically).

          Even if Chrome warns the user, I guess what they're saying is after the page has loaded, it's too late. Any passive eavesdropper can see which included resources you've downloaded over an unencrypted connection.

          Chrome doesn't download the unencrypted resources unless you tell it to. The warning pops up and asks you if you want to download the insecure pieces or not.

    • by PickyH3D (680158)

      Although I realize it's not very cool to mention, reports would suggest otherwise: block rate [nsslabs.com].

      Of course, the report uses Chrome 12, so it's about a week old.

      • Even if we were simply to pretend that those stats mean that IE9's blocking is 9x as effective as Chrome's (which is one heck of an allowance), that has nothing to do with Microsoft's claim. Chrome DOES provide a mechanism for filtering malware URLs, in direct contradiction to their claim.

        Im not saying IE9 sucks or that chrome is superior or any of that, Im simply marveling at their gall in making completely false statements with no compunctions.

        • Out of all the browsers I've tested so far virus wise. (ie9, Firefox, Chrome) IE9 is the most secure out of the box when it comes to drive by and rogueware trojans that are not exploiting secrity holes from third party plugins, and it's simply because IE9 uses a file's hash to determine if a downloaded file is commonly downloaded or not.

          Since most rogueware sites pad their payload executable on demand to avoid AV signature detection, the downloaded file is never a common download and will fail the hash chec

          • Discussion about their dishonesty aside (which is ALL I was criticising), I would argue that no, Chrome is more secure-- and not because IE9 doesnt have awesome features; Im sure it does. But Chrome takes the cake because, very simply, they put the security where it matters-- into focusing on plugins, which are the ACTUAL cause of 90+% of malware infections. Its wonderful that IE protects against bad downloads, and that it blocks XSS, and all the rest; what does it do to mitigate PDF and Flash exploits th

            • Plugin wise, there's always been talk that Microsoft was going to add adobe patches to windows update, but it never seems to happen.

              And you're right. Right now the browsers are not being targeted, the third party plugins are, and chrome has been focusing on keeping exploit of those plugins to a minimum, but when these rogue sites fail to expolit a plugin hole, they have to resort to exploiting the user, and it seems like the IE team is more focused on protecting the user from themselves rather than protect

              • None of which works at ALL when youre on a domain and your users dont have admin rights.

                Whats that, deploy using MSIs? Yea, right. Thats what my clients want, to pay me every two weeks to undeploy the old version and deploy the new one that just came out-- not to mention all the nonsense you have to do (or, at least, once had to do) to actually get a hold of the Java JRE MSI file.

                Yea, Ill take my Google Updater method any day-- updates as admin without ever bugging the users with credentials. Are there p

      • This is the same NSS that's funded by Microsoft. Also the same company that once tried to publish a study where they compared a development version of IE against a version of Chrome that was twice outdated.

        http://www.google.com/search?q=nss+microsoft [google.com]

        Hard to trust a company with that kind of history....

  • Actually, their site doesn't even work with Chrome 15.x on Linux. So I think my browser is securing me pretty darn well.

    This just in, all our competition sucks, news at 11.
    • by c++0xFF (1758032)

      This just in, all our competition sucks, news at 11.

      On the other hand, what surprised me was the download links for Chrome, and Firefox on the browser comparison page.

      The only thing that would have surprised me more would have been links to the Chrome [google.com] and Firefox [mozilla.org] security features.

  • Goddamn that site hurts my eyes. Looks very similar to the Metro UI.

    • by Sperbels (1008585)
      Actually...it does kind of hurt. Weird.
      • by Toonol (1057698)
        It doesn't scroll right, either. If your window doesn't hold it all vertically, no scroll bars appear. At least in Firefox. You have to increase your browser size to see it all.
  • If a billion IE users browse the web and 100 million Chrome users do the same, sure ... it is not unlikely that IE blocks more malware.

    Admitted, that was a lame joke ...

    However, if MS had not slept and ignored security the last 25 years, we had not that much malware, or had we?

  • What these guys are touting is IE9's "SmartScreen" protection which claims to "block 99% of phishing" so I am pondering what that even means. I wonder how many of those "phishing" exploits actually work if a user activates them on Firefox, Chrome, etc. It also doesn't appear to take into account platforms where activating the page on something like a non-Windows platform Android device with Chrome breaks because it can't handle or support what the attack wants.

    I am for a more intelligent IE9 so I'm happy fo

    • by tepples (727027)

      What these guys are touting is IE9's "SmartScreen" protection which claims to "block 99% of phishing" so I am pondering what that even means.

      It uses heuristics to determine whether a site is hosting a phishing attempt. However, like all heuristics, it does have some false positives, and Microsoft's page about SmartScreen for web site owners [microsoft.com] makes a few recommendations that the smallest web sites might not be able to handle properly:

      If you ask users for personal information, use Secure Sockets Layer (SSL) certification with a current server certificate issued by a trusted certification authority.

      True, StartSSL offers free certificates, but a cer

      • One needs a dedicated IP for each TLS site.

        If all of the different websites are for the same corporation, you can buy a unified type certificate (UC or "multi-domain) with multiple company domain names listed. It's not ideal, but it does at least let you put all of your corporate domains on the same IP address and have it protected via SSL.

        Tends to work better then a wildcard certificate, and a lot less expensive.

        Well, maybe DNSSEC certificates will get rid of the SSL vendors.
  • by v1 (525388) on Tuesday October 11, 2011 @06:01PM (#37684316) Homepage Journal

    when you don't allow users to run your test on some of your competition's offerings, such as Safari.

    All they're trying to do is say "We're the best (in this carefully chosen group)" Of course they're going to win that argument. Even a catbox smells nice if you're only allowed to compare it with a hog shed.

    Now I'm not out to smear the other offerings they did include, but even leaving out one significant competitor from your test is more than enough to raise reasonable doubt as to how your product really stacks up against all your competition.

    • by Dhalka226 (559740)

      Is Safari a significant competitor?

      I'm not trolling; I'm writing this comment on a Macbook Pro, so I'm not some rabid anti-Apple-ite nor am I a huge Microsoft supporter. But the first thing I did when I got this computer was to install Firefox, and later moved on to installing Chrome. Safari was opened once or twice, mostly to facilitate downloading the other browser.

      In fact, while I admit that it is anecdotal and a small sample size, nobody I know of who uses a Mac uses Safari as their browser. That

  • Says my Firefox 7 only rates a 2, and says I should try ie9, and helpfully gives me a link.
    But the link is to the Windows version. I'm on a Mac!
    Clearly it doesn't actually have the resolution to know, much less tell me, how Firefox 7 for OS X ranks.

    • Yeah, it tells me my Mac-based Firefox doesn't "benefit from Windows Operating System features that protect against structured exception handling overwrite attacks?"

      Oddly, it thinks that I do derive benefit from "Windows Operating System features that protect against arbitrary data execution" and
      "Windows Operating System features that randomize the memory layout to make it harder for attackers to find their target."

      Whatever, dude.

  • by Derling Whirvish (636322) on Tuesday October 11, 2011 @07:00PM (#37684976) Journal
    The site is fake and does nothing other than tell you to use IE9. It determines your user agent and responds based on the result. It does not run any security tests against your browser. When I go the the site with IE9 I get a score of 4 of 4. When I go to it with Firefox 8 I get a 2 of 4 score. When I switch my user agent in Firefox 8 with the user agent switcher add-on to report I am using IE9 and go to the site using Firefox 8, I get a score of 4 of 4.
  • by znerk (1162519) on Tuesday October 11, 2011 @07:03PM (#37685008)

    Get Adobe Flash player
    This page requires Flash Player version 10.2.0 or higher.

    My browser only scored a 2 out of 4, yet was able to keep me from seeing most of the malicious content on the linked page.

    NoScript and AdBlockPlus, thank you.

    My browser: 1
    Microsoft FUD: 0

    Moving along, now... so much more internet to see, so little time.

  • Microsoft says a lot of things.

  • by Eadwacer (722852) on Tuesday October 11, 2011 @07:09PM (#37685056)
    When I went there with my Opera browser, it said it couldn't rate it. So I used Opera's site preferences to lie to the site and tell it I was using IE (version unspecified). I then got a rating of 4/4. So even a fake IE is better than none.
  • "Does the browser extend the sandbox such that it cannot read data from parts of the system that it doesn’t have access to?"

    Umm IE9 fails miserably in this regard.

    Oh, and where's the "Does the browser help protect you from websites that are *NOT* known to distribute socially engineered malware?"

    At least let me run a test to prove how secure my browser really is, instead of just checking the browser agent.

  • They are offering ".5" scores... if you count the total pass/fails in the detailed description of the scores, IE should only have 3.5/4
  • by dtjohnson (102237) on Tuesday October 11, 2011 @07:32PM (#37685248)

    All show and no go. It doesn't actually test your browser or system, it just attempts to identify the browser and then matches it up with a "score." My firefox 6 got a score of 2 out of 4 based on a list of features that it allegedly had or did not have and, among other things, gave me a check box under 'yes' for "Does the browser benefit from Windows Operating System features that protect against arbitrary data execution?" even though I was running a non-Windows OS. Then I hit it with Netscape 2, Netscape 4, HotJava 3, and Opera 3 and it was unable to identify any of those and just said it couldn't give a score. The best part, though, was where it said 'The flash plugin was needed to display the page' advising me on security.

  • Cut'em some slack (Score:3, Insightful)

    by FyberOptic (813904) on Tuesday October 11, 2011 @07:37PM (#37685274)

    Why does everyone fall back on attacking Microsoft for press releases like this? Statistically, IE HAS been safer than other browsers in certain respects nowadays. It's silly to dismiss their complete turnaround in taking security seriously just because it's fun to hate on the company.

    Of course there's going to be some marketing thrown into it as well. But what company doesn't? Why isn't everyone attacking Apple when they claim Safari is the fastest and safest browser? Or Mozilla, which has made the same claims for years too? It's not true for either of those, and they certainly can't both be right at the same time. Everyone lets that slide, because it's not cool to hate on them, despite their own terrible histories with security/vulnerability problems.

    I haven't used IE for years (stopped for security reasons, in fact), but that doesn't change the fact that I can still offer them kudos for helping keep the web a safer place, especially when they still provide the dominant browser. The less infected machines on the internet is beneficial to ALL of us.

  • by rsmith-mac (639075) on Tuesday October 11, 2011 @10:01PM (#37686192)

    Even though the site is the usual mix of MS inaccuracies, one thing it does do a good job pointing out is that Firefox is the odd man out right now when it comes to sandboxing. IE has it, Chrome has it, Safari on the Mac has it. Yet Firefox as the #2/#3 browser in the world lacks it. And while it's of limited use in protecting against attacks on plugins (which are the most common vector), it means it's easier to exploit the browser itself.

    The FF devs should be working on getting Firefox appropriately sandboxed, even if it's Windows-only at the start. It would go a long way towards bringing it up to par with Chrome, which is Firefox's real competition.

  • Microsoft Says IE9 Blocks More Malware Than Chrome

    Well, I should certainly hope so! By now you'd think Microsoft would know how to build a browser to *NOT* compromise their own operating system...YEESH!

  • If you're silly enough to use windows, maybe it does matter what browser you use..

  • Great! My Firefox on Linux is actually benefiting from the Windows OS:

    Does the browser benefit from Windows Operating System features that protect against arbitrary data execution? yes

    This is one big marketing website, with actual, provable lies.

  • IE9 protects against 100% of the viruses that IE9 knows about (which were all that MS knew to test for).

    The results would probably be quite different against a properly random sampling of malware.

Whenever a system becomes completely defined, some damn fool discovers something which either abolishes the system or expands it beyond recognition.

Working...