Microsoft Says IE9 Blocks More Malware Than Chrome 226
CSHARP123 writes "In a move that's sure to raise some eyebrows, Microsoft today debuted a new web site designed to raise awareness of security issues in web browsers. When you visit the site, called Your Browser Matters, it allows you to see a score for the browser you're using. Only IE, Chrome, or Firefox are included — other browsers are excluded. Not surprisingly, Microsoft's latest release, Internet Explorer 9, gets a perfect 4 out of 4. Chrome or Firefox do not even come close to the score of 4. Even though the web site makes it easy for users to upgrade to the latest version of their choice of browser, Roger Capriotti hopes people will choose IE9, as it blocks more malware compared to Chrome or Firefox."
Of note in the Windows Team post is that the latest Microsoft Security Intelligence Report discovered that 0-day exploits account for a mere tenth of a percent of all intrusions. Holes in outdated software and social engineering account for the majority of successful attacks.
NoScript (Score:5, Insightful)
NoScript blocks more malware than either.
Re: (Score:3, Insightful)
Re:NoScript (Score:4, Insightful)
If my artist girlfriend can use it with no instruction from me, complaints about complexity ring hollow.
Personally, I find that javascript on average detracts more from the browsing experience than it adds. Slashdot is a perfect example, it's simply not usable with javascript enabled. So even if there was no security benefit at all, it would still be less of a pain in the ass to use NoScript than it would be to browse without it.
Re: (Score:3, Insightful)
Re: (Score:2)
Slashdot is a perfect example, it's simply not usable with javascript enabled.
So how do you explain all of the people, like myself, who use Slashdot with Javascript enabled? Your credibility is starting to ring a bit hollow. A lack of Javascript is not a security panacea, not by a long shot. Plugins are the problem, not scripting. Scripting only matters if you're defending against a script injection attack. It doesn't do squat if the server was hacked and the page has an iframe pointing to a PDF, Java applet, or Flash movie, and it does even less against a site that is simply ma
Re: (Score:2)
Sure it does, noscript blocks PDFs, applets and flash by default. This means that they can't sneak a hidden plugin attack in. The only way for those plugin attacks to work is if you intentionally approve the content.
Re: (Score:2)
Why not just set the browser to only load plugins on-demand? Is that possible with vanilla Firefox?
Re: (Score:2)
I also use Slashdot with javascript enabled, but noscript, by default, also blocks the loading of those plugins in untrusted sites.
Re: (Score:2)
Slashdot is a perfect example, it's simply not usable with javascript enabled.
So how do you explain all of the people, like myself, who use Slashdot with Javascript enabled? Your credibility is starting to ring a bit hollow. A lack of Javascript is not a security panacea, not by a long shot. Plugins are the problem, not scripting. Scripting only matters if you're defending against a script injection attack. It doesn't do squat if the server was hacked and the page has an iframe pointing to a PDF, Java applet, or Flash movie, and it does even less against a site that is simply malicious.
Did you know: NoScript blocks plugins, movies, and applets too? You would have known that, if you were actually in a good position to form an opinion about it. There's a reason it is "NoScript" not "NoJavaScript". Basically NoScript means you get just the basic page layout with nothing "active" like movies or scripts unless you explicitly choose to enable them on a case-by-case basis. To reiterate, you should really understand the most basic functions of NoScript if you're going to comment on it.
Also
Re: (Score:2)
Did you know: NoScript blocks plugins, movies, and applets too?
Obviously not. I try to avoid Firefox, and I don't need the functionality of NoScript in my browser of choice because most of it is built-in.
There's a reason it is "NoScript" not "NoJavaScript".
Since plugin blocking was added after the initial release, the initial intention (and name) was in fact blocking Javascript. From the changelog, it appears that plugin blocking was added in 1.1.
They do still teach lawyers how to construct an argument, right?
I wouldn't know, I'm not a lawyer, I just appreciate the work of some of them.
Re: (Score:2)
Obviously not. I try to avoid Firefox, and I don't need the functionality of NoScript in my browser of choice because most of it is built-in.
Fair enough, but can you see why that wouldn't put you in a good position to form opinions about it?
Since plugin blocking was added after the initial release, the initial intention (and name) was in fact blocking Javascript. From the changelog, it appears that plugin blocking was added in 1.1.
The initial release of Microsoft Windows was a graphical shell that ran on top of DOS. So that means Windows 7 is still based on 16-bit code, right? Because we all know, nothing ever grows or expands or evolves beyond its initial origins.
I wouldn't know, I'm not a lawyer, I just appreciate the work of some of them.
See there I did make an assumption and you rightly called me on it. I don't mind. Goose, gander, and all of that. Of course I could try to weasel out of that and say som
Re: (Score:2)
Fair enough, but can you see why that wouldn't put you in a good position to form opinions about it?
I can form an opinion about whatever I want, but I acknowledge that it's unwise to comment on features without knowing them. I haven't used NoScript in years.
The initial release of Microsoft Windows was a graphical shell that ran on top of DOS. So that means Windows 7 is still based on 16-bit code, right? Because we all know, nothing ever grows or expands or evolves beyond its initial origins.
You're still talking about the origin of the name "NoScript", right?
Re: (Score:2)
I've got to hand it to you two, that's almost textbook material for petty internet bickering. :)
Re: (Score:2)
I've got to hand it to you two, that's almost textbook material for petty internet bickering. :)
No it's not. oblig xkcd http://xkcd.com/386/ [xkcd.com]
Re: (Score:2)
"with nothing "active" like movies or scripts " Yep, that's the best part of noScript. I very much dislike things jumping around on the pages. NoScript keeps them in check.
Re:NoScript (Score:5, Insightful)
We all know Microsoft's response is total bullshit. What this is in response to is that a recent report indicating that IE is the primary vector for infection in Windows environments, which is nearly all of them as the infection rate for other OSes isn't even measurable.
This is a deflection tactic. It is mean to push notice on the competition that is suffering now in the press at various stages. It has no merit, none at all. It is a weak tactic and one we all should despise.
Instead of Microsoft actually fixing their problems, or exiting the market, they have to make others look bad to make themselves look better. I'm sure few of us will take the bait, but when addressing the unwashed masses it has it's intended affect.
Everyone here should be a correction mechanism for this for their family and friends. Microsoft can reach more people with a single utterance than any of us can, but together we can work to ensure we offset that with the real causes of infections (Microsoft's shoddy work), and we can shed light on our family and friends to make it clear that they understand these are shameful tactics.
Re: (Score:3)
Re: (Score:2)
Yes, users are the weakest link. But how many passwords can anyone remember? And if they keep changing, you then have to remember which one is the current one...among the list of systems for which the password keeps changing. And the passwords have to be complex. So we take 5 computer systems and change their passwords every month. At the end of 6 months we need to have generated...wait for it...30 complex passwords. No wonder users say "screw off" to security.
So users don't give a rat's ass about passwords
Re: (Score:2)
NoInternet blocks everything except those from local storage.
Expecting novice users to understand and use NoScript is not tenable.
Re: (Score:2)
NoInternet blocks everything except those from local storage.
Expecting novice users to understand and use NoScript is not tenable.
To expect them to automatically understand it "out of the box" as though their spirit guide slipped the knowledge into their minds while they slept, no that is not tenable. The expectation is that there will be a short period of adjustment that any literate adult of below-average or higher intelligence should be able to handle.
What's REALLY not tenable and is accumulating untold amounts of cost and damage, is this un-negotiated, unwritten, often unspoken default assumption that "novice" should be a perm
Re: (Score:2, Funny)
NoScript blocks more malware than either.
And abstinence provides better protection than condoms.
Re:NoScript (Score:4, Funny)
To help geek up this analogy: enjoying the web without Javascript is like having sex but avoiding partners with STDs.
Re:NoScript (Score:4, Funny)
To help geek up this analogy: enjoying the web without Javascript is like having sex but avoiding partners with STDs.
For a typical user, a better analogy would be: Enjoying the web without Javascript is like having sex while wearing a condom made of inch-thick rubber.
Re: (Score:2, Insightful)
To help geek up this analogy: enjoying the web without Javascript is like having sex but avoiding partners with STDs.
For a typical user, a better analogy would be: Enjoying the web without Javascript is like having sex while wearing a condom made of inch-thick rubber.
and while also wearing a blindfold...
Re: (Score:2)
To help geek up this analogy: enjoying the web without Javascript is like having sex but avoiding partners with STDs.
For a typical user, a better analogy would be: Enjoying the web without Javascript is like having sex while wearing a condom made of inch-thick rubber.
Well, it depends if you are the one wearing the condom or the other one.
Re: (Score:2)
Not only that, but blocking js also makes your computer run much faster. Not sure how that fits in with the analogy but Use Your Imagination
Re: (Score:2)
NoScript blocks more malware than either.
And abstinence provides better protection than condoms.
Yet, abstinence probably leads to much more serious things than possibility of some minor STD, including depression, anti-social behavior and stress. It's good to let go every once in a while.
Of course, there is a good middle ground too. Serious STD's like HIV/AIDS generally do not spread orally. If you're on the receiving end of a blowjob, you have almost 0% change of catching HIV. Even with prostitutes. I learned this thing and have had sex with many ladyboys and never had any STD. Of course, while havi
Re: (Score:2)
NoScript blocks more malware than either.
And abstinence provides better protection than condoms.
Yet, abstinence probably leads to much more serious things than possibility of some minor STD, including depression, anti-social behavior and stress. It's good to let go every once in a while.
Of course, there is a good middle ground too. Serious STD's like HIV/AIDS generally do not spread orally. If you're on the receiving end of a blowjob, you have almost 0% change of catching HIV. Even with prostitutes. I learned this thing and have had sex with many ladyboys and never had any STD. Of course, while having intercourse it's a good idea to use condom, but as a receiving end of a blowjob, you cannot get AIDS.
This is dangerously wrong. The CDC reports that the risk is lower but still a risk with known infections. [cdc.gov]
Re: (Score:2)
Re:NoScript (Score:4, Insightful)
"WE CAN'T GIVE YOU A SCORE FOR YOUR BROWSER."
"WHAT DOES THIS SCORE MEAN?"
I guess that means that my browser is more secure than they expected, and they don't want to admit it? Or, they can't exploit a vulnerability that they expected to find in my browser? WTF?
Chromium, with Ghostery, AdBlock Plus, Flashblock, and NoScript. Go figure . . .
Let's see what it looks like in Firefox:
"How well is your browser protecting you?
We do not have any data for your browser, so we can’t give your browser a score.
See how other browsers scored > "
The site like my Firefox setup better than it liked my Chromium setup - I can at least advance through the menus. But, they can't rank my browser. Phht. Same old tired FUD, if you ask me. What a waste of bandwidth!
Re: (Score:2)
Cute, half of the "Zero" scores comes from things like-
"Does the browser process utilize Windows Protected Mode?"
Well, no, I'm running a Mac!
If you trying to pull a fast one, and least be clever about it.
Re: (Score:3)
Re: (Score:2)
FlashBlock (for Firefox [mozilla.org] and Chrome [google.com]) is a pretty good alternative. it doesn't block xss or clickjacking, but it does prevent malicious plugin exploits while leaving most of the rest of the web fully functional.
Re: (Score:2)
NoScript blocks more malware than either.
And not browsing the web blocks more malware still
Re: (Score:2, Informative)
NoScript can block all those things since it has configurable plugin blocking, configurable with the same site rule system used for js. This is great, not because of malware, but because I personally would rather just click on the few cases where I want to use flash (even on whitelisted sites).
So your snark attempt has pretty much failed.
Re: (Score:2)
Flash requires JavaScript to launch.
No it doesn't.
It seems to me that loading plugins on-demand is really all you need. I don't see a reason to stop Javascript as a security precaution, I don't know of any plain Javascript attacks that lead to malware being installed. There are too many PDF readers that work better than Acrobat to justify using Acrobat, and I haven't seen Java in use in years. I don't know if an extension is required in Firefox in order to load plugins on-demand, but if you block those 3 then you block at least 85% of atta
Re: (Score:2)
Re: (Score:2)
What kind of a stretch is that? I use Opera, I set it to load plugins on-demand. When I get to a page that has Flash content worth watching, I click on it to load the Flash movie. I'm protected against anything I haven't clicked to load. What's so difficult to understand?
It's a fact that Acrobat is crap software, it's a fact that I haven't used a website that requires Java in many years, and it's a fact that the only Flash content I see are things that I explicitly load.
Re: (Score:2)
On Adobe software, we can agree. I haven't looked in weeks, but the last time I looked, Adobe was the number one vector for malware. As I recall, the first time I read that, authors were expressing amazement that Adobe had replaced Microsoft at the head of the list. There's little need to search for citations - real geeks know that already, and the posers will deny it in order to advance their own agendas.
Re: (Score:2)
I'm pretty sure that malicious authors try any number of ways to load Flash. Instead of trying to block all possible ways of loading Flash, how about just block Flash? Where is the threat with Javascript?
Re: (Score:2)
That's inappropriate hyperbole. It takes a click or two on non-trusted sites to configure, and that's about it for most NoScript users, and given that severe infections can necessitate a reinstall, the minor inconvenience far outweighs the potential risk.
I do find the comment on "broken mess" a bit funny, cause for a lot of sites, the ads that are getting blocked make it look like a mess anyways.
Re: (Score:2)
I'm not talking about savvy users. I'm talking about average users. Ones who visit a site and get confused why things aren't working and get frustrated before, finally, after a couple minutes, realizing they might be running into a NoScript problem, and then do those one or two clicks to get it working. And then repeat the cycle again when they're off to the next site.
I bring up average users because the malware blocking features in Chrome and IE9 are targeted at average users.
Re: (Score:3)
Re: (Score:2)
"The amount of time I've seen NoScript users deal with reconfiguring NoScript just so they can have a reasonably decent browsing experience far exceeds the amount of time they would have to spend dealing with malware."
That is complete and utter nonsense. It only takes ONE malware to totally bork your system. SpyAxe, which went by several different names through several different incarnations was pure hell to remove. Then, there was a specially hideous toolbar that installed itself as a driveby thing. Ro
Re: (Score:2)
Uhhhh - Chromium does indeed warn me before downloading files. Words to the effect, "PDF files may contain malicious contenc, do you really want to download this file?" I'm not real sure, maybe Chromium assumes that I'll be opening the PDF document with an Adobe product, so they warn me of the potential vector. Whatever - on Linux, Chromium is set up pretty securely. I can't address the security of Chrome on Windows. I haven't even started up a Windows VM in the past few weeks.
Seen the same data elsewhere, re: Exploits (Score:5, Interesting)
I've seen the same data from Mcafee, and it was really something. For every computer exploited using a Windows flaw, 100 are exploited using Flash. Acrobat Reader and Java are the other major culprits.
In a lot of ways, browser security itself has never been better. There's several highly capable ones out there in this area. The weak link is some truly terrible plugins.
Re: (Score:2)
I think Windows Defender or whatever they have by default on all machines should detect and warn about out of date Java, Flash and Reader at the minimum. Also, they should be made to auto update Chrome style by default unless turned off.
Re: (Score:2)
Re: (Score:2)
Except that isn't what happened at all. There is plenty of stuff in a browser -- javascript to name one -- that would be blatantly insecure if the browser makers wrote code of the same quality as Adobe.
The problem is actually a lack of competition: You can visit the same web page in Firefox as in Chrome, so the browser makers get their shit together or they lose users. But if you want to play a flash movie, you have to use Adobe's flash plugin. There is no viable alternative from the user's perspective, so
Re: (Score:2)
What would need to happen is for web developers to start using HTML5 instead of Flash. Which is starting to happen.
But you're still not going to get existing animated films such as Weebl and Bob or Homestar Runner or 99% of the stuff on Newgrounds converted from Flash vector animation to HTML5 right away.
Re: (Score:2)
You don't have to convert everything. You just have to give Adobe a swift kick in the tail so they do something to fix the problem -- like open source Flash Player or publish RFCs sufficient for someone else to make one.
Re: (Score:2)
Re: (Score:3)
1. Every browser would need to implement the W3C standards as laid out. It's madness to go back to the days where you had to write the same code block in several different flavours, not only to support different browsers, but different VERSIONS of browsers. Wake up kiddies, a lot of corporates are still on IE6.
2. When we have the full IDE toolset for HTML5 that we have for flash, and the frameworks
If only it werent for the inaccuracies... (Score:5, Insightful)
It might have been informative. Seriously, when you accuse Chrome of not meeting the requirement,
"Does the browser help protect you from websites that are known to distribute socially engineered malware?"
when google's anti-malware service is the basis for at least two browsers, and predates IE's effort by at least a year (probably more like 2), it sort of hampers your credibility.
Re: (Score:2)
It apparently gets better. They ding chrome for these as well:
Does the browser automatically block insecure content from secure (HTTPs) pages?
(Even though Chrome does in fact warn you of this. Props to MS, though, they HAVE warned about this since IE6-- though Im pretty sure IE9 does NOT block it automatically).
And this...
Does the browser have the ability to restrict an extension or a plugin on a per site basis?
Even though I am unaware of IE havign that capability, while chrome has had it for a very long
Re: (Score:2)
Does the browser automatically block insecure content from secure (HTTPs) pages?
(Even though Chrome does in fact warn you of this. Props to MS, though, they HAVE warned about this since IE6-- though Im pretty sure IE9 does NOT block it automatically).
Even if Chrome warns the user, I guess what they're saying is after the page has loaded, it's too late. Any passive eavesdropper can see which included resources you've downloaded over an unencrypted connection.
Re: (Score:3)
Does the browser automatically block insecure content from secure (HTTPs) pages? (Even though Chrome does in fact warn you of this. Props to MS, though, they HAVE warned about this since IE6-- though Im pretty sure IE9 does NOT block it automatically).
Even if Chrome warns the user, I guess what they're saying is after the page has loaded, it's too late. Any passive eavesdropper can see which included resources you've downloaded over an unencrypted connection.
Chrome doesn't download the unencrypted resources unless you tell it to. The warning pops up and asks you if you want to download the insecure pieces or not.
Re: (Score:3)
Although I realize it's not very cool to mention, reports would suggest otherwise: block rate [nsslabs.com].
Of course, the report uses Chrome 12, so it's about a week old.
Re: (Score:3)
Even if we were simply to pretend that those stats mean that IE9's blocking is 9x as effective as Chrome's (which is one heck of an allowance), that has nothing to do with Microsoft's claim. Chrome DOES provide a mechanism for filtering malware URLs, in direct contradiction to their claim.
Im not saying IE9 sucks or that chrome is superior or any of that, Im simply marveling at their gall in making completely false statements with no compunctions.
Application Reputation. (Score:2)
Out of all the browsers I've tested so far virus wise. (ie9, Firefox, Chrome) IE9 is the most secure out of the box when it comes to drive by and rogueware trojans that are not exploiting secrity holes from third party plugins, and it's simply because IE9 uses a file's hash to determine if a downloaded file is commonly downloaded or not.
Since most rogueware sites pad their payload executable on demand to avoid AV signature detection, the downloaded file is never a common download and will fail the hash chec
Re: (Score:2)
Discussion about their dishonesty aside (which is ALL I was criticising), I would argue that no, Chrome is more secure-- and not because IE9 doesnt have awesome features; Im sure it does. But Chrome takes the cake because, very simply, they put the security where it matters-- into focusing on plugins, which are the ACTUAL cause of 90+% of malware infections. Its wonderful that IE protects against bad downloads, and that it blocks XSS, and all the rest; what does it do to mitigate PDF and Flash exploits th
Re: (Score:2)
Plugin wise, there's always been talk that Microsoft was going to add adobe patches to windows update, but it never seems to happen.
And you're right. Right now the browsers are not being targeted, the third party plugins are, and chrome has been focusing on keeping exploit of those plugins to a minimum, but when these rogue sites fail to expolit a plugin hole, they have to resort to exploiting the user, and it seems like the IE team is more focused on protecting the user from themselves rather than protect
Re: (Score:2)
None of which works at ALL when youre on a domain and your users dont have admin rights.
Whats that, deploy using MSIs? Yea, right. Thats what my clients want, to pay me every two weeks to undeploy the old version and deploy the new one that just came out-- not to mention all the nonsense you have to do (or, at least, once had to do) to actually get a hold of the Java JRE MSI file.
Yea, Ill take my Google Updater method any day-- updates as admin without ever bugging the users with credentials. Are there p
Re: (Score:3)
This is the same NSS that's funded by Microsoft. Also the same company that once tried to publish a study where they compared a development version of IE against a version of Chrome that was twice outdated.
http://www.google.com/search?q=nss+microsoft [google.com]
Hard to trust a company with that kind of history....
This just in... (Score:2)
This just in, all our competition sucks, news at 11.
Re: (Score:2)
This just in, all our competition sucks, news at 11.
On the other hand, what surprised me was the download links for Chrome, and Firefox on the browser comparison page.
The only thing that would have surprised me more would have been links to the Chrome [google.com] and Firefox [mozilla.org] security features.
Metro UI? (Score:2)
Goddamn that site hurts my eyes. Looks very similar to the Metro UI.
Re: (Score:2)
Re: (Score:2)
A billion versus a few million? (Score:2)
If a billion IE users browse the web and 100 million Chrome users do the same, sure ... it is not unlikely that IE blocks more malware.
Admitted, that was a lame joke ...
However, if MS had not slept and ignored security the last 25 years, we had not that much malware, or had we?
What Does That Even Mean? (Score:2)
What these guys are touting is IE9's "SmartScreen" protection which claims to "block 99% of phishing" so I am pondering what that even means. I wonder how many of those "phishing" exploits actually work if a user activates them on Firefox, Chrome, etc. It also doesn't appear to take into account platforms where activating the page on something like a non-Windows platform Android device with Chrome breaks because it can't handle or support what the attack wants.
I am for a more intelligent IE9 so I'm happy fo
Re: (Score:2)
What these guys are touting is IE9's "SmartScreen" protection which claims to "block 99% of phishing" so I am pondering what that even means.
It uses heuristics to determine whether a site is hosting a phishing attempt. However, like all heuristics, it does have some false positives, and Microsoft's page about SmartScreen for web site owners [microsoft.com] makes a few recommendations that the smallest web sites might not be able to handle properly:
True, StartSSL offers free certificates, but a cer
Re: (Score:2)
If all of the different websites are for the same corporation, you can buy a unified type certificate (UC or "multi-domain) with multiple company domain names listed. It's not ideal, but it does at least let you put all of your corporate domains on the same IP address and have it protected via SSL.
Tends to work better then a wildcard certificate, and a lot less expensive.
Well, maybe DNSSEC certificates will get rid of the SSL vendors.
severely damaging to test credibility (Score:3)
when you don't allow users to run your test on some of your competition's offerings, such as Safari.
All they're trying to do is say "We're the best (in this carefully chosen group)" Of course they're going to win that argument. Even a catbox smells nice if you're only allowed to compare it with a hog shed.
Now I'm not out to smear the other offerings they did include, but even leaving out one significant competitor from your test is more than enough to raise reasonable doubt as to how your product really stacks up against all your competition.
Re: (Score:2)
Is Safari a significant competitor?
I'm not trolling; I'm writing this comment on a Macbook Pro, so I'm not some rabid anti-Apple-ite nor am I a huge Microsoft supporter. But the first thing I did when I got this computer was to install Firefox, and later moved on to installing Chrome. Safari was opened once or twice, mostly to facilitate downloading the other browser.
In fact, while I admit that it is anecdotal and a small sample size, nobody I know of who uses a Mac uses Safari as their browser. That
Can't trust this site (Score:2)
Says my Firefox 7 only rates a 2, and says I should try ie9, and helpfully gives me a link.
But the link is to the Windows version. I'm on a Mac!
Clearly it doesn't actually have the resolution to know, much less tell me, how Firefox 7 for OS X ranks.
Re: (Score:2)
Yeah, it tells me my Mac-based Firefox doesn't "benefit from Windows Operating System features that protect against structured exception handling overwrite attacks?"
Oddly, it thinks that I do derive benefit from "Windows Operating System features that protect against arbitrary data execution" and
"Windows Operating System features that randomize the memory layout to make it harder for attackers to find their target."
Whatever, dude.
Re: (Score:2)
I didn't even read that far. I applaud your commitment to research :)
Site is fake, not tests are run (Score:5, Informative)
Malicious Website Content! (Score:3)
Get Adobe Flash player
This page requires Flash Player version 10.2.0 or higher.
My browser only scored a 2 out of 4, yet was able to keep me from seeing most of the malicious content on the linked page.
NoScript and AdBlockPlus, thank you.
My browser: 1
Microsoft FUD: 0
Moving along, now... so much more internet to see, so little time.
Yes, but... (Score:2)
Microsoft says a lot of things.
It doesn't rate Opera either, but (Score:4, Interesting)
This "feature" should be weighted more heavily... (Score:2)
"Does the browser extend the sandbox such that it cannot read data from parts of the system that it doesn’t have access to?"
Umm IE9 fails miserably in this regard.
Oh, and where's the "Does the browser help protect you from websites that are *NOT* known to distribute socially engineered malware?"
At least let me run a test to prove how secure my browser really is, instead of just checking the browser agent.
To be fair (Score:2)
Typical Microsoft Site (Score:5, Informative)
All show and no go. It doesn't actually test your browser or system, it just attempts to identify the browser and then matches it up with a "score." My firefox 6 got a score of 2 out of 4 based on a list of features that it allegedly had or did not have and, among other things, gave me a check box under 'yes' for "Does the browser benefit from Windows Operating System features that protect against arbitrary data execution?" even though I was running a non-Windows OS. Then I hit it with Netscape 2, Netscape 4, HotJava 3, and Opera 3 and it was unable to identify any of those and just said it couldn't give a score. The best part, though, was where it said 'The flash plugin was needed to display the page' advising me on security.
Cut'em some slack (Score:3, Insightful)
Why does everyone fall back on attacking Microsoft for press releases like this? Statistically, IE HAS been safer than other browsers in certain respects nowadays. It's silly to dismiss their complete turnaround in taking security seriously just because it's fun to hate on the company.
Of course there's going to be some marketing thrown into it as well. But what company doesn't? Why isn't everyone attacking Apple when they claim Safari is the fastest and safest browser? Or Mozilla, which has made the same claims for years too? It's not true for either of those, and they certainly can't both be right at the same time. Everyone lets that slide, because it's not cool to hate on them, despite their own terrible histories with security/vulnerability problems.
I haven't used IE for years (stopped for security reasons, in fact), but that doesn't change the fact that I can still offer them kudos for helping keep the web a safer place, especially when they still provide the dominant browser. The less infected machines on the internet is beneficial to ALL of us.
Firefox Needs Sandboxing (Score:3)
Even though the site is the usual mix of MS inaccuracies, one thing it does do a good job pointing out is that Firefox is the odd man out right now when it comes to sandboxing. IE has it, Chrome has it, Safari on the Mac has it. Yet Firefox as the #2/#3 browser in the world lacks it. And while it's of limited use in protecting against attacks on plugins (which are the most common vector), it means it's easier to exploit the browser itself.
The FF devs should be working on getting Firefox appropriately sandboxed, even if it's Windows-only at the start. It would go a long way towards bringing it up to par with Chrome, which is Firefox's real competition.
Well, I should certainly hope so... (Score:2)
Microsoft Says IE9 Blocks More Malware Than Chrome
Well, I should certainly hope so! By now you'd think Microsoft would know how to build a browser to *NOT* compromise their own operating system...YEESH!
Depends on the OS.. (Score:2)
If you're silly enough to use windows, maybe it does matter what browser you use..
Firefox 3 on Linux (Score:2)
Great! My Firefox on Linux is actually benefiting from the Windows OS:
Does the browser benefit from Windows Operating System features that protect against arbitrary data execution? yes
This is one big marketing website, with actual, provable lies.
Real simple .... (Score:2)
The results would probably be quite different against a properly random sampling of malware.
Re: (Score:3)
IE9 is much better than previous browsers. It gets 100% in the acid 3 test, but it still ignores <q>tags</q>.
Re: (Score:2)
Re: (Score:2)
IE9 is much more standards compliant than IE8.
It's still a lot less standards compliant than Chrome, Safari, Firefox or Opera.
Rephrased: "Should I buy Windows 7?" (Score:2)
Re: (Score:2)
I recommend build so you wont have crapware installed
How many people know how to build a laptop out of a barebook kit?
Unsafe files vs. unsafe file types (Score:2)
Chrome does in fact ask me when I try to download potentially unsafe file formats (in my case, DMG files =) ), prompting me whether to keep or discard.
Chrome decides based on the file format. IE's filter is more fine-grained, deciding based on the reputation of a particular downloaded executable file (identified by its hash value?) or, in the case of a digitally signed executable, the reputation of its publisher. Microsoft's advice for building an application's reputation (source 1 [microsoft.com]; source 2 [msdn.com]) involves buying into the Authenticode CA racket, which can prove expensive for an individual student or hobbyist developer.
IE 9 in Windows 7 in VirtualBox in Ubuntu (Score:2)
Re: (Score:2)
Re: (Score:2)
According to this "test", IE8 is more secure than current Chrome and Firefox.
I guess the only question that remains; is this fear, uncertainty, doubt or a combination thereof?