Microsoft's
Internet Explorer 8 Web browser is effective
at blocking both phishing sites and socially engineered malware, according to two new NSS Labs reports. In turn,
this has led Microsoft to push for its users to upgrade to the new browser from
IE 6 and IE 7, which a significant portion of the community continues to use.
During a 14-day test
period, NSS Labs, an independent online security-testing organization, found
that the mean block rate for phishing for Internet Explorer 8 stood at 83
percent, versus 80 percent for Firefox 3, 54 percent for Opera 10, 26 percent
for Chrome 2, and 2 percent for Safari 4. In the final report issued by the
group, Firefox and Internet Explorer 8 were in a virtual dead heat when it came
to blocking phishing URLs, given that NSS Labs’ margin of error was 3.96
percent.
It should be noted that the NSS Labs testing was sponsored by
Microsoft. In comments posted online, NSS Labs president Rick Moy
suggested that Microsoft's security engineering team had originally
commissioned the study, whose results were then picked up by Redmond's
marketing department for use. However, a number of sources online,
including Ars Technica and The Tech Herald, feel that Microsoft's
sponsorship could have introduced a biased element into the study.
The testing also found that Internet Explorer 8 needed an
average of 4.96 hours to add a requested phishing URL to its block list, while
Firefox 3 took 5.24 hours and Opera 10 Beta needed 6.19 hours. The mean time for
a browser to block a site was 16.43 hours, a number exceeded in testing only by
Safari 4, which needed an average of 54.67 hours to put a site on its block
list.
"Since phishing sites have an average lifespan of only 52
hours (just over 2 days) it is essential that the site is discovered, validated,
classified and added to the reputation system as quickly as possible," the
report noted in its conclusion. "A good reputation system must be both accurate
and fast in order to realize high catch rates."
"The developers at both Microsoft and Mozilla clearly
understand this relationship and respond quickly to block new phishing sites,"
the report added.
The other July report issued by NSS Labs, which tested how
well a Web browser could protect against socially engineered malware, found that
Internet Explorer 8 had somewhat more of a statistical advantage over Firefox
and the other browsers.
In testing, which took place over 12 days and involved 69
test runs with fresh new malware URLs, Internet Explorer 8's mean block rate for
socially engineered malware was 81 percent, versus Firefox at 27 percent and
Safari 4 at 21 percent. Chrome 2 came in at 7 percent, followed by Opera 10 at 1
percent.
According to Amy Barzdukas, general manager of Internet
Explorer, the numbers from the NSS Labs testing suggest that, despite support
continuing to be offered for older versions of Microsoft’s browser, upgrading to
Internet Explorer 8 could help end-users combat a variety of security threats.
"Our goal is certainly to move consumers as quickly as
possible from IE 6," Barzdukas said in an interview with eWEEK. "The onus is on
us to do a better job to make people understand the benefits of being on a
modern browser, and specifically IE 8. And the key to that is
security."
"With IE 8 we added the blocking capability; we’re blocking
20 percent more malware than in the past," Barzdukas added. "That is one thing
we want to tell users of IE 6 who might be experiencing a ‘good enough’
situation, and they’re not aware of reasons to upgrade."
Despite growth in the numbers of people using Internet
Explorer 8, a number of end-users have continued to utilize the 8-year-old
Internet Explorer 6. A survey by Digg, a content-sharing Web site, found that 10
percent of its community continues to use IE 6, either because they have no
administrator access to their PCs running Windows XP, or
else because "someone at work says I can’t."
In an interview, Bazdukas suggested that Microsoft had been
paying attention to the landscape, adjusting some features of Internet Explorer
8 accordingly.
"One of the things we were able to put into IE 8 was process
isolation with tabs," Bazdukas said. "One of the competitors had the ability to
restore your session; another separated tabs; we did both."
"The focus was really on what people actually do in the
browser, so we had the advantage of 40-50 million users who entered into the
telemetry data," Bazdukas added. "We looked at things like: If someone is doing
a copy command in browser, what are they most likely to do next?"
The responsiveness on the features front is perhaps more
necessary than ever; the Internet Explorer line has seen its market share
corrode in the short term, with a July report by StatCounter finding that Internet
Explorer 6, 7 and 8 collectively owned 55 percent of the browser market compared to Firefox’s 27.73 percent – a noticeable drop for Microsoft from 2008,
when Internet Explorer had 78 percent of the browser market and Firefox had 18.2
percent.
While one might assume that falling market-share would make
Microsoft less leery of a potential antitrust case, Internet Explorer 8 will
include an update that makes the choice between the browser and its rivals more
explicit for end-users. Rolled out as part of Aug. 11's Patch Tuesday, the
browser now presents users with an upfront choice to either stick with IE 8 or
migrate to another browser; however, those with Internet Explorer already set as
their default browser will not see this screen.
Microsoft had trouble with the Department of Justice over the
integration of Internet Explorer into Windows 98 in the late 1990s, and today
still faces issues with EU’s antitrust commission over the addition of the
browser to Windows. Earlier this summer, Microsoft proposed issuing a
browser-free version of its upcoming Windows 7 to the EU, but
has come around to offering the same version of Windows 7 there as the rest of
the world.
Editor's Note: This story has been updated with mention of Microsoft's sponsorship of the NSS Labs study.
/ 11 
Windows & Interoperability News & Reviews 
