Microsoft's Internet Explorer 8 is more effective at blocking both phishing sites and socially engineered malware than Firefox, Safari and other browsers, say two new reports from NSS Labs. Microsoft is pushing its community to upgrade from Internet Explorer 6 and 7 to the new browser, which it says can offer better security and features, even as users continue to use the older applications. Once the dominant browser, the Internet Explorer franchise has lost ground in recent months to open-source Firefox.Microsoft's
Internet Explorer 8 Web browser is effective
at blocking both phishing sites and socially engineered malware, according to two new NSS Labs reports. In turn,
this has led Microsoft to push for its users to upgrade to the new browser from
IE 6 and IE 7, which a significant portion of the community continues to use.
During a 14-day test
period, NSS Labs, an independent online security-testing organization, found
that the mean block rate for phishing for Internet Explorer 8 stood at 83
percent, versus 80 percent for Firefox 3, 54 percent for Opera 10, 26 percent
for Chrome 2, and 2 percent for Safari 4. In the final report issued by the
group, Firefox and Internet Explorer 8 were in a virtual dead heat when it came
to blocking phishing URLs, given that NSS Labs margin of error was 3.96
percent.
It should be noted that the NSS Labs testing was sponsored by
Microsoft. In comments posted online, NSS Labs president Rick Moy
suggested that Microsoft's security engineering team had originally
commissioned the study, whose results were then picked up by Redmond's
marketing department for use. However, a number of sources online,
including Ars Technica and The Tech Herald, feel that Microsoft's
sponsorship could have introduced a biased element into the study.
The testing also found that Internet Explorer 8 needed an
average of 4.96 hours to add a requested phishing URL to its block list, while
Firefox 3 took 5.24 hours and Opera 10 Beta needed 6.19 hours. The mean time for
a browser to block a site was 16.43 hours, a number exceeded in testing only by
Safari 4, which needed an average of 54.67 hours to put a site on its block
list.
"Since phishing sites have an average lifespan of only 52
hours (just over 2 days) it is essential that the site is discovered, validated,
classified and added to the reputation system as quickly as possible," the
report noted in its conclusion. "A good reputation system must be both accurate
and fast in order to realize high catch rates."
"The developers at both Microsoft and Mozilla clearly
understand this relationship and respond quickly to block new phishing sites,"
the report added.
The other July report issued by NSS Labs, which tested how
well a Web browser could protect against socially engineered malware, found that
Internet Explorer 8 had somewhat more of a statistical advantage over Firefox
and the other browsers.
In testing, which took place over 12 days and involved 69
test runs with fresh new malware URLs, Internet Explorer 8's mean block rate for
socially engineered malware was 81 percent, versus Firefox at 27 percent and
Safari 4 at 21 percent. Chrome 2 came in at 7 percent, followed by Opera 10 at 1
percent.
According to Amy Barzdukas, general manager of Internet
Explorer, the numbers from the NSS Labs testing suggest that, despite support
continuing to be offered for older versions of Microsofts browser, upgrading to
Internet Explorer 8 could help end-users combat a variety of security threats.
"Our goal is certainly to move consumers as quickly as
possible from IE 6," Barzdukas said in an interview with eWEEK. "The onus is on
us to do a better job to make people understand the benefits of being on a
modern browser, and specifically IE 8. And the key to that is
security."
"With IE 8 we added the blocking capability; were blocking
20 percent more malware than in the past," Barzdukas added. "That is one thing
we want to tell users of IE 6 who might be experiencing a good enough
situation, and theyre not aware of reasons to upgrade."
Despite growth in the numbers of people using Internet
Explorer 8, a number of end-users have continued to utilize the 8-year-old
Internet Explorer 6. A survey by Digg, a content-sharing Web site, found that 10
percent of its community continues to use IE 6, either because they have no
administrator access to their PCs running Windows XP, or
else because "someone at work says I cant."
In an interview, Bazdukas suggested that Microsoft had been
paying attention to the landscape, adjusting some features of Internet Explorer
8 accordingly.
"One of the things we were able to put into IE 8 was process
isolation with tabs," Bazdukas said. "One of the competitors had the ability to
restore your session; another separated tabs; we did both."
"The focus was really on what people actually do in the
browser, so we had the advantage of 40-50 million users who entered into the
telemetry data," Bazdukas added. "We looked at things like: If someone is doing
a copy command in browser, what are they most likely to do next?"
The responsiveness on the features front is perhaps more
necessary than ever; the Internet Explorer line has seen its market share
corrode in the short term, with a July report by StatCounter finding that Internet
Explorer 6, 7 and 8 collectively owned 55 percent of the browser market compared to Firefoxs 27.73 percent a noticeable drop for Microsoft from 2008,
when Internet Explorer had 78 percent of the browser market and Firefox had 18.2
percent.
While one might assume that falling market-share would make
Microsoft less leery of a potential antitrust case, Internet Explorer 8 will
include an update that makes the choice between the browser and its rivals more
explicit for end-users. Rolled out as part of Aug. 11's Patch Tuesday, the
browser now presents users with an upfront choice to either stick with IE 8 or
migrate to another browser; however, those with Internet Explorer already set as
their default browser will not see this screen.
Microsoft had trouble with the Department of Justice over the
integration of Internet Explorer into Windows 98 in the late 1990s, and today
still faces issues with EUs antitrust commission over the addition of the
browser to Windows. Earlier this summer, Microsoft proposed issuing a
browser-free version of its upcoming Windows 7 to the EU, but
has come around to offering the same version of Windows 7 there as the rest of
the world.
Editor's Note: This story has been updated with mention of Microsoft's sponsorship of the NSS Labs study.
| | Reader Comments: Microsoft's IE 8 Effective at Blocking Phishing, Malware, Report Says | | >>> Post your comment now!
| | A user comment on this articleHi, this is Feran with the Internet Explorer Outreach Team. You can see the entire NSS study at http://nsslabs.com/browser-security or read more... Posted At: 08-19-09
By: feranm_ie8team | | | | | | IEI also use multiple browsers & IE 8 and shop on Amazon without any problems. My guess is you have a bad ActiveX / browser plug-in. Try disabling... Posted At: 08-19-09
By: Anon | | | | | | ie8 hates amazon & javaI have two browsers in addition to IE8: Chrome & Firefox. Both of the latter can drill down on amazon and make use of java without freezing up and... Posted At: 08-19-09
By: rroberto | | | | | | false positivesNeither Internet Explorer 8 nor Google Chrome allows one to make an exception for a blocked website warning. For instance, when logging into Yahoo!... Posted At: 08-18-09
By: Stratocaster | | | | | | A user comment on this articleIf the test was faulty, why arn't the other browsers refuting the results. They did not refute the results in March, and they are not doing it this... Posted At: 08-18-09
By: Anonymous | | | | | | IE8not for me! may use when I get Win7! Posted At: 08-18-09
By: m. | | | | | | Not ImpressiveAfter installing/uninstalling IE 8 a couple of times on an XP machine I am fed up. IE 8 caused system instability and other problems accessing some... Posted At: 08-18-09
By: Jeff | | | | | | >>> Post your comment now! | | | | | |
|
 |
/ 9 
