

IE9 is better at blocking malware than Chrome, Safari, and Firefox combined - Quekster
http://thenextweb.com/microsoft/2012/09/27/study-finds-microsofts-ie9-blocks-95-threats-google-chrome-blocks-just-33/

======
dmethvin
Actual reports are here, downloadable as PDF:

[http://www.nsslabs.com/reports/your-browser-putting-you-
risk...](http://www.nsslabs.com/reports/your-browser-putting-you-risk-
part-1-general-malware-blocking)

[http://www.nsslabs.com/reports/your-browser-putting-you-
risk...](http://www.nsslabs.com/reports/your-browser-putting-you-risk-
part-2-click-fraud)

The methodology is (vaguely) described in the first document. The click fraud
result was very interesting, it seems that Chrome just doesn't address it at
all. Of course I suspect the majority of click fraud goes on in Google's ad
network, so Google has an incentive to ignore it just as Microsoft has a
reason to catch it.

~~~
asdfaoeu
I don't see why we need click fraud blocking in the browser anyway, unless it
was just a by product blocking malware, as it could be done way more
effectively in the ad network.

~~~
dmethvin
Look at it this way, click fraudsters are parasitic to advertisers but
actually symbiotic for web sites and ad networks. So how can you expect them
to aggressively prevent it? As long as the fraud doesn't rise to the point
where the advertisers can't make money, they'll continue to run ads because
the process is opaque and there aren't a lot of other viable choices.

------
azakai
The malware report here says they analyze protection from "malware downloads".
If so wouldn't that be the job of an antivirus program? I don't understand why
the browser is supposed to do this.

If this is basically duplicating what antivirus programs do anyway, then has
IE just added some GUI integration with MS's antivirus, and that gives it the
good result it gets here? It seems like all browsers will be equally safe
given the same antivirus installed on their machine, so the result seems
meaningless.

Even less clear is the other report, on click fraud. It mentions software
running on the client's machine ("click fraud software installation" etc.), so
basically we are again talking about malware? And again, wouldn't a program
separate from a browser - an antivirus program - be the right tool to handle
that?

Lists of dangerous URLs are something that browsers can do that antivirus
programs can't. But oddly that is not the focus of these reports.

~~~
Mythbusters
There's a link somebody posted below about how it works:
[http://blogs.msdn.com/b/ie/archive/2011/05/17/smartscreen-17...](http://blogs.msdn.com/b/ie/archive/2011/05/17/smartscreen-174-application-
reputation-in-ie9.aspx)

It's a reputation system for downloads. Sure its something a antimalware can
do as well but given that most software/malware gets downloaded these days,
makes sense to have something like this in browser

~~~
azakai
I agree the browser should be involved in some way. But wouldn't it be better
to have a single antivirus that integrates with your browser, email client,
and also scans USB drives you connect? Browsers aren't the only vector of
attack, so duplicating an antivirus seems an odd choice.

From the article, it sounds like the main benefit of SmartScreen is the
quickness. But again, wouldn't it be better to have an antivirus with that
performance, and then your entire system would benefit..?

------
modeless
I'd like to see false positive rates in addition to false negative rates. In
my experience, SmartScreen just labels 90% of everything as malware. The false
positive rate is important because if the filter is usually wrong users will
learn to just ignore it.

~~~
Mythbusters
SmartScreen is basically a reputation system. If not enough people have
downloaded it and it's not known as a threat yet, it chooses to do the default
thing and blocks it. That is probably what causes the behavior you referred
to. But would you rather let a non-technical person not download a valid
binary or let them download a malware?

~~~
modeless
It depends. If the non-technical person is so frustrated by SmartScreen being
wrong all the time that they simply turn it off, or are instructed to turn it
off by sites distributing legitimate binaries slandered by SmartScreen, then
it's not a net win for security.

~~~
Mythbusters
so are you saying its better to let download a (not so commonly downloaded)
binary than to warn about it? Thank god you don't work on security software

~~~
modeless
Personal insults are unnecessary. What I'm saying is, a filter that prevented
you from downloading anything would score 100% on this test. That doesn't make
it more secure, because users would just disable it.

------
EwanG
I will avoid the "easy" joke that it's because so many sites balk at running
properly under IE9 (oh... guess I didn't after all), and point out that I do
believe that Microsoft understands they need to regain a certain amount of
cred if they are going to regain the number 3 spot they need to be able to
eventually take a shot at the summit again. I do think their development
process gets in the way - in that they are setup not to be able to accept good
ideas from the community that Firefox and to a lesser extent Chrome are able
to. On the other hand, they have a better view of the corporate environment
than the others, and I have to assume that will pay off at some point.

------
zethraeus
IE9 is a solid browser, and the pop-culture IE vitriole, while clearly having
roots in important history, is getting tedious.

</rant>

Firefox needs to step its game up here. Although frankly I'm surprised that
the browser manufacturers don't share their blacklist data.

~~~
at-fates-hands
IE9 could do itself a favor and create some decent developer tools and it
would be a lot closer to the top of my list.

Hell, even Opera has a better set of developer tools and it hovers around 2.2%
of the market. I'm not even including its great mobile emulator either.

~~~
Mythbusters
concur. The dev tools and plug-ins that FF has are unbeatable. But then that
is not what my mom/dad care about as much. So they still use IE.

~~~
cheald
What's FF offer over Chrome? The Chrome tools are pretty freakin' badass these
days.

------
ars
Something doesn't make sense here. Don't firefox and chrome use the exact same
blocklist made by google? It says so right here:
<http://www.google.com/tools/firefox/safebrowsing/>

So why do their graphs differ so much?

~~~
maxerickson
It's discussed in the malware pdf. Chrome also has some exe blocking in
addition to the safebrowsing.

------
CamperBob2
Yes, by levelling accusations of "malware!" at every download not distributed
by Microsoft itself.

SmartScreen Filter is a product-disparagement lawsuit waiting to happen. I
hope I hear about it in time to pile on.

~~~
barista
That is not true. It is based more on reputation. May be you should first
learn more about it before spreading misinformation :
[http://blogs.msdn.com/b/ie/archive/2011/05/17/smartscreen-17...](http://blogs.msdn.com/b/ie/archive/2011/05/17/smartscreen-174-application-
reputation-in-ie9.aspx)

~~~
CamperBob2
I'm quite aware of what I'm talking about, but thanks for your concern.

Russian entrepreneurs get to pay off their national Mafia, while Windows
developers get to pay off Symantec. Life goes on, I suppose. But they'd
receive fewer complaints if digital signing didn't only improve reputation
"twice as fast," whatever that means, in the words of the blog entry you
linked to. The opacity of the process is as offensive as the core idea of
basing reputation on how commonly something is downloaded.

------
Zenst
I like the Chromebook and Chromebox adverts, but thats probably just me.

When I see a statement such as "IE9 is better at blocking malware than Chrome,
Safari, and Firefox combined" I think of it as some clever marketing spin.
Reason being is if you got the malware issues of Chrome+Safari+Firefox and
compared the result with IE9 malware issues and you see how some statements
can be true whilst not being accurate. This is the issue with any sample based
comparision. There are many forms of issues out there and new ones every day
at times. Lets face it only last week IE9 was open to a expliot that the other
browsers were not and was emergency patched by microsoft shrtly afterwards.

True answear is no one browser is secure all the time and if you come across a
new unpatched expliot in one browser then the option to fallback to another
browser is better than being open until it is patched.

From my personal experience I've found Opera to be the best out the box for
blocking general crap. Shame that was not included in there testing, especialy
if they wish to give out solid advice. Also note these are desktop browsers
and in that, how mobile browsers fair is still a question left unansweared.

------
jusob
They talk about URLs and MD5 (binary files). Chrome, Safari and Firefox use
Google Safe browsing which target malicious pages, rather than malicious
files. Malicious pages (HTML, JavaScript) is typically hosted on a different
domain that the malicious executable. For my experience, GSB focuses on the
malicious HTML/JavaScript. If it is blocked, the user never gets to the
malicious executable. if NSS feeds URLS of the malicious executable, it is
possible GSB miss them. But this would not be a real world case.

I tested GSB and IE about 2 years ago which a much smaller sample set. There
was very little overlap between what they block. So I would be curious how the
URLs were gathered.

------
justinschuh
This is the same Microsoft marketing material that NSS Labs puts out every
year. It's devoid of any of the information you'd need to quantify, validate,
or falsify the findings. In past years NSS at least admitted that Microsoft
sponsored these "studies." Now they lack even that transparency.

------
JimmaDaRustla
I remember testing AJAX in IE9, and I couldn't do any cross-site requests,
which may be impacting the click frauds?

Although, I'm a nub and don't know how to properly code an AJAX call I'm
assuming.

------
pwniekins
Wait..wait..wait....

 _nobody_ has caught on to the fact that NSS did this test with the latest
version of IE and horribly outdated versions of FF and chrome?

Hacker news I expected better of you.

------
antihero
How about Chrome Firefox running on Linux...?

------
capo
Did Microsoft commission the study?

~~~
barista
Must be. Because anything Microsoft does better especially in the areas of
security must be flawed or propaganda </sarcasm>

~~~
mtgx
Well I remember when Chrome's security was broken for the first and only time,
by a research firm. And guess who paid for that to happen? Microsoft.

So let me repeat that. Microsoft paid a company to break Chrome's security.

~~~
Torrents
First and only _known_ time?

------
taw9
Title should be "... better at blocking malware on the steaming pile that is
Windows...". Chrome/Fox are just fine on my Linux box.

~~~
pwniekins
_thank you_

------
eddanger
Because nobody uses it!

~~~
simba-hiiipower
..really? well, thanks for your thoughtful contribution to the discussion. i
hate to shoot-down such an insightful and well thought-out point but a quick
check [1] seems to refute your claim. in fact (oddly enough) it appears that,
not only do people use it, but a majority of people do.

i honestly don't understand all the hate around ie.. my experience using it on
a day-to-day basis has shown it to be a stable, fast, and well-designed (and
apparently quite secure) browser..

[1] [http://marketshare.hitslink.com/browser-market-
share.aspx?qp...](http://marketshare.hitslink.com/browser-market-
share.aspx?qprid=0&qpcustomd=0)

~~~
sixbrx
Not sure you "shot down" anything, your data isn't specific to the version of
IE (note the title). I would assume that there's a large fraction on IE 6, 7
and 8 under the umbrella of "Internet Explorer".

~~~
mbrubeck
From StatCounter's measurements this month, IE9 accounts for 18% of all page
views worldwide; older versions of IE are another 15% of page views:
[http://gs.statcounter.com/#browser-ww-
monthly-201209-201209-...](http://gs.statcounter.com/#browser-ww-
monthly-201209-201209-bar)

The number of people using IE9 is on the same order as the entire population
of the United States, so regardless of the exact number it's kind of crazy to
say "nobody uses it."

~~~
sixbrx
I'm not defending the "nobody uses it", it was an overreaching exageration,
much like the graphic seeming to claim that IE9 had 54% share.

~~~
simba-hiiipower
yeah i totally agree. i was referencing IE as a whole when i linked to that;
figured IE9 would hold the majority of that at this point, but you're right
and that's not the case at all.

i forgot Microsoft didn't release it for XP (which i believe still holds
somewhere north of 40% desktop os share), so i can see why that wouldn't be
the case.

