Saturday, July 24, 2021

Study: IE Safest Browser for Social Media

From the ‘Read The Fine Print‘ files:

A new Microsoft-sponsored study from NSS Labs is out with a finding that IE 8 is the most secure browser, when it comes to catching, socially engineered malware. The study however did not look at the security of the browser or related plug-ins (like Flash).

What is socially engineered malware?

According to the NSS report, they defined a socially engineered malware URL as, “a web page link that directly leads to a
‘download’ that delivers a malicious payload whose content type would
lead to execution.”

So for that type of scenario, NSS reported that IE 8 caught 81 percent of all threats. In contrast, Firefox 3 (they did their test prior to the final Firefox 3.5 release) only caught 27 percent while Google Chrome 2 caught 7 percent.

The interesting part of the Firefox 3 to Chrome 2 comparison, in my opinion, is the fact that both Firefox and Chrome use Google’s SafeBrowsing API.  Firefox has been using Google’s API since the Firefox 2 release. In 2006, a Mozilla-sponsored study found that Firefox 2 was superior at catching phishing sites. Another 2006 study, sponsored by Microsoft found that IE 7 had the best anti-phishing filter.

So what’s my point?

No doubt Microsoft is investing in improving IE and its security
features. But when it comes to saying which browser is best for
security, it’s a slippery slope.

One particularly interesting
tidbit that I found in the NSS study is a disclaimer found as a
footnote at the bottom of the second page of the report.

Note:This study does not compare browser security related to vulnerabilities in plug-ins or the browsers themselves

That’s kind of a big deal, isn’t it?

Flash
has been a known route to exploitability. Specific browser issues in IE
8 led to an emergency out of band patch earlier this year. As well,
when it comes to the socially engineered malware description, in
Firefox even if the Google SafeBrowsing API didn’t block the download,
the user still has to click on the file to actually execute it. Most
Windows users should have anti-virus protection and that would
(hopefully) protect users.

For Linux users, .exe files don’t run so the risk is non-existent.

I
think the greatest risk continues to be the drive-by issue. Those are cases, where a user
doesn’t have to do anything (i.e click a file) to be at risk. I’d like
to see a non-partisan third party study that gives all the major
browser due diligence on that issue.

Article courtesy of InternetNews.com.

Similar articles

Latest Articles

Data Science Market Trends...

When famed mathematician John W. Tukey postulated that advanced computing would have a profound effect on data analysis, he probably didn’t imagine the full...

Data Recovery Market Trends...

Data recovery is more important than ever in this era of constant cyber attacks and ransomware. The Verizon Data Breach Investigations Report (DBIR) looked...

Trends in Data Visualization

In a world of big data, visualization is becoming a key skill set that every business must master.  Digital technology has transformed the way businesses...

Microsoft Data Portfolio Review

With a host of analytics services for almost any situation, Microsoft Azure’s data services have got just about every base covered.   In the world...