IE8 Trounces Firefox, Chrome in Security Test

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
A recent security test conducted by NSS Labs found that IE 8 outperformed all other browsers, some by a wide margin, in a battery of security tests. I think the big news here isn’t how well IE8 did but how poorly some of the others performed.

In the NSS Labs test with live traffic, Internet Explorer 8 caught 81 percent of the attacks coming over the wire. IE8 vastly outperformed the second closest rival, Firefox 3, which caught 54 percent of the inbound threats. IE8’s performance improved 12 percent over a similar test conducted the previous quarter; NSS Labs credits continual improvements to its SmartScreen technology.
Click to expand...
 
I would hope it would be an independent test that nobody sponsored.
 
I been saying for a long time IE is safer.
I know many will say no or w/e but when it comes down to it IE stops more that any other. Firefox i swear they sneak on by without you even knowing or FF knowing.
This has been since IE7 from my own testing.
I have worked bank security and in my eyes Open source = open for trouble.
 
Assuming this test wasn't funded by Microsoft (which I doubt), IE8 is secure. Great! But, it sucks in every other department when compared to other grade A browsers.
 
Haven't used FF in over a year now, not exactly sold on it being anymore safer then IE was, although my wife still stands by it.

Arguing over browsers is funny though, if you don't do any serious porn surfing i doubt you'd really need the security to begin with.
 
I don't doubt that IE8 is secure, but what it lacks is true flexible functionality like Firefox. Plus the GUI interface design of IE8 looks uglier than Chrome and Firefox (I liked the IE6 look better because it was simple, straight forward, to the point, and had an "underrated" look at some might say).
 
Aside from the sponsorship issue (lol@having test threats being tailored to individual browsers), what's the rate of false positives? I can create a browser that detects 100% of all and any threat by flagging every single site as malicious (about:home is a virus!).

But personally, I could care less what the threat detection rate is. Just browse smart and stop looking at so much pr0nz.
 
Cerulean said:
I don't doubt that IE8 is secure, but what it lacks is true flexible functionality like Firefox. Plus the GUI interface design of IE8 looks uglier than Chrome and Firefox (I liked the IE6 look better because it was simple, straight forward, to the point, and had an "underrated" look at some might say).
Click to expand...

I'm the complete opposite, I like IE8's look and hate FF, and chrome looks weird to me. The mock-ups for FF 4.0 aero that I saw a few weeks ago looked nice though, but FF STILL doesn't run sandboxed on Vista/7, whereas IE and Chrome do, FF developers have promised for a long time to enable sandboxing, but where is it? Meanwhile IE on Vista has been doing it for over 2 years. I never cared about add-ons, most of them are buggy and cause problems I have to chase down, I have no patience, so I run IE8 stock on Win 7, and configure the security zones to not allow plug-ins on any site except like 3 or 4 trusted sites. Nice and secure.
 
END said:
I have worked bank security and in my eyes Open source = open for trouble.
Click to expand...
Can you defend this statement or is this just something you read in Wired magazine? Let me guess everything in the tech industry would be better if only there were more h1bs.

I'd like to see this test with no script running.
 
The article says they tested with Firefox 3. Is the article just being imprecise, or did they seriously use an outdated version of Firefox instead of 3.5?
 
END said:
I been saying for a long time IE is safer.
I know many will say no or w/e but when it comes down to it IE stops more that any other. Firefox i swear they sneak on by without you even knowing or FF knowing.
This has been since IE7 from my own testing.
I have worked bank security and in my eyes Open source = open for trouble.
Click to expand...

Well I do work as a sys admin in quite a large bank right now and I can assure you that we use plenty of very secure open source platforms.

Of course for the regular business front/back office we use the ubiquitous Microsoft platform active directory/exchange/win/office but there are quite a few servers that run open source stuff along proprietary unix platforms.

What matters most is the best tool for the job! Fanboy-ism and blanket statements only serve to blind yourself.

As far the current article, i do think that IE started to be quite secure, especially since x64 Vista IE sandboxing.

However; personally I still prefer Firefox with Noscript, yes you can turn off scripting in other browsers but so far Noscript is by far easiest way to control script permissions.
 
Salavat23 said:
Ehh... you can disable scripting in almost any modern browser.
Click to expand...
The difference is that FF allows more control over what you choose to enable and disable and its on demand also.

Jospeh said:
I don't think IE8 is better than FF with no script.
Click to expand...
I was curious to see how well IE8 did when those tests were run w/ a FF/NoScript combo. I know the obvious barrier is that noscript still requires a fair amount of user input/interaction.

Trimlock said:
Haven't used FF in over a year now, not exactly sold on it being anymore safer then IE was, although my wife still stands by it.

Arguing over browsers is funny though, if you don't do any serious porn surfing i doubt you'd really need the security to begin with.
Click to expand...
Once you get off that soapbox, you'll realize that alot of the "normal" sites a person visits that have nothing to do with porn have advertisements and the such or scripts that display malicious content. I realized this the day I installed no-script and it kept asking me to ok all these crazy scripts that I otherwise wouldn't have been aware of.

typezero303 said:
Tell that to all the companies depending on Apache... or Linux.
Click to expand...

The know already, they most likely spent the extra time to secure those foundations and keep up with the technology like any responsible IT department. But then again, I am assuming here...
 
I guess this is what you get when you have two news guys?

Terry Olaes said:
eWeek reports that Microsoft Internet Explorer 8 came out on top of a browser security comparison performed by NSS Labs. The browsers that were in this roundup were IE 8, Google Chrome 2, Mozilla Firefox 3, Apple Safari 4, and Opera 10 beta. Let the flaming commence!
Click to expand...

Steve said:
A recent security test conducted by NSS Labs found that IE 8 outperformed all other browsers, some by a wide margin, in a battery of security tests. I think the big news here isn’t how well IE8 did but how poorly some of the others performed.
Click to expand...
 
Tests are not real life in real life situations.

I can still say that out of the hundreds of spyware removals I do a year, not a single one has come in through Firefox.

This test is a whole new reality distortion field.
 
one thing I hate the most with IE8 is the recovery crash, I find alot of website, keeps trying to recover and just cannot, and in Firefox the site loads perfectly, beats me, in IE7 they never had this issue. Either way there are still 2 very good browser.
 
XamediX said:
The know already, they most likely spent the extra time to secure those foundations and keep up with the technology like any responsible IT department. But then again, I am assuming here...
Click to expand...

The point I was trying to make, was the comparison that Close Source software is more secure then Open Source. When in reality you can't argue that point in such a blanket statement. Are there Close Source software solutions that are more "secure" then their Open Source competition, sure... is the opposite also true, absolutely. You have to take it on a application by application, project by project basis and not make such generalized assumptions.

Personally, from my own experience I have a hard time believing this study. With the number of computers that I've had to work on that have been ravaged by malware because of IE's(IE 6, 7 and 8) inability to provide adequate security. Of course the user is at fault too. I will give credit where it's due, IE 8 is a big step forward for MS all around; but still doesn't come close to the usefulness and innovation of competitors.

That being said, I'm going to stick with Opera. I can use it anywhere, on anything.
 
TechLarry said:
Tests are not real life in real life situations.

I can still say that out of the hundreds of spyware removals I do a year, not a single one has come in through Firefox.

This test is a whole new reality distortion field.
Click to expand...

And you know this how?
 
sdlvx said:
Where's Opera and Safari? I'd love to see Safari get trounced.
Click to expand...

It was in there:

Safari 4 picked up 21 percent of the threats and Opera 10 beta was the worst performer, detecting just 1 percent of malicious traffic.
 
TechLarry said:
Tests are not real life in real life situations.

I can still say that out of the hundreds of spyware removals I do a year, not a single one has come in through Firefox.

This test is a whole new reality distortion field.
Click to expand...

You are truly blessed. My experience is that no matter what I do, what I tell them, or what browser I install, malware and spy ware gets through, unless I so severely limit functionality, (no script), that the users complain that the websites they wish to visit does not work. Having them OK scripts does not work because users tend to be inpatient boobs about it. Giving them the option of clicking OK results in them clicking OK.

People wonder why MS has UAC nag you two or three times for some things, it's the idiot users.

sorry about the rant.. :)
 
what they was targeting was the phishing detection (opera 10 dono where it is completely hidden unless i force my self to goto an bad web site) not if it blocked it as the way opera works all that can happen is an save or run or cancel box comes up and if your stupid to run an exe, WMA or WMV file when it asks not the browsers fault you ending up on the web site in the first place is the users fault

in the end keeps me working removing PAV.exe type of stuff off every ones systems (new one is little annoying to remove as it end tasks anything that it is not on its trusted list when pav.exe is running) but not as bad as some others that leave a lot of files all over the system
 
TechLarry said:
Tests are not real life in real life situations.

I can still say that out of the hundreds of spyware removals I do a year, not a single one has come in through Firefox.

This test is a whole new reality distortion field.
Click to expand...

How much came in through IE8 on Vista/7 with sandboxing and DEP not disabled? Bottom line is, most malware is the user infected themselves by downloading some fake antivirus or something. And firefox users tend to be hacker types who know web sites don't tell you whether your computer is infected or not (usually.) I think some people can't accept a world where MS products are secure, and will say and do anything to avoid facing that reality.
 
devil22 said:
How much came in through IE8 on Vista/7 with sandboxing and DEP not disabled? Bottom line is, most malware is the user infected themselves by downloading some fake antivirus or something. And firefox users tend to be hacker types who know web sites don't tell you whether your computer is infected or not (usually.) I think some people can't accept a world where MS products are secure, and will say and do anything to avoid facing that reality.
Click to expand...


False, most malware is iframe drive-bys, hostile banner ads, and e-mail attachments. Most of the fake av is all drive-by malware.

The bottom line is, it doesn't matter which browser you use if the OS you run it on is insecure from the get go.
 
Jabroni31169 said:
The bottom line is, it doesn't matter which browser you use if the OS you run it on is insecure from the get go.
Click to expand...
While I won't disagree with that, two things to note:

1) This is why IE itself in Vista and Windows 7 is immediately better than a third-party browser: Sandboxed UAC. It's a function of the OS. I don't know about you, but I'd much rather have a secure browser up front than admitting defeat and knowingly letting malware ever hit the OS in the first place.
Heck, you made the original statement, take it a bit further. Why should I use NAT or even do any filtering at the Gateway or Router? The bottom line is, it doesn't matter what configuration I use if my OS is insecure. :rolleyes:

2) We are not measuring OS. The entire purpose of the test was "Given these browsers, AND NOTHING ELSE, which is more secure?" And we have the results we have. Again, this test wasn't testing drive-by malware (I'd venture to argue that IE would win that one by a landslide too, thanks to UAC). But Phishing websites. Websites designed to have the user VOLUNTARILY GIVE their information. No driveby anything. Just using social engineering, how can I get a user to give me their information? That's Phishing.



Epedemic said:
Firefox doesn't shine without it's add-ons.
Click to expand...
This is seriously QFT. Firefox as a browser itself sucks something terrible. The addons is the only saving grace (And really the only reason I still use it from time to time).
 
Epedemic said:
Firefox doesn't shine without it's add-ons.
Click to expand...

Yep. In that respect, IE8 is like AOL. What idiot would use IE...

Want more secuirty? Stay off porn and don't open spam e-mail. We keep doing this...:eek:
 
ICOM said:
Yep. In that respect, IE8 is like AOL. What idiot would use IE...

Want more secuirty? Stay off porn and don't open spam e-mail. We keep doing this...:eek:
Click to expand...

its not just porn.

some flash/java gamesite my grandma used to go to to play online games loved to dump all sorts of malware behind the scenes. I kept telling her to find someplace else to play her games because the malware got to a point where it bogged the computer down to damn near not being able to load the desktop on first boot. then one day AVG went batshit as soon as she went into one of her games. it ID'ed some trojans trying to crawl in.

now she plays msn's game arcade or yahoo's game section. I think that mostly has to do with me dropping the hint by blocking that site via the hosts file.
Posted via [H] Mobile Device
 
They're all seemingly useless cause most of us have already decided what browser we like and nothing is going to sway our decision on that :p
 
You must log in or register to reply here.
Back
Top