IE8 Trounces Firefox, Chrome in Security Test

Discussion in 'HardForum Tech News' started by HardOCP News, Aug 24, 2009.

  1. HardOCP News

    HardOCP News [H] News

    Messages:
    0
    Joined:
    Dec 31, 1969
    A recent security test conducted by NSS Labs found that IE 8 outperformed all other browsers, some by a wide margin, in a battery of security tests. I think the big news here isn’t how well IE8 did but how poorly some of the others performed.

     
  2. brownkc

    brownkc Gawd

    Messages:
    672
    Joined:
    Nov 18, 2005
    Wasn't this test funded by Microsoft?
     
  3. Trepidati0n

    Trepidati0n [H]ardForum Junkie

    Messages:
    8,818
    Joined:
    Oct 26, 2004
    Assuming the data is true...do you think firefox/google would sponsor a test they would lose?
     
  4. Exavior

    Exavior [H]ardForum Junkie

    Messages:
    9,652
    Joined:
    Dec 13, 2005
    I would hope it would be an independent test that nobody sponsored.
     
  5. END

    END [H]ard|Gawd

    Messages:
    1,227
    Joined:
    Jul 8, 2000
    I been saying for a long time IE is safer.
    I know many will say no or w/e but when it comes down to it IE stops more that any other. Firefox i swear they sneak on by without you even knowing or FF knowing.
    This has been since IE7 from my own testing.
    I have worked bank security and in my eyes Open source = open for trouble.
     
  6. Jospeh

    Jospeh [H]ard|Gawd

    Messages:
    1,885
    Joined:
    Jul 29, 2008
    I don't think IE8 is better than FF with no script.
     
  7. Salavat23

    Salavat23 Gawd

    Messages:
    651
    Joined:
    Apr 13, 2008
    Ehh... you can disable scripting in almost any modern browser.
     
  8. ann0yanc3

    ann0yanc3 Gawd

    Messages:
    515
    Joined:
    Nov 27, 2004
    Assuming this test wasn't funded by Microsoft (which I doubt), IE8 is secure. Great! But, it sucks in every other department when compared to other grade A browsers.
     
  9. Trimlock

    Trimlock [H]ardForum Junkie

    Messages:
    15,103
    Joined:
    Sep 23, 2005
    Haven't used FF in over a year now, not exactly sold on it being anymore safer then IE was, although my wife still stands by it.

    Arguing over browsers is funny though, if you don't do any serious porn surfing i doubt you'd really need the security to begin with.
     
  10. Cerulean

    Cerulean [H]ardForum Junkie

    Messages:
    9,218
    Joined:
    Jul 27, 2006
    I don't doubt that IE8 is secure, but what it lacks is true flexible functionality like Firefox. Plus the GUI interface design of IE8 looks uglier than Chrome and Firefox (I liked the IE6 look better because it was simple, straight forward, to the point, and had an "underrated" look at some might say).
     
  11. ku1185

    ku1185 n00b

    Messages:
    54
    Joined:
    Jul 2, 2004
    Aside from the sponsorship issue (lol@having test threats being tailored to individual browsers), what's the rate of false positives? I can create a browser that detects 100% of all and any threat by flagging every single site as malicious (about:home is a virus!).

    But personally, I could care less what the threat detection rate is. Just browse smart and stop looking at so much pr0nz.
     
  12. scaarbelly

    scaarbelly [H]ardness Supreme

    Messages:
    4,462
    Joined:
    Dec 11, 2008
    +1, give me flexibility MS and I might think about using IE8.
     
  13. typezero303

    typezero303 [H]Lite

    Messages:
    65
    Joined:
    Apr 20, 2008
    Tell that to all the companies depending on Apache... or Linux.
     
  14. devil22

    devil22 2[H]4U

    Messages:
    3,834
    Joined:
    Jan 1, 2003
    I'm the complete opposite, I like IE8's look and hate FF, and chrome looks weird to me. The mock-ups for FF 4.0 aero that I saw a few weeks ago looked nice though, but FF STILL doesn't run sandboxed on Vista/7, whereas IE and Chrome do, FF developers have promised for a long time to enable sandboxing, but where is it? Meanwhile IE on Vista has been doing it for over 2 years. I never cared about add-ons, most of them are buggy and cause problems I have to chase down, I have no patience, so I run IE8 stock on Win 7, and configure the security zones to not allow plug-ins on any site except like 3 or 4 trusted sites. Nice and secure.
     
  15. Jabroni31169

    Jabroni31169 My Future Son-in-Law

    Messages:
    9,203
    Joined:
    Apr 19, 2000
    Wow...what a blatantly ignorant statement. What bank do/did you work for?
     
  16. grizzed

    grizzed Limp Gawd

    Messages:
    171
    Joined:
    Jan 24, 2006
    Can you defend this statement or is this just something you read in Wired magazine? Let me guess everything in the tech industry would be better if only there were more h1bs.

    I'd like to see this test with no script running.
     
  17. devil22

    devil22 2[H]4U

    Messages:
    3,834
    Joined:
    Jan 1, 2003
    I believe this test was to see which downloads are blocked, I don't see how noscript would help.
     
  18. SDraconis

    SDraconis Limp Gawd

    Messages:
    141
    Joined:
    Sep 28, 2005
    The article says they tested with Firefox 3. Is the article just being imprecise, or did they seriously use an outdated version of Firefox instead of 3.5?
     
  19. Neutrino

    Neutrino Gawd

    Messages:
    602
    Joined:
    Nov 10, 2005
    Well I do work as a sys admin in quite a large bank right now and I can assure you that we use plenty of very secure open source platforms.

    Of course for the regular business front/back office we use the ubiquitous Microsoft platform active directory/exchange/win/office but there are quite a few servers that run open source stuff along proprietary unix platforms.

    What matters most is the best tool for the job! Fanboy-ism and blanket statements only serve to blind yourself.

    As far the current article, i do think that IE started to be quite secure, especially since x64 Vista IE sandboxing.

    However; personally I still prefer Firefox with Noscript, yes you can turn off scripting in other browsers but so far Noscript is by far easiest way to control script permissions.
     
  20. XamediX

    XamediX 2[H]4U

    Messages:
    3,082
    Joined:
    Oct 27, 2003
    The difference is that FF allows more control over what you choose to enable and disable and its on demand also.

    I was curious to see how well IE8 did when those tests were run w/ a FF/NoScript combo. I know the obvious barrier is that noscript still requires a fair amount of user input/interaction.

    Once you get off that soapbox, you'll realize that alot of the "normal" sites a person visits that have nothing to do with porn have advertisements and the such or scripts that display malicious content. I realized this the day I installed no-script and it kept asking me to ok all these crazy scripts that I otherwise wouldn't have been aware of.

    The know already, they most likely spent the extra time to secure those foundations and keep up with the technology like any responsible IT department. But then again, I am assuming here...
     
  21. TechieSooner

    TechieSooner [H]ardness Supreme

    Messages:
    7,601
    Joined:
    Nov 7, 2007
    I guess this is what you get when you have two news guys?

     
  22. TechLarry

    TechLarry Can't find the G Spot

    Messages:
    30,118
    Joined:
    Aug 9, 2005
    Tests are not real life in real life situations.

    I can still say that out of the hundreds of spyware removals I do a year, not a single one has come in through Firefox.

    This test is a whole new reality distortion field.
     
  23. zomby

    zomby Limp Gawd

    Messages:
    334
    Joined:
    Oct 11, 2006
    one thing I hate the most with IE8 is the recovery crash, I find alot of website, keeps trying to recover and just cannot, and in Firefox the site loads perfectly, beats me, in IE7 they never had this issue. Either way there are still 2 very good browser.
     
  24. typezero303

    typezero303 [H]Lite

    Messages:
    65
    Joined:
    Apr 20, 2008
    The point I was trying to make, was the comparison that Close Source software is more secure then Open Source. When in reality you can't argue that point in such a blanket statement. Are there Close Source software solutions that are more "secure" then their Open Source competition, sure... is the opposite also true, absolutely. You have to take it on a application by application, project by project basis and not make such generalized assumptions.

    Personally, from my own experience I have a hard time believing this study. With the number of computers that I've had to work on that have been ravaged by malware because of IE's(IE 6, 7 and 8) inability to provide adequate security. Of course the user is at fault too. I will give credit where it's due, IE 8 is a big step forward for MS all around; but still doesn't come close to the usefulness and innovation of competitors.

    That being said, I'm going to stick with Opera. I can use it anywhere, on anything.
     
  25. Azhar

    Azhar Fixing stupid since 1972

    Messages:
    18,875
    Joined:
    Jan 9, 2001
    And you know this how?
     
  26. sdlvx

    sdlvx Gawd

    Messages:
    567
    Joined:
    Dec 9, 2007
    Where's Opera and Safari? I'd love to see Safari get trounced.
     
  27. TechieSooner

    TechieSooner [H]ardness Supreme

    Messages:
    7,601
    Joined:
    Nov 7, 2007
    It was in there:

    Safari 4 picked up 21 percent of the threats and Opera 10 beta was the worst performer, detecting just 1 percent of malicious traffic.
     
  28. NKDietrich

    NKDietrich [H]ardness Supreme

    Messages:
    5,442
    Joined:
    Jul 25, 2004
    One now owned by the US Government probably.
     
  29. Gorankar

    Gorankar [H]ardForum Junkie

    Messages:
    10,177
    Joined:
    Jul 19, 2000
    You are truly blessed. My experience is that no matter what I do, what I tell them, or what browser I install, malware and spy ware gets through, unless I so severely limit functionality, (no script), that the users complain that the websites they wish to visit does not work. Having them OK scripts does not work because users tend to be inpatient boobs about it. Giving them the option of clicking OK results in them clicking OK.

    People wonder why MS has UAC nag you two or three times for some things, it's the idiot users.

    sorry about the rant.. :)
     
  30. Epedemic

    Epedemic Limp Gawd

    Messages:
    153
    Joined:
    Feb 11, 2007
    Firefox doesn't shine without it's add-ons.
     
  31. PheonixChameleon

    PheonixChameleon Gawd

    Messages:
    795
    Joined:
    Jul 6, 2009
    I can agree with that statement
     
  32. greenfrogman

    greenfrogman Ad Blocker - Banned

    Messages:
    387
    Joined:
    Jan 5, 2009
    what they was targeting was the phishing detection (opera 10 dono where it is completely hidden unless i force my self to goto an bad web site) not if it blocked it as the way opera works all that can happen is an save or run or cancel box comes up and if your stupid to run an exe, WMA or WMV file when it asks not the browsers fault you ending up on the web site in the first place is the users fault

    in the end keeps me working removing PAV.exe type of stuff off every ones systems (new one is little annoying to remove as it end tasks anything that it is not on its trusted list when pav.exe is running) but not as bad as some others that leave a lot of files all over the system
     
  33. devil22

    devil22 2[H]4U

    Messages:
    3,834
    Joined:
    Jan 1, 2003
    How much came in through IE8 on Vista/7 with sandboxing and DEP not disabled? Bottom line is, most malware is the user infected themselves by downloading some fake antivirus or something. And firefox users tend to be hacker types who know web sites don't tell you whether your computer is infected or not (usually.) I think some people can't accept a world where MS products are secure, and will say and do anything to avoid facing that reality.
     
  34. Jabroni31169

    Jabroni31169 My Future Son-in-Law

    Messages:
    9,203
    Joined:
    Apr 19, 2000

    False, most malware is iframe drive-bys, hostile banner ads, and e-mail attachments. Most of the fake av is all drive-by malware.

    The bottom line is, it doesn't matter which browser you use if the OS you run it on is insecure from the get go.
     
  35. TechieSooner

    TechieSooner [H]ardness Supreme

    Messages:
    7,601
    Joined:
    Nov 7, 2007
    While I won't disagree with that, two things to note:

    1) This is why IE itself in Vista and Windows 7 is immediately better than a third-party browser: Sandboxed UAC. It's a function of the OS. I don't know about you, but I'd much rather have a secure browser up front than admitting defeat and knowingly letting malware ever hit the OS in the first place.
    Heck, you made the original statement, take it a bit further. Why should I use NAT or even do any filtering at the Gateway or Router? The bottom line is, it doesn't matter what configuration I use if my OS is insecure. :rolleyes:

    2) We are not measuring OS. The entire purpose of the test was "Given these browsers, AND NOTHING ELSE, which is more secure?" And we have the results we have. Again, this test wasn't testing drive-by malware (I'd venture to argue that IE would win that one by a landslide too, thanks to UAC). But Phishing websites. Websites designed to have the user VOLUNTARILY GIVE their information. No driveby anything. Just using social engineering, how can I get a user to give me their information? That's Phishing.



    This is seriously QFT. Firefox as a browser itself sucks something terrible. The addons is the only saving grace (And really the only reason I still use it from time to time).
     
  36. ICOM

    ICOM 2[H]4U

    Messages:
    2,194
    Joined:
    Jul 27, 2004
    Yep. In that respect, IE8 is like AOL. What idiot would use IE...

    Want more secuirty? Stay off porn and don't open spam e-mail. We keep doing this...:eek:
     
  37. SamuraiInBlack

    SamuraiInBlack [H]ardness Supreme

    Messages:
    5,677
    Joined:
    Oct 10, 2003
    its not just porn.

    some flash/java gamesite my grandma used to go to to play online games loved to dump all sorts of malware behind the scenes. I kept telling her to find someplace else to play her games because the malware got to a point where it bogged the computer down to damn near not being able to load the desktop on first boot. then one day AVG went batshit as soon as she went into one of her games. it ID'ed some trojans trying to crawl in.

    now she plays msn's game arcade or yahoo's game section. I think that mostly has to do with me dropping the hint by blocking that site via the hosts file.
    Posted via [H] Mobile Device
     
  38. PheonixChameleon

    PheonixChameleon Gawd

    Messages:
    795
    Joined:
    Jul 6, 2009
    You seriously blocked your grandma from her games site? lol
     
  39. MisterSparkle

    MisterSparkle [H]ard|Gawd

    Messages:
    1,077
    Joined:
    Feb 9, 2008
    One of the more useless browser comparison test reports I've read :p
     
  40. PheonixChameleon

    PheonixChameleon Gawd

    Messages:
    795
    Joined:
    Jul 6, 2009
    They're all seemingly useless cause most of us have already decided what browser we like and nothing is going to sway our decision on that :p