...

View Full Version : IE 8 wins the browser security smackdown



effpeetee
08-18-2009, 10:01 AM
IE 8 wins the browser security smackdown:thumbsup:

It's bound to make a lot of Microsoft bashers unhappy, but recent testing by an independent security company shows IE8 to be better than Firefox, Safari, Opera or Chrome when it comes to blocking phishing sites. Safari ended up at the bottom of the list. You can read more here:
http://www.wxpnews.com/ELDUEN/090818-Browser-Security

Frank

noneforit
08-18-2009, 12:41 PM
Not looking good for Google chrome....only blocked 7% :eek:

bazz
08-18-2009, 02:57 PM
Well believe it if you choose to. I do not accept the findings of anyone where, having made their analysis, they then suggest directly or implicitly, which product you should opt for.

I suspect either that they are biased in favour of IE (and it seems obvious they slated what is largely considered to be M$ biggest threat - chrome) or they may have been commissioned to do this survey by M$.

I bet they didn't test FF with noscript enabled because it isn't really part of the basic browser.

bazz

Apostropartheid
08-18-2009, 04:31 PM
Google Chrome is nowhere near IE's biggest threat. Though I and my love adore the browser, its marketshare is still relatively small. Firefox is and has been for a while the thorn in MS's side.

I didn't pick up any hint by NSS that IE was the browser to go for (though correct me if I haven't been reading that closely.) By that logic, you can't trust any browser survey, because every one of them implicitly implies a better browser.

If they had tested Firefox with noscript enabled, they would have had to disable JS in the other browsers. There would be no point. The results are more applicable to the real world this way, anyway, because the majority of people, especially those susceptible to phising attacks, probably would have JS enabled.

I do feel questionable of the results, but you can't dismiss them as downright false just because they showed a winner you don't like.

MS's SmartScreen technology is updated regularly, isn't it? Wouldn't this give them an edge over the competition?

bazz
08-18-2009, 04:44 PM
If they had tested Firefox with noscript enabled, they would have had to disable JS in the other browsers. There would be no point. The results are more applicable to the real world this way, anyway, because the majority of people, especially those susceptible to phising attacks, probably would have JS enabled.


fair point, I think.



I do feel questionable of the results, but you can't dismiss them as downright false just because they showed a winner you don't like.


ouch!! dat hurt.

anyhoo, I don't dislike IE. I would see it more constructive if it outlined the choices the naive consumer could make which don't necessarily mean picking the more secure browser, especially if plug-ins like noscript would let them secure a browser they were already familiar with. I admit though; I have become so accustomed to noscript keeping me safe I almost feel naked in IE without it. :eek: :D

bazz

_Aerospace_Eng_
08-18-2009, 05:12 PM
fair point, I think.



ouch!! dat hurt.

anyhoo, I don't dislike IE. I would see it more constructive if it outlined the choices the naive consumer could make which don't necessarily mean picking the more secure browser, especially if plug-ins like noscript would let them secure a browser they were already familiar with. I admit though; I have become so accustomed to noscript keeping me safe I almost feel naked in IE without it. :eek: :D

bazz
I agree with giving users a choice but I think most users will pick IE only because its what they've been using. As to the noscript add on. I love it except it can get you into trouble on some websites that need javascript to work properly and you forget to allow the site. Recently I purchased a plane ticket back home but after buying the nonrefundable ticket I noticed it was only one way. I had to purchase another ticket back home. It wouldn't be a big deal if the flight was the cheapest I found but it wasn't.

VIPStephan
08-18-2009, 07:00 PM
As to the noscript add on. I love it except it can get you into trouble on some websites that need javascript to work properly and you forget to allow the site. Recently I purchased a plane ticket back home but after buying the nonrefundable ticket I noticed it was only one way. I had to purchase another ticket back home. It wouldn't be a big deal if the flight was the cheapest I found but it wasn't.

Does the plane ticket frustration have anything to do with the noscript add-on? If so then itís their fault for having a bad implementation that requires JS in order to be able to purchase a ticket online. This isnít acceptable and you should ask for a refund in my opinion.

Trinithis
08-18-2009, 09:19 PM
Correct me if I'm wrong, but I don't really consider blocking phishing sites to be a huge security thing. It's more like preventing the user from doing something stupid (like believing a phishing scam). I would think a browser to be secure if it blocks things you have no control over, such a blocking viruses, worms, and people getting unauthorized access to your computer.

Fou-Lu
08-19-2009, 04:09 AM
Correct me if I'm wrong, but I don't really consider blocking phishing sites to be a huge security thing. It's more like preventing the user from doing something stupid (like believing a phishing scam). I would think a browser to be secure if it blocks things you have no control over, such a blocking viruses, worms, and people getting unauthorized access to your computer.

Thats exactly what I thought when I read this article.
Did M$ actually fix the real security problems in their browser?

_Aerospace_Eng_
08-19-2009, 06:09 AM
Does the plane ticket frustration have anything to do with the noscript add-on? If so then itís their fault for having a bad implementation that requires JS in order to be able to purchase a ticket online. This isnít acceptable and you should ask for a refund in my opinion.

Yeah it was because of noscript. Allowing the site, it tells you that you need to purchase returning flight. The terms of the ticket I purchased clearly states its nonrefundable so there wouldn't be anything I could do.

bazz
08-19-2009, 12:00 PM
Slightly off the main topic but that just 'gets my goat'. (annoys me).

In that instance I wouldn't think you are seeking a refund so much as seeking compensation for the additional cost that was placed on you, because their site did not tell you all their terms of their product/booking?

On that basis ~ here in the UK ~ you could seek a payment from them but I know you aren't from the UK so it may be different where you are.

bazz

VIPStephan
08-19-2009, 12:25 PM
Exactly that’s what I meant. You’re not asking for a refund because you changed your mind but because their website wasn’t working properly. So clearly it’s their fault and not yours, and you should have the right to ask for compensation.

drhowarddrfine
08-19-2009, 02:01 PM
Agree with the other commenters. Success at blocking phishing sites is NOT the same as protection from virus/trojans and other vulnerabilities. IE, as everyone knows, is a sieve when it comes to those areas and continues its legacy as the worst browser on the planet by 11 years.

It's not a case of Microsoft bashing but the truth.

drhowarddrfine
08-19-2009, 02:08 PM
recent testing by an independent security company shows IE8 to be better than Firefox

Was it really?

Internet Explorer 8 and Firefox 3 were the most consistent in the high level of protection they offered. Statistically, Internet Explorer 8 and Firefox 3 had a two-way tie for first

Fumigator
08-19-2009, 04:01 PM
Was it really?

There are two reports; only the 2nd one was a tie. IE8 won the first, 81% to 27%.

Deacon Frost
08-20-2009, 04:16 PM
Weird, considering I've ran Firefox 2.x? to 3.5 for the past 2 years, and I've not encountered a single security issue, and I do all kinds of messed up crap on the net...

Blocking phishing scams, I would say, should be on the server end and not the browser end. Yes, I love FX's "Get Me Outta Here" screen, but I don't find it to be necessary most of the time. You really have to dig in the internet to find those kinds of sites.

Cookies aren't really malicious as much as they used to be, as most of us have firewalls already to prevent tracking. Downloads are scanned when you download them, in FX at least. The only thing left semi-open is temp data, but the chances of finding a site that has so cleverly added attachments to images and such is nill to none.

10 years ago, I don't think IE 8 would have even come close to passing this test. The internet is getting safer by the minute, because the people who are running it are getting dumber ^.^.

drhowarddrfine
08-21-2009, 05:23 AM
Microsoft paid for this report and you have every right to be suspicious of the results says ArsTechnica. (http://arstechnica.com/microsoft/news/2009/08/microsoft-sponsors-two-nss-reports-ie8-is-the-most-secure.ars)

Fumigator
08-21-2009, 05:30 PM
There you go again, putting words in article's mouths. Ars only reported the MS security team ordered the tests, and once the MS security team saw IE8 defeat the other browsers, it passed the results on to the marketing dept.

You exaggerated that into an implication that somehow the results have been manipulated to skew them in favor of IE8. If you read the details of what they tested with the malware test, that is exactly the sort of thing I want my browser to block, or at least warn me about. IE8 does a way better job of that. Kudos to IE8 then!

But of course you will be unwilling and/or unable to acknowledge this... your crusade is your religion at this point, and any concession might lead to your house of cards tumbling down.

For anyone else willing to reason using logic, it's probably time we recognize today's IE isn't all that evil.

TheShaner
08-21-2009, 06:53 PM
Well, to be fair, Howard only said that Ars Technica said you have a right to be suspicious, which is what they do say at the beginning of the article:

Right off the bat, your suspicions have probably been raised, and rightly so. Internet Explorer 8 performed very well in all the tests and, while Microsoft insists that it had no impact on the results, we must still be cautious when examining the reports.
However, the rest of the article is very analytical of the NSS Labs results. Neither the analysis nor the conclusion of the article ever claim that the results are skewed. They do make mention that "the way that one designs the test has a huge impact on the results", which suggests that it could have been set up to skew the results in favor of IE8. But the articles never actually makes any claims about the validity of the tests.

My wager is that the results are fairly accurate with regards to malware and phishing. Both are threats that are not geared toward a deficiency within the browser, but with the user's ignorance and/or naivete (as Opera supposedly pointed out saying that they "don’t really focus on malware").

IE8 seems to have put lots of effort into catching malware and phishing scams, so I say congrats to them! Does this mean that they're the most secure browser? Definitely not! They're just the most secure in those two small areas of a wide range of security vulnerabilities.

-Shane

drhowarddrfine
08-22-2009, 01:43 PM
@Fumigator,
Shaner pointed out what I would have said. Again, you prefer to attack the poster (me) rather than read and understand the article and jump to conclusions. I did not write the article. Find someone else to jump on.



For anyone else willing to reason using logic, it's probably time we recognize today's IE isn't all that evil. IE8 is 11 years behind all other more modern browsers and the worst on the planet. Known, provable and verifiable. But if you can show me that IE8 is in the same ballpark, all around, as ANY other browser, I'd love to have you prove me wrong. You can't. No one has ever been able to do it. You can try, but you will fail.

bazz
08-22-2009, 02:37 PM
... I'd love to have you prove me wrong. You can't. No one has ever been able to do it. You can try, but you will fail.


With that as an indicator of your 'psychie', I have lost all interest in your posts. Others have said as much for ages and I have been longer in my deliberations before adopting a position. Having done so, I am unlikely to shift without some really significant evidence that your posts have become constructive.

Proving what the actual position is; is, in my view, much more constructive. IE8 is an improvement on the previous incarnations. If it does what the user needs, then it is OK. If i doesn't they can choose another browser. For anyone to judge what another should need and pressure them (you do not even try just to persuade or influence), into adopting your position is more the sign of a control freak.

I think your assertions might work well in a forum where the members are the stereo-typical novice who doesn't know much about computers and, who would therefore be likely to listen to someone who sounds knowledgable. If they take your 'advice' and use FF, they won't all be complaining that your advice is wrong. But remember a few years ago, the whole notion that Mozilla was the future and there was a campaign here to run a 'promoz' project only for mozilla to be dumped in favour of the name FireFox. Point is, things change.

Of course, by not reading your posts now, you would have an uphill struggle to change my opinion. That may be good in itself, if it reduces the flow of pointless IE comments as you try to prove me wrong. Somehow, I doubt they will reduce. :rolleyes:

I know how to choose a browser and any time someone keeps banging on with the same old message I not only become bored but, find their case/argument pointless and flawed.

How many months have you been telling us how bad IE is? If your argument stacked up, you ought to have 'won' that argument by now. But you haven't!

Paradoxically; for someone who detests IE, you have followed the same strategy that M$ does. You seem to ignore the fact that the consumer has a choice. They do not need to be brow-beaten into something or, worse, locked into that choice, once they have made it.

Another point: if you have no vested interest in pointing out the negatives of IE, then why do you get so vociferous? and if you do have a vested interest then you are no more reliable than is the article which is the subject of this thread.

One thing is clear. No matter the criteria set by M$, which - in this case - apparently means the results were not skewed in their favour: it is perfectly clear that 'he who pays the fiddler, calls the tune'.

Why would anyone pay for a resultset that did not suit their agenda?

There are many, well-established ways of conducting research where you can claim it to be impartial. I did not see that claim being made. Therefore, because M$ funded the research and they are not claiming the results to be impartial, they must not be. Consequently, their value is reduced to the point of no value and it shows that this is little more than a piece of marketing, supposedly, backed up by evidence.

Remember when XP was launched? the female from M$ was on the news in the UK annoouncing how well tested and secure it was... except that by the time that news was shown in the UK at lunchtime, the need for SP2 was already established. Any hype about anything, is unbelievable. which is yet another reason that such research is of no value.

Word of mouth is the only way and for that to work, it needs to be an articulate, intelligent, polite, respectful mouth.

bazz

drhowarddrfine
08-22-2009, 05:38 PM
With that as an indicator of your 'psychie', I have lost all interest in your posts.So, it's OK for him to take one side but not OK for me to take the other? It's OK for him to say I'm wrong but it's not OK for me to show I'm right?
I am unlikely to shift without some really significant evidence that your posts have become constructive.Are you saying Fumigator's post was constructive and mine was not?

For anyone to judge what another should need and pressure them (you do not even try just to persuade or influence), into adopting your position is more the sign of a control freak.So Frank's original post is what compared to mine?


I think your assertions might work well in a forum where the members are the stereo-typical novice who doesn't know much about computers and, who would therefore be likely to listen to someone who sounds knowledgable. If they take your 'advice' and use FFWhere do you get that in my post? Are you making things up to suit you? My comment was about IEs poor technical performance and no attempt was made to tell anyone to switch to Firefox. In fact, NEVER do I recall claiming to tell anyone to use Firefox as their browser over any other, except IE. I promote everyone dropping IE. I do NOT say everyone should use Firefox and no other.

Typical of most responses of your type, you try and put me down rather than saying 1) I'm right or 2) you're wrong with counter evidence. Instead, you give the impression you support IE and the comments made above.

Here's my point. You and Fumigator have nothing to add and nothing to say and your post if off topic because, instead of following the thread, you slam the poster.


I know how to choose a browser and any time someone keeps banging on with the same old messageSo a post saying IE is a great browser is not "banging on the same old message"? Are you directing that at Frank or me?


How many months have you been telling us how bad IE is? If your argument stacked up, you ought to have 'won' that argument by now. But you haven't!
What do you disagree with? I've already said, if you think I'm wrong, show me. You only seem to want no one to disagree with the pro-IE statements.


Another point: if you have no vested interest in pointing out the negatives of IE, then why do you get so vociferous?After 4 years of hearing the same old pro-IE message, I still shake my head and roll my eyes. I can't believe, to this day, people still think those things.


Why would anyone pay for a resultset that did not suit their agenda?
That's the problem. They present it as "research".


Word of mouth is the only way and for that to work, it needs to be an articulate, intelligent, polite, respectful mouth.

bazz
So quit slamming what I have to say.

bazz
08-22-2009, 06:03 PM
Your blinkered approach has completely missed my point.

Apostropartheid
08-22-2009, 06:15 PM
Guys, I don't want to have to issue warnings. Keep it cool and on topic.

Fumigator
08-24-2009, 04:31 PM
@Fumigator,
Shaner pointed out what I would have said. Again, you prefer to attack the poster (me) rather than read and understand the article and jump to conclusions. I did not write the article. Find someone else to jump on.

You're right, I attacked you and I'm sorry. I started out trying to explain how I got a different message from the article and test results, that even though M$ paid the test lab to run the tests the tests and results themselves weren't tainted. I ended up calling you an exaggerating crusader who refuses to look at other points of view. That was wrong for me to do.

Though, looking objectively, it's actually kind of funny how polarized you are (that's not attacking, is it? If it is then I'm sorry).

One final rebuttal (hopefully not to be perceived as an attack):



Quote:
Originally Posted by effpeetee View Post
recent testing by an independent security company shows IE8 to be better than Firefox

Was it really?

Quote:
Internet Explorer 8 and Firefox 3 were the most consistent in the high level of protection they offered. Statistically, Internet Explorer 8 and Firefox 3 had a two-way tie for first

Here's where you were wrong, or at least misleading. (Interestingly, "misleading" is actually more sinister than "wrong", because it's intentional.) You ignored the first test where the results show IE smashed all other browsers and instead quoted only the results of the 2nd test and represented it as the only conclusion taken from the tests. I understand why you did this; you did not want to admit that IE is better at anything, even at a fairly insignificant issue such as malware protection.

It's no big deal, really. In fact, had you said something like "yeah IE does a good job preventing malware from getting on people's PCs" then I probably would have fallen out of my chair in amazement. I wish there were a way to bet on your polarity because you are a sure thing my friend.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum