mardi 29 octobre 2013

Internet Explorer vastly superior at defeating social engineering attacks


Security research firms frequently test browsers to see how good they are at protecting users from malware and phishing attacks. The results show you how secure (or otherwise) the latest versions are, but don't give you any real indication of how well they might perform in the future.


Identifying trends in performance is important, particularly for companies thinking of switching browsers, so NSS Labs evaluated the security of Internet Explorer, Chrome, Firefox and Safari by aggregating results from phishing and socially engineered malware (SEM) attack tests conducted between 2009 and 2013.


The browsers were rated on performance in four categories:



  • Average phishing block rate.

  • Zero-hour phishing block rate.

  • Average SEM block rate.

  • Zero-hour SEM block rate.


NSS Labs found Internet Explorer comfortably offers the best all-around protection, defeating 89 percent of combined phishing and SEM attacks. Google's Chrome blocked 76 percent of total site attacks, while Safari blocked 53 percent, just ahead of Firefox at 52 percent.


Safari and Firefox deliver the best phishing protection, but then provide negligible protection against SEM attacks (in which a user is deceived into downloading and installing malicious software), so suffer in comparison. According to NSS Labs Internet Explorer offers "consistently superior ability to block SEM while providing competitive phishing protection".


Aggregation of all the tests from 2009 to 2013, with emphasis placed on freshness and relative importance of the test metrics, show IE well ahead of the competition, with 85 percent. Chrome was again in second place with 58 percent, and Firefox and Safari saw their positions reversed with 40 percent and 39 percent, respectively.



NSS labs noted that the median lifetime of a phishing site is down to 12 hours, as criminals try to keep a step ahead of reputation-based defenses. The company also says phishing and SEM are by definition "social problems" which technology can mitigate but not solve entirely. Only awareness and education can truly defeat the problem in the long run.


The full PDF report is available to view here.







via BetaNews http://feeds.betanews.com/~r/bn/~3/5nkjjNOv7RM/
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)