Domain: nsslabs.com
Stories and comments across the archive that link to nsslabs.com.
Comments · 6
-
NGFW
What you are describing basically sounds like what NGFW (Next Generation Firewalls) solve. These are standard firewalls, but add more "smarts" to them, like detecting certain applications, telling you which users access them and when. So you'll want something inline to do it properly.
A lot of traffic to the web may also be going over an SSL connection, so you would probably need an SSL module in-line to basically man-in-the-middle all the computers on the network and snoop the traffic.
Check out the NSS report (costs money to buy the report) on NGFW appliances.
-
Re:If only it werent for the inaccuracies...
Although I realize it's not very cool to mention, reports would suggest otherwise: block rate.
Of course, the report uses Chrome 12, so it's about a week old.
-
vulnerability in the browser?
"Microsoft's Internet Explorer 9 has proved once again to be the best choice when it comes to catching attacks aimed at making the user download Web-based malware
.. Windows Internet Explorer 9 (IE9) caught an exceptional 99.2% of live threats: .. Google Chrome 12 caught 13.2%5" link
Once these attacks got past protections what damage did the 0.80% of malware that got past IE9, do to the underlying Operating System and what were the effects of the 86.8% of malware that got past Chrome running on Ubuntu? And why is slashdot giving this self serving BS space on its website? -
Re:Socially engineered attacks ARE a huge problem
"The test, funded by Microsoft That says it all."
page 12 of the test PDF:>
"ABOUT THIS TEST This private test was contracted by Microsoft’s SmartScreen product team..."
Paid for by Microsoft, although really google should just ignore these fake tests since IE usage has dropped from 45% to 28% while Chrome went from 4% to 20% from Jan 09 thru Nov 2010.
So shut-up Google, you're winning. -
Re:Socially engineered attacks ARE a huge problem
The report is almost useless because it has compared the latest stable and dev releases of IE with versions of Firefox and Chrome that are years old.
What. No, wait, what?
Read on to the end, because later I'm going to tell you what's really wrong with the test and why it's bullshit, but I have to first burn down the obvious straw man you've introduced.
The report was released in October 2010. http://www.nsslabs.com/assets/noreg-reports/NSS%20Labs_Q32010_Browser-SEM.pdf
It used Google Chrome 6, which was the current stable Chrome at the time (6 came out in September 2010). Google Chrome has gone from 6 to 8 in two months. It used Firefox 3.6, which is the current stable Firefox RIGHT NOW, two months after the report was released. 3.6 was released in January 2010, but Mozilla has only done "dot" releases since October. It also included Internet Explorer 8, which was released in March 2009.
In other words, if you want to say "older is worse", then IE8 should have been absolutely fucking pasted by this test. Ummm, right? It's the oldest browser in the test by almost a year.
Now we get to the point that won't upset you, because THIS is what is wrong with the test.
According to their test, what they were really testing was vendor responsiveness to known threats (on-time maintenance of the blacklist), not some response internal to the browser. They took a bunch of really recent entries of bad sites from someone and plugged them into the browsers, getting a new batch of URLs every few hours. The time was measured in hours, so what this is really saying is that Microsoft seems to be the best vendor at maintaining the server-based "bad URLs" list, though it took them 4 hours on average to block sites as opposed to Firefox's 6 hours.
If they got these sites from their paid sponsor, then the list could easily have been biased. But there's more actual provable bias to the test than just that.
The real bias is in the percentages. They do not actually represent "Microsoft browsers blocked 90% of sites while Firefox only blocked 20%". they are a grade-type score, where 100% means all sites were blocked immediately, while a 0% means no sites were blocked, ever. Early detection (measured in hours) seems to play a much larger role than actual number of sites detected. The scores appear to have been done on some form of normalization curve, with the sweet spot being somewhere around "One Half Hour Longer than Internet Explorer".
Otherwise, how does an increase in response time from 4 hours (IE, both versions to within a few minutes plus or minus) to 6 hours (Firefox) make your score go from 90% to 20%?
The net conclusion is, if you're going to use a web browser and you depend on vendor-maintained "baddie" lists as your primary line of defense (rather than script protections like NoScript, which don't depend on a vendor to maintain stuff for you), you're better off with Internet Explorer than any other mainstream browser in the market.
It doesn't make you "70% safer" or protect you from "70% more threats", it means that it has, on average, 2 hours of lead time on the next-best browser in terms of the list of sites it protects you from. It's like saying that McAfee is better than Norton because McAfee generally releases specific virus signatures, on average, 2 hours before Norton does.
So, the test is correct, it's just expressing the results in a very misleading way, showing a very low number for "everyone but Microsoft" because the test results were designed to score what IE did best in the highest way possible. They even spelled that out in their results:
The value of this table is in providing context for the overall block rate, so that if a browser blocked 100% of the malware, but it took 264 hours (11 days) to do so, it is actually providing less protection than a browser with a 70% overall bloc
-
please stop using ie6
yes people should stop using IE 6, besides the horrible interface, many new websites don't display correctly in it, it is a browser dating back to 2001 and outdated by now, 2 versions behind current Microsoft product. People with windows updates should already be using a more secure browser IE 7 or IE 8, or one of their choice. And although IE6 has been significantly attacked - switching to other browsers does not make you immune, Chrome, Safari, Firefox have all had security flaws. IE8 holds up well to other browsers re http://nsslabs.com/test-reports/Q309_Browser_Security_Summary_Final.pdf Also there are some social engineering style attacks that no browser currently protects against completely - sites that people are fooled into believing they are legitimate and passing personal details/etc.