Slashdot Mirror
NSS Labs Browser Report Says IE Is the Best, Google Disagrees
adeelarshad82 writes "Independent testing company NSS Labs recently published a report on the ability of popular browsers to block socially engineered malware attack URLs. The test, funded by Microsoft, reported a 99 percent detection rate by Internet Explorer 9 beta, 90 percent by Internet Explorer 8, and 3 percent by Google Chrome. However, Google doesn't entirely approve of this report's focus and conclusions. According to Google not only didn't the report use Chrome 6 for the tests, the current version is Chrome 8; it also focused just on socially engineered malware, while excluding vulnerabilities in plug-ins or browsers themselves. Google defended its browser by claiming that it was built with security in mind and emphasized protection of users from drive-by downloads and plug-in vulnerabilities."
Google is complaining that a report on socially engineered attacks is only focused on socially engineered attacks? And they're whining that a study done back when Chrome 6 was the most recent release doesn't mention Chrome 8, which is currently the most recent release? Seriously?
The test, funded by Microsoft
That says it all.
Free Martian Whores!
Looks like the test was a perfect example of social engineering.
They certainly cannot be considered "independent" or "unbiased" at a minimum. So they aren't of much value until real 3rd party tests are performed.
Seriously. What were they even testing? I was under the impression that social engineering was a security flaw in the user, not in the application. Reading the report, it sounds like they were just testing the browsers' databases of known malware/phishing sites. Which, really, has little to do with the security of the browser itself.
Do you value the "UL Listing" on electrical gear that you buy? I certainly take that as an assurance that stuff won't just randomly catch fire. All UL Listed testing is paid for by the vendor - and vendor-paid testing is normal in the real world.
This test may be a crock, but you can't just assume that from the fact that MS paid for it. The simple fact is: anyone competent to test browser security probaly has a strong opinion about MS, and pretty much anyne will have a reason to be biased. The professionalism of the tester is what matters, not the existance of a reason to be biased.
Socialism: a lie told by totalitarians and believed by fools.
UL is to test your products for saftey, this is a *comparative* test against several competing products for quality.
Apples, meet Oranges, meet troll.
a handful of selfish greedy people are no match for millions of selfish, greedy people -u4ya
The report is almost useless because it has compared the latest stable and dev releases of IE with versions of Firefox and Chrome that are years old.
To use a car analogy, it is comparing the safety features of a '10 Chev Corvette and a 1970 Chev BelAir. I would be embarrassed if the company I worked for released such a report.
...Or posts on a site that promotes open source and LAMP stacks and images Bill Gates as a Borg. What I find interesting is how no one questions the monthly posts here about IE losing market share from a site (Net Applications) that only polls their own clients, but no one ever points that out.
The test, funded by Microsoft
That says it all.
And the response from google criticizing it was by someone right on google's payroll representing google's interests. I guess we can ignore their criticism then too?
Or perhaps we should let the work stand for itself, evaluate the methodology, strip away the marketing spin, and come away with some nugget of truth, regardless of who funded it. Of course that's "work".
You have valid points, still Google didn't deny the results and in a sense, confirmed it. Read Google's response again: NSS says IE is better than Chrome in X, but hey, they didn't say Chrome is better at Y and Z. NSS didn't claim X covers everything related to security so bringing Y and Z to the discussion is just a move to draw attentions from X.
This is totally different.
In this case, the tester tested two products and rated one "99%" and one "3%" against some standard.
The key difference is that UL tests against a pre-existing standard. Not a standard that they made after looking at the product. UL can't customize their test to make one product look better or worse.
The methodology might have been totally bogus (no idea), but the act of paying for the test isn't automatically so.
The act of paying for a test to be designed for you, or a test you designed ahead of time to make your product look good, is bogus. Paying to have a test executed for you is not bogus. One is independent, the other is not.
It doesn't mean that much when you consider that Chrome can't be trusted not to pass information about you to Google.