Slashdot Mirror
IE 9 Beats Other Browsers at Blocking Malicious Content
Orome1 writes with an article in Net Security. From the article: "Microsoft's Internet Explorer 9 has proved once again to be the best choice when it comes to catching attacks aimed at making the user download Web-based malware. This claim was made by NSS Labs in the recently released results (PDF) of a test conducted globally from May 27 through June 10 of the current year, which saw five of the most popular Web browsers pitted against each other. Windows Internet Explorer 9, Google Chrome 12, Mozilla Firefox 4, Apple Safari 5, and Opera 11 were tested with 1,188 malicious URLs — links that lead to a download that delivers a malicious payload or to a website hosting malware links."
Lynx is safer still. Some of the browsers for Emacs are fairly secure, too.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
This report was produced as part of NSS Labs’ independent testing information services.
Leading vendors were invited to participate fully at no cost, and NSS Labs received no
vendor funding to produce this report.
Firefox still does not have a sandbox in place. That right there is a severe problem. Especially as Firefox is *the* browser with most vulnerabilities. The only thing Mozilla has going for Firefox security is that they are really fast to patch once a vulnerability has become known.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Prediction:
The results are favorable to Microsoft, so there will be a ton of skepticism, investigation, and outright dismissal. However, when studies favorable to this particular community's ideologies are announced, none of that occurs, even though the same kinds of skepticism can and should be applied.
I almost believed this story, then, with my superior intelligence (as shown by my browser, Opera) I realized that this story is probably pulled out someone's ass.
Firefox and Chrome are the safest browsers out there, especially if you use Adblock and NoScript
Chrome doesn't have NoScript. The closest they have it NotScripts, which sucks by comparison. Nothing, IMHO, can touch Firefox with AdBlock and NoScript. Comparing any other browser to that configuration should almost have to come with an asterisk indicating that, though X browser may be more secure in the STOCK version, nothing compares to the POTENTIAL security of Firefox with the right add-ons.
SJW: Someone who has run out of real oppression, and has to fake it.
MSIE got the highest "malware detection rate" because they used it in a mode where nearly every page is marked as "dangerous". It had the highest detection rate but also the highest false positive rate.
If I sit at the airport saying "that plane is going to crash" for every plane that takes off, and eventually get it right, that doesn't mean I'm able to predict which planes are going to crash (even though I got "100% of the crashes" right)...
It could be a study by a PC vendor involving 1,188 sites with Apple malware. (They have to include IE after all, and nobody likes looking like a fool.) Or it could be a genuine study by a really bad security guy (all the browsers support Selenium, so they could have automated tests against as many URLs as they liked - a mere thousand in an automated test is really not that many, given that they'll have been testing against similar attack vectors in many cases).
Not that it matters much. It's not like the most vulnerable users read studies and it's not like those who read studies will pay much attention to anything that advocates one browser over another since many geeks tend to be rather more passionate about what they're seen with than with instantaneous snapshots that won't be valid the next day anyway.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Yep. Mostly because Microsoft has a history of purchasing favourable "findings" from "independent" "research" firms.
Kind of. The process and parameters should always be checked. But the other browsers do not have a history of their parent companies purchasing favourable "findings".
It's called "learning from experience".
There is no reason to forget every past instance when evaluating a new instance. Quite the opposite, in fact.
Of course, when your methodology is that only the bare browser configuration is allowed (e.g., no AdBlockPlus, no NoScript) and you carefully select the malware URLs (obtained from "honey pot" email addresses and then filtered, and then "prune out non-conforming URLs" -- without fully specifying what made them non-conforming) *and* require the malware URLs to be live for at least 6 consecutive hours it gets a lot easier to massage the results. To further exaggerate results not only does a "hit" increase the score but a "miss" decreases it to magnify the difference.
This is the same song as they sang about IE8 with the same, predictable, results. Microsoft didn't pay them a wad of money for this study for nothing.
Frankly, the page itself screams bias with the line "has proved once again". I don't recall this being proved in the past, but hey, I try to be open minded. So I threw NSS labs into google, and immediately turned up:
http://www.thetechherald.com/article.php/200912/3268/Can-you-trust-the-NSS-Labs-report-touting-the-benefits-of-IE8
So apparently they tested IE8 and thought it was awesomesauce. Uhm, ok... I thought IE8 wasn't completely terrible but I wouldn't say it was good. That link seems to think NSS might be a microsoft shill. But ok, I like to be open minded. Let's keep looking. Going down the first page of my google search:
Firewall Vendors Challenge Findings of NSS Labs Report | PCWorld
Haavard - Malware report from NSS Labs manipulates statistics?
Google Responds to NSS Labs Browser Security Report | News
A recent test by NSS Labs gave a near-perfect score to Internet Explorer 9 beta and very poor marks to Chrome and other browsers.
So uhm... yeah... at first glance, I'd say treating them with some skepticism seems more than warranted here.
Chrome actually has built-in support for basic NoScript-like behavior. Block all JS and Plugins and you can whitelist sites from the omnibox. Only downside is, unlike NoScript, you only whitelist the domain in the address bar to allow ANY origin script/plugin embedded in it, including ads and tracking scripts and the like. This is also a problem when you have sites like ytmnd or deviantart with tons of domains, but you can always go into options and add a blanket whitelist for the whole domain.
IE's idiot mode where it tells you "I'm sorry, Dave, I'm afraid I can't do that" might be better at keeping users off bad websites than other browsers, okay.
Give me a study that shows the actual infection rate once you've visited the site; I'm betting that the scores would look different then.
It does now (Ctrl+J after you start downloading, then check the Location column for each file). It didn't in pre-release versions (I forget which, but I used them).
You can hold down the "B" button for continuous firing.
IE 9 does not work with XP-the most used OS in the world.
So ideology is incapable of causing corruption, but money is always an indication of corruption, right?
Whenever I perform an investigation I first look at who benefited or where the money came from in a case. Generally it's helped in establishing who's guilty as I follow the evidence.
Money is a great place to start if you want a clearer understanding of who's guilty. Depends on the case of course :-)
Has Comcast disconnected your Internet account? Same here. You can read about it at http://comcastissue.blogspot.com
Well IE9 HAS to be the best at "catching attacks aimed at making the user download Web-based malware".
That's because only the most stupid web user (read: the most stupid 50%) click banners which go "OMG YOU MUST MAKE YOU COMPUTER FAST AND NOT HAVE VIRUZES NAO!". And yes...they are using Internet Explorer, because quite frankly, they aren't smart enough to spot that Chrome/Firefox are better than IE.
No kitty, this is my pot pie!
Yet again another M$ sponsored study makes IE look better by using an ancient version of Firefox. FF4 is like way out of date. How dare they make such claims.
They also made a few technical errors in the report, at least surrounding Opera. At one point, they list "Opera 10" as having 6.1% block rate, yet earlier in the report they list that as the rate for Opera 11 and Opera 10's rate as 0.00%. That, combined with the absolutely gushing praise for IE9 and its App block (or w/e they call it) filter lead me to suspect quite strongly that this is just another MS paid add by an "independent" (i.e. not directly MS-owned) company.
No technical examination of any other browser's malware blocking was mentioned. Nor did they seem to do any testing of add-ons or extensions. I imagine Add-block alone probably blocks many malicious sites. Oh, and no list of URL's tested was given. Even if this wasn't horribly biased (which I doubt), it was terribly conducted technically speaking.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Please cite your source that Windows 7 is less safe compared to other modern OSs? I say Windows 7 because IE9 won't work on Windows XP.
I grant you that users can be stupid, but that's not the fault of the OS.
I didn't RTFA but, superficially thinking about it, it seems that other browsers would not be vulnerable to attacks aimed at IE9 and so would not detect anything malicious; hell, the attack might not even launch if it doesn't detect an IE9 browser.
Only I can judge you.
Of course, in the wider scheme of things, a browser's stock security is probably more important because add-ons and extensions are effective only if a person is aware of them and takes the time to install them. I'm sure a lot of people don't know to do this, or know and don't bother.
I don't know, but I use my PIN number at the ATM machine all the time now!
Karnal
Aye, but Google has yet to kiss the Blarney Stone.
The protocol for doing so has been extended to include malware downloads at some point, and Chrome implements this, but this part of the protocol is not documented, so Firefox (and Safari) don't.
They found IE9 to be the best choice to defend against attacks aimed at IE9. Other browsers where found to be severely lacking in in defending against attacks aimed at IE9.
Not only that, but they ran all of the tests on Windows. That is hardly the platform that you would choose if you were trying to block malware, so given a free choice of platform IE would be at a severe disadvantage because it is tied to Windows[1]. The test nullifies that disadvantage by making all of the browsers play on Microsoft's home ground. I don't see how they could possibly claim that this was an unbiased test.
[1] unless you count IE5 on Mac OS, which is unlikely to win any prizes in this contest.
1) The false positive rate of IE is very high. It should be obvious that if you give a lot of false warnings, users will disable or ignore the feature, making it worthless. IE already warns if you download something uncommon, for crying out loud.
2) This "cloud based protection", tracking, among other things, popular downloads, means that info about visited URLs gets sent to Microsoft. There are privacy issues with such a system.
Well it is true that this is at least the second time Microsoft has proven that IE blocks more dangerous URLs, but the bigger question is, which browser actually catches infections from the URLs. Via this study it would consider me browsing to a site infected with a script that can't even have a chance of infecting my computer as a failure (say whatever vulnerability the site attempts to take advantage of was already patched 3 years prior, or never even effected the browser being tested). While simultaneously ignoring the risk of infections from legitimate sites that chose to display the wrong advertisement, or were hacked.
...and I respectfully ask: Who cares?
The study is comparing the latest released versions of the major browsers to show who can handle current threats. IMHO if you are still using an outdated browser then you have no right to feel all warm and fuzzy with your security.
Step 1: Upgrade to latest version of browser of your choice.
Step 2: THEN decide if this study gives you reason to want to switch to IE (of said latest version)
I predict you didn't RTFA and are doing exactly what Parent said only trying to sound smarter about it.
You try delivering malware through all those Javascript and CSS compatibility issues.
Wrong question with "firefox is better", etc etc. The real question is, who the hell uses IE9 in the first place?
About 7 in 10 Windows 7 users in the states.
As we've mentioned before, Microsoft skipped XP support for Internet Explorer 9 in order to compete more effectively on Windows 7. In July on Windows 7, Internet Explorer 9 hit 18.5% share worldwide and 24.8% in the United States. There are indications that this strategy is working. Although Internet Explorer lost usage share on XP, on Windows 7, Microsoft increased global usage share, going from 54.6% in June to 54.8% in July. And in the U.S., Internet Explorer share on Windows 7 grew 0.6% to 68.1%.
Browser Wars [August 1, 2011]
I dont' care how good it is at "blocking malicious content" if the underlying OS is still completely unsafe, which is due to what consumers put on their PC's.
Unpatched 0%
Vendor Patch 100%
Microsoft Windows 7 Solution Status (Based on 28 advisories from 2011)
The choice is quite interesting ... Opera 11 dates back to 16.12.2010 and Safari 5 to 17.6.2010.
Mozilla Firefox v4 entered the "end of life" on May 25, 2011.
Chrome 12 dates back to 07.06.2011, but that's v12.0.742.
Without proper version numbers all those tests are at least dubious.
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Is IE9 safer than Firefox + NoScript running on a non-Windows operating system that's less targeted by malware authors?
I'm fairly sure both Firefox and Chrome are the safest browsers out there
Well shit, man, what the hell are you doing? Have you contacted the authors of the study to inform them that you are "fairly sure"? I'm sure this is information that will be useful to them. All they have now are one thousand, one hundred and eighty-eight data points for each of five browsers, I doubt they even allowed themselves to dream that you would be "fairly sure" about what they were trying to study. I'm fairly sure that they only reason they didn't contact you first to get your input was because they never dreamed it possible.
especially if you use Adblock and NoScript
Don't look now, Sport, but AdBlock and NoScript aren't part of Firefox. I know this because my installation of Firefox doesn't include either of them. If Mozilla wants to enjoy the benefits of those extensions for studies like this one then they should merge them into the trunk. Any respectable study should test the vanilla browser as it ships from the vendor, without changing any defaults.
It should be zero surprise to anyone that Microsoft puts a heavy focus on security for IE9+. Microsoft has been hammered for a long time about IE's poor security, if there's any single browser vendor that would put a disproportionate amount of development work into security features, it's Microsoft. Hell, that's probably why they still lack support in other areas.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Essentials:
NoScript
Greasemonkey
Tor
Useful:
bugmenot
betterprivacy
I don't think IE9 is capable of reproducing anything except the Tor button listed above, and in terms of security these add-ons make a world of difference.
Here's the downside, mom & pop have no idea what I'm talking about here, and most require technical knowledge. So in customization vs. practically, the latter tends to win, so I guess I can only agree with the article 50%, and blame the other 50 on ignorance.
Did anyone bother fixing the obnoxious memory leak that doubles the browser's footprint every 30 minutes?
Two of my imaginary friends reproduced once
I am sorry, I don't live in America so I can't follow your lack of culture or your references. Never did I say, by the way, that Microsoft was to be blamed. I merely pointed an obvious fallacy in Bonch's arguments. Unlike you, though, I'm not an Anonymous Coward. I also loved the way you showed how you hate Christians and Jews. Fine with me, I'm an atheist, but I'm sure you have valid reasons for being a tiny dick lover.
Have you heard about SoylentNews?
And I know I can count on you Anonymous Coward, my love. How's the paycheck from Microsoft? Is it that time of the month again?
Have you heard about SoylentNews?
My experience with IE, which I do use, is that you get a "xxx.exe is not commonly downloaded and could harm your computer" as soon as you download anything that isn't popular software. Given that this provides zero useful information, I would expect most users to completely disregard it after a while.
And I bet, correction, I'm sure the study result won't look so good in that case.
Without more information about the false positives encountered, I'd consider it worthless for an objective evaluation.
I disagree, Windows has been dumbed down to the point that it's a valid criticism to make. MS has had an incentive to make sure that users aren't smart enough to be able to switch to another OS. And it seems to be working quite well.
I thought about trying to replicate the experiment but ran into a couple of snafu's.
1. The comparison was between IE9 and Firefox 4 (other browsers as well, but Firefox is the one I typically use).
2. The current version of Firefox is 6.0 -- 6.0 might not have been available at the original time of the study but 5 was. I'd prefer to test the latest and greatest, so it should be a comparison between IE9 and Firefox 6.
3. Microsoft won't let me install IE9. Apparently I would have to upgrade to Windows 7 in order to run their latest version of their web browser.
Guess I can't conduct the test.
If Google Chrome was found to be the best at blocking malicious content, no one would doubt this study.
There is no reason why Microsoft can't have the safest browser on the market. If the Microsoft was smart, they would invest heavily in security to undo the years of damage IE6 caused to its reputation.
This still could be a flawed study, but people shouldn't be so quick to judge just because Microsoft is the winner.
Apparently on Slahsdot, the scientific method has no merit when the result favors Microsoft somehow.
Forget that these tests are repeatable, and can be independently conducted and verified most of the "OMG M$ SPONSORED MICROSOFT FAKE STUDY = ADVERT" crowd ignores this fact.
How do you know how much M$ paid these people, anyways? Prove it. Like, with pictures. Better yet, maybe some shredded invoice numbers and accounting figures from M$ headquarters trash dumpsters? Seriously some of these claims are so paranoid and out of line with reality one wonders if some of the postsers are not just some psycho homeless people happening upon an open laptop at starbucks.
I must admit, Microsoft is showing a lot of positive progress.
1. Windows 7 was a big improvement in stability & usability. (I can't attest to security as I pretty much never have been infected since 98 days).
2. IE 9 is actually showing itself somewhat impressive on HTML5 rendering, and more...
--
Rather than demonize Microsoft, I think we should laud them in finally starting to turn the ship around (technically) if not (ideologically).
There was a time when a headline like this never would have made the front page of slashdot. It's because of this kind of thing that I only come back to slashdot on the rare occasion that I have run out of other things to read on the internet. And what's this? Addthis.com showing up in noscript? Please, bring back the quality!
The study was just concerned with links which prompt you to DL/install something malicious. Of course IE wins: it's the only browser with a built-in link check which validates the links you're going to with MS's servers.
Or, alternatively, you could just not install malware, that would work too. The study is kinda valid, though; if you're too dumb to not install/run random junk from suspicious sites online, you should probably be using something which blocks them for you, IE SmartScreen, anti-"virus" app, or otherwise.
...and I respectfully ask: Who cares?
Since XP can't run IE 9, and a significant percentage of PC's are still running XP or a derivative thereof, IE 9 shouldn't be the only version of IE tested. With the number of add-ons that broke with the upgrade to Firefox 4, and the upgrade to Firefox 5, there is a significant percentage of Firefox users who are not using Firefox 4 or Firefox 5 or even Firefox 6 (which was released this week).
Testing the latest browsers is good for somethings, but the browsers they tested make up a minority of the browsers running on PC's. Even testing IE 7 & IE 8, and earlier versions of Firefox, in order to use those figures as a catalyst to upgrade to IE 9 (for those who can) or Firefox 4 or 5 or 6 would have been helpful.
Step 1: Upgrade to latest version of browser of your choice.
Step 2: THEN decide if this study gives you reason to want to switch to IE (of said latest version)
Not possible for a significant portion of Windows users, and those Firefox users who require one or more add-ons that hasn't been upgraded yet are stuck as well (and with the current rush by Mozilla to catch Chrome's major release number some add-ons could be left far behind or break on a regular basis).
I predict you didn't RTFA and are doing exactly what Parent said only trying to sound smarter about it.
I RTFA and even read the PDF before posting. I'm not bashing, dismissing or casting skepticism on MS or IE. I called for testing Firefox 3 as well, and didn't bother about earlier versions of the other browsers because they either don't have enough of a market share (Opera or Safari) or they are automatically updating to the latest version on their own (Chrome).
IMHO testing the latest browsers for HTML5 or ACID3 compatibility makes sense, but not testing the majority of browsers installed on PC's for security doesn't. It's not like older versions are hard to get, and they can be installed in a VM easily so they aren't hard to run either.
The latest version of Chrome now allows you to run individual plugins if necessary. This is useful for running just one embed and not things on the side.
However, it took a few versions to get that right - almost as if the developers never heard of the flash banners that took 200% CPU.
This isn't about ideology. This is about experience.
You would like to pretend that our biases are not borne out of some rational basis but they are.
Trust is earned over a long period and Microsoft just isn't there yet.
A Pirate and a Puritan look the same on a balance sheet.
Can NSS define a "malicious URL"? It appears to be based on website reputation. However, do these so called "malicious URLs" achieve installing malware on other browsers?
.exe file they come across on the web... but the only real solution there is education.
It seems that Microsoft is trying to win by tracking the entire web for malware, and basing its protection on that. That doesn't exactly signify a "secure product".
I suppose it might prevent users from installing every ActiveX and
"Microsoft's Internet Explorer 9 has proved once again to be the best choice when it comes to catching attacks..."
Is that "Catching" like "Aha! I caught that wascawy wabbit" or is it "Catch" like "If I connect this PC to the internet for a couple minutes without loads of anti-virus protection and a beefy firewall, IE will catch something really nasty..." or even "Catch" like "A filter on a drain, a low place where nasty things tend to accumulate...". Because inquiring minds want to know!.
This isn't to say that IE9 isn't a lovely product, but if you're going to tout it, you might want to say it in a way that makes people clear about what you're saying at first glance. Just a suggestion :-)
And why should MS give a shit about whether you trust them or not? I would say the MS dominance on desktop systems for the past 25+ years demonstrates that honesty doesn't really effect the bottom line. And you are right about experience being important and if MS has anything it is a wealth of experience to fall back on when necessary. Their latest product offerings have actually been pretty decent. Since IE9 got a positive review the naysayers are convinced that the study conducted was faulty. If IE9 had come up last everyone would be praising the study and it's methodologies.
Important question.
FireFox is a platform where we have these things called addons.
NoScript prompts you before running any piece of Javascript, classified by the site it came from.
"Microsoft's Internet Explorer 9 has proved once again to be the best choice when it comes to catching attacks aimed at making the user download Web-based malware .. Windows Internet Explorer 9 (IE9) caught an exceptional 99.2% of live threats: .. Google Chrome 12 caught 13.2%5" link
Once these attacks got past protections what damage did the 0.80% of malware that got past IE9, do to the underlying Operating System and what were the effects of the 86.8% of malware that got past Chrome running on Ubuntu? And why is slashdot giving this self serving BS space on its website?
using a competing browser's search engine may not be the best place to get unbiased evidence while searching for proof or disproof of a potentially biased study. Who woulda thunk it, but if you type "NSS Labs" into Bing, you get evidence that confirms the NSS labs reports.
I'm not sayin', I'm just sayin'.
I think someone should point out clear the difference between the term "Blocking" and the term "Unable to render".
Ok I jest but seriously, FF 4 was current until about a month and a half ago. That a study was using it is unsurprising, it probably was current when they set up the study.
Thing is, neither firefox nor chrome do sufficient badware filtering. Neither is as configurable via group policy to allow scripts to run on sites that you need to run scripts, yet put other sites in less trusted zones.
Out of the box your assertion may hold water, but in the real world where you're trying to enable crappy internal third party web applications to work, I suggest that IE is easy to secure.
Telling users to totally turn off scripting, etc isn't really feasible if they need that functionality to work.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
One methodology could be to test the last 3 versions of a browser - IE6-9, FF3-5, Opera 10 & above and so on. But one assumption here is that the latest version of any browser would have the maxumum #fixes, since it would have all the cumulative fixes of predecessors, plus the new ones. So naturally IE9, FF5 and other latest versions would have the latest & greatest security fixes. Since they were measuring which browser did the best job in blocking the maximum # malicious URLs - 1188 of them - it's irrelevant how many of those copies are out in public. There could be a browser that has only 1 user, but if it blocked all 1188 of them, it would be better than IE9 or Chrome. So the fact that IE9 doesn't run on XP, or that IE7 would be the most popular on XP, is tangential to whether IE9 is more secure or not.
almost no-one uses it?
xxx.exe sounds like a porn executable. I wouldn't trust that!
Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
With the Classic Discussion on (and Noscript) I can read everything, although I can't mod nor vote in the Firehose.
Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
Microsoft paid some mother suckers to conduct this study! Take this down Slashdot! That's like Apple saying OS X is the most secure, advanced OS in the world - It is....compared to Windows 3.11.....LOL!
So we should use Microsoft search engine?!
Independent of the used search engine, in the first 100 results you will mostly find parrot "news agencies" and "computer expert bloggers" repeating over and over again the same story.
Is the Internet noise the evidence confirming the NSS labs report? Or you say: "If you repeat a lie long enough, it becomes truth."
In love, war and slashdot discussions, everything is allowed.
Their latest product offerings have actually been pretty decent.
Do you think the last shitty Office versions are decent?
In love, war and slashdot discussions, everything is allowed.
Well, there are some suspicious things about the report itself, too.
They start with 5000 URLs, but only 1188 URLs "passed our post-validation process and are included in the results". This is certainly an opportunity to add bias. IMO, an honest report should be as transparent as possible when showing their inputs, because selecting your inputs to a test has a huge effect on the test itself. I'm not sure why they had to prune the URLs at all, to be honest. (They mention that it gets pruned if it becomes unavailable which is fine I guess, but there were other reasons they pruned as well.)
Also, it would have been nice to include the actual list of URLs used. They do mention they saved the content of the pages, so hopefully if anyone were to audit them those would be available.
The next suspicious thing are the results themselves. When I go look at CPU benchmarks I expect numbers like "CPU A trails CPU B and only gets 90% of the speed" when we're talking about fairly competitive products. (Actually with CPUs I usually expect much closer numbers than that, but whatever.) To get numbers like 99.9% for IE9 (Malware URL Response Histogram) and 12.7% for the next highest product... well, that makes me wonder. The gap is just suspiciously large. It looks to me like either they're specifically testing a feature that IE9 has that other products don't, they've massaged the inputs, or they've gimped the competition in some way. At least, that's what I immediately start thinking when I read numbers like that.
Additionally, they only seem to be measuring the rate at which bad URLs get blocked (you can figure out the False Accept Rate - FAR from this), and that's an incomplete story. We also need to know how often the browsers block something that they shouldn't have (False Reject Rate - FRR). To take an extreme example of why we need to know that, imagine an algorithm that just blocks everything. You'll get 100% malicious URLs blocked and have a 0% False Accept Rate. However, that's obviously wrong... you'll also have a 100% False Reject Rate. All they say about this is "Periodically, clean URLs were run through the system to verify that the browsers were not over-blocking".
I'm a Christian, but I can assure you I'm highly concentrated.
You are in a maze of twisty little passages, all alike.
I have never been a big Office user except when it involves creating interfaces between it and custom consumer applications so my opinion on the latest release from a user perspective is pretty shallow. I certainly don't use all of the functionality in Office but I can't recall having any issues with creating documents, spreadsheets, or PowerPoint presentations. On the other hand IE8/9 has been easier to target in multi-browser application development projects. Windows 7 seem pretty stable both at home and at work, including the security aspects. The latest development tools also seem to be pretty good. Things like the ASP.NET MVC framework and the MS Enterprise Library provides excellent application cross cutting functionality and saves a ton of development time.
Note: I wasn't pointing that to America but to the AC. As far as I'm concerned, I *WISH* I lived in America. Good to see you too, AC.
Have you heard about SoylentNews?