Microsoft browser skunks competition in foiling social engineering attacks

2011-07-20 04:46 PM

By: John P. Mello, Jr.

IE9: kicks malware butt

The latest version of Microsoft's Web browser is more effective by a substantial margin at blocking social engineering attacks than its competitors, according to an independent testing laboratory.

During tests performed by NSS Labs, of Carlsbad, CA, Microsoft Internet Explorer 9 (IE9) blocked 92 percent of live threats with its SmartScreen URL reputation filters and another eight percent with its exclusive application reputation filter. What's more, the previous version of Internet Explorer — version 8 — blocked 90 percent of live threats.

Those numbers excel over competitors Safari 5 (13 percent), Chrome 10 (13 percent), Firefox 4 (13 percent) and Opera 11 (5 percent).

In performing its tests, NSS concentrated on malicious URLs considered a significant threat to European Union (EU) users. According to the EU’s statistics office, Eurostat, almost one third of Internet users in the European Union were victims of malware infections in 2010 despite the majority having security software installed.

"IE9 with SmartScreen offers the best protection of any browser against socially engineered malware," declared the report, which was released on July 15.

"The significance of Microsoft’s new application reputation technology cannot be overstated," the NSS report said. "Application reputation is the first attempt by any vendor to create a definitive list of every application on the Internet."

"The list is dynamically created and maintained, much the same way Google, (or Bing) is continuously building and maintaining a library of content for search purposes," it explained.

A socially-engineered malware URL, NSS said, is a Web page link that directly leads to a download that delivers a malicious payload whose content type would lead to execution or, more generally, a Website known to host malware links.

"Socially-engineered malware attacks pose a significant risk to individuals and organizations by threatening to compromise, damage or acquire sensitive personal and corporate information," the NSS report maintained.

Over the last three years, information highwaymen have increasingly turned to those kinds of malware attacks to work their mischief, it noted. In fact, users are four times more likely to be tricked into downloading malware through a bad URL than from a software exploit.

"[D]etecting and preventing these threats continues to be a challenge as criminals continue to increase their use of malware as a cybercrime attack vector," NSS reported. "Anti-virus researchers report detecting between 15,000 and 50,000 new malicious programs per day, Kaspersky Lab has even reported detecting up to 'millions per month.'"

"While not all of these malicious programs are social engineering attacks, the technique is increasingly being applied to the Web to quickly distribute malware and evade traditional security programs," the report continued. "Fifty-three percent of malware is now delivered via Internet download versus just 12 percent via e-mail according to statistics from Trend Micro."

"From a cybercriminal’s perspective," it added, "tricking users into downloading and installing malware is a preferred means of attack since the weakness they are exploiting is the naiveté of their victim; this enables criminals to cast a wide net since there are no technology dependencies. In contrast, drive-by attacks require the user’s computer to be vulnerable to the exploit being attempted."

http://www.gsnmagazine.com/node/23972?c=cyber_security