Protection against malicious software and browser phishing
NSS Labs has published two web browser security research reports.
Testing have been:
All browsers were tested in a clean install + update. Without antiviruses, without add-ons and plug-ins, without group security policies and special settings.
The experiment was carried out according to a scheme similar to the experiment in the first quarter of this year (the previous report can be found here http://nsslabs.com/anti-malware/browser-security ).
')
Testing was carried out continuously for 12 days (24x7), restarted every 4 hours. A total of about 69 test launches were conducted, each of which added new links to malicious software.
At the beginning of the test, each of the browsers installed all available updates.
Compared to previous testing, IE8 improved its performance by 12% and is now 54% apart from the closest pursuer.
Firefox 3 showed a result of 27% - and this is the best result among browsers using the Google SafeBrowsing API (also used by Safari and Chrome).
Safari 4 was 3% worse than Safari 3. Chrome 2 fell 8% from a previous study.
Opera 10 missed almost everything. The researchers specifically checked how the previous version behaves, issuing 5% in the first quarter - no significant difference in the level of protection was found.
According to anti-virus companies, every day there are from 15,000 to 50,000 new malicious programs (or about a million every month) - here the researchers refer to Kaspersky.
According to Trend Micro, 53% of malicious software is installed via Internet download, 12% from mail, and 7% from IFrame exploits.
It is clear that attackers are actively using the capabilities of many social sites like FaceBook, MySpace, LinkedIn, and sites with user content (blogs, twitter, etc.).
What links were considered malicious:
To combat this scourge modern browsers offer an additional level of protection. In detail, it can be arranged in different ways, but in general it is divided into two main components.
The main component is in the cloud and is built as a reputation system, which evaluates sites automatically, semi-automatically or on the basis of manual reviews, leading black and white lists, etc.
The second component is located in the browser and when accessing a particular site it is checked against the component in the cloud. If the site is recognized as bad - the user displays a warning.
If the user downloads the same “Socially engineered malware URL”, the user is issued a warning about a possible threat.
Initially, the test contained 608 references, each day an average of 197 new ones were added (as they were discovered, the experiment was conducted on actual actual data). As testing progressed (in the cloud), it naturally continued to work and learn.
The graph below shows how much time the reputation systems used used to start issuing warnings for the references used in the tests.
Testing environment
Browsers worked inside virtual machines with the following configuration:
The scheme of the experiment is similar to the previous one. In total there were about 80 test launches, each of which added a new portion of phishing sites.
According to the results of the experiment, IE8 and FF3 showed a very close result.
Opera - came third with almost 20% lag due to some operational problems.
Chrome was able to detect 26% of phishing sites, Safari - about 2%.
Phishing link meant the following ...
When tracking phishing sites and warning users, a similar reputation system works.
Initially, 593 unique sites were included in the test. On average, 61 new sites were added every day.
The graphs below show the change in the percentage of blocked sites from the test (it was periodically updated) over time.
The average time for a site to appear in a block list:
The researchers also separately conducted a comparison of Windows and Mac versions of Safari. No differences in the level of protection were found.
Testing have been:
- Apple Safari 4,
- Google Chrome 2,
- Microsoft Internet Explorer 8,
- Mozilla Firefox 3,
- Opera 10 Beta.
All browsers were tested in a clean install + update. Without antiviruses, without add-ons and plug-ins, without group security policies and special settings.
Socially Engineered Malware Protection
Experimental results
The experiment was carried out according to a scheme similar to the experiment in the first quarter of this year (the previous report can be found here http://nsslabs.com/anti-malware/browser-security ).
')
Testing was carried out continuously for 12 days (24x7), restarted every 4 hours. A total of about 69 test launches were conducted, each of which added new links to malicious software.
At the beginning of the test, each of the browsers installed all available updates.
Compared to previous testing, IE8 improved its performance by 12% and is now 54% apart from the closest pursuer.
Firefox 3 showed a result of 27% - and this is the best result among browsers using the Google SafeBrowsing API (also used by Safari and Chrome).
Safari 4 was 3% worse than Safari 3. Chrome 2 fell 8% from a previous study.
Opera 10 missed almost everything. The researchers specifically checked how the previous version behaves, issuing 5% in the first quarter - no significant difference in the level of protection was found.
Experiment Details
According to anti-virus companies, every day there are from 15,000 to 50,000 new malicious programs (or about a million every month) - here the researchers refer to Kaspersky.
According to Trend Micro, 53% of malicious software is installed via Internet download, 12% from mail, and 7% from IFrame exploits.
It is clear that attackers are actively using the capabilities of many social sites like FaceBook, MySpace, LinkedIn, and sites with user content (blogs, twitter, etc.).
What links were considered malicious:
Socially engineered malware URL:
To combat this scourge modern browsers offer an additional level of protection. In detail, it can be arranged in different ways, but in general it is divided into two main components.
The main component is in the cloud and is built as a reputation system, which evaluates sites automatically, semi-automatically or on the basis of manual reviews, leading black and white lists, etc.
The second component is located in the browser and when accessing a particular site it is checked against the component in the cloud. If the site is recognized as bad - the user displays a warning.
If the user downloads the same “Socially engineered malware URL”, the user is issued a warning about a possible threat.
Initially, the test contained 608 references, each day an average of 197 new ones were added (as they were discovered, the experiment was conducted on actual actual data). As testing progressed (in the cloud), it naturally continued to work and learn.
The graph below shows how much time the reputation systems used used to start issuing warnings for the references used in the tests.
Testing environment
Browsers worked inside virtual machines with the following configuration:
- Microsoft Windows 7 RC (build 7100)
- 1GB RAM
- 8GB HD
Phishing
Experimental results
The scheme of the experiment is similar to the previous one. In total there were about 80 test launches, each of which added a new portion of phishing sites.
According to the results of the experiment, IE8 and FF3 showed a very close result.
Opera - came third with almost 20% lag due to some operational problems.
Chrome was able to detect 26% of phishing sites, Safari - about 2%.
Experiment Details
Phishing link meant the following ...
Phishing URL: the URL is an entity that both users have been disclosing.
When tracking phishing sites and warning users, a similar reputation system works.
Initially, 593 unique sites were included in the test. On average, 61 new sites were added every day.
The graphs below show the change in the percentage of blocked sites from the test (it was periodically updated) over time.
The average time for a site to appear in a block list:
The researchers also separately conducted a comparison of Windows and Mac versions of Safari. No differences in the level of protection were found.
Source: https://habr.com/ru/post/67067/
All Articles