There seems to be a lot of disagreement over whether or not Internet Explorer 8 is a secure browser or not. Pwn2Own claims the browser was exploited during their annual competition; the Internet Storm Center says it probably would have withstood the exploit had the “Official” release been used.
Let’s face it; security holes in browsers are half the problem with web browsers. The other half of the equation is social engineering. It’s often said “there’s a sucker born every minute“, and that can really ring true for the average Internet user. We all want to win that iPod or pick up that greeting card from someone we don’t even know. We fall for fake banking sites and sometimes entertain the idea that your long lost uncle did die and leave you money.
Those of us that have been around the Internet a long time (who remembers gopher and veronica?) are savvy to these types of schemes. If you don’t understand how web sites and protocols work, you can be fooled in to visiting sites that nab your private data or worse. A rogue site can fool you in to installing malware on to your computer that can damage or remotely control it. Sometimes you don’t even click and you get hit by drive-by download. In fact, over 50% of malware infections come via the web. How then is one supposed to know what is OK and what isn’t?
According to a recent paper by NSS Labs, preventing social engineering and malware installation is where IE8 beats its competition. Technologies added to Microsoft’s latest browser offering take a lot of the guesswork out of identifying bad or bogus sites.
Many current browsers utilize a distributed reputation-based system. Utilizing this system, malicious web sites are recorded by the vendor, with the browser checking URLs against this list and warning/blocking as appropriate. How quickly these systems block malicious sites varies by browser. Internet Explorer 8 appears to be the winner here, identifying 41% of URLs at “zero hour” and 65% within the first 5 days. One large reason for this is IE8’s SmartScreen. When you compare these numbers to IE7 (only 4%) you really should upgrade your browser and start protecting your computer now!
The direct link to the report is http://nsslabs.com/test-reports/NSS%20Labs%20Browser%20Security%20Test%20-%20Socially%20Engineered%20Malware.pdf.
