IE 9 Tops in blocking Socially Engineered Malware according to NSS Labs Report

Having recently posted tips on security suggesting that Firefox and other browser options offered a more secure browsing experience for the average user - I find it very interesting and worthy of comment the recent report from NSS Labs on browser security.  Browser security covers a lot of ground and the NSS Labs report covers specifically "Socially Engineered Malware", in their words,

"a web page link that directly leads to a download that delivers a malicious payload whose content type would lead to execution, or more generally a website known to host malware links."

This differs from exploit-based, drive-by attacks and according to the report is the predominant internet threat at this time.  The report is careful to point out that it does not evaluate the overall security of the browser or add-ons/extensions in terms of vulnerabilities.

Their findings indicate IE9 blocks 92% of this category of malware.

So, what does it really mean.  It means simply this,  the largest percentage of malware problems today are coming from this kind of attack and Internet Explorer 9 is the best at preventing this form of attack.

I believe IE9 still has some significant overall security challenges but I wanted to post the link to this report and briefly discuss it because it is significant that, without add-ons, IE9 is reportedly doing a very good job blocking this class of malware delivery.

IE9 uses two techniques to attain this protection.

•     SmartScreen URL Filter                      (which is in IE8 as well)
•     SmartScreen Application Reputation   (new to IE9)

SmartScreen URL Filter, as you would expect, blocks bad websites whereas SmartScreen Application Reputation blocks dangerous application executables. 

You can read more about this and other security technology built into IE 9 here.

I've given it some more thought on how I recommend browsers and talk about browsing security to family, friends and co-workers given this report. It's an interesting report and to me, shines new light on IE9 as well as how users are actually compromised.  My own browsing protection strategy has been crafter to protect more against the so-called "drive-by" exploit, java and javascript exploits and click-jacking. Perhaps that is from working in the Security field and being cautious about what links I follow and the email I receive.  

I am not ready to say dump Firefox with security add-ons yet but I am using this as a catalyst to investigate and research browser security even further. I know this is a pretty simplistic analysis at this moment but my hope is that it will serve for both myself and the reader as a point of departure for a closer look at the browser security and just what that means.

   -tm













>

Secunia PSI and some security tips...

I've cleaned up quite a few malware infested personal computers over the years. Frequently, no Anti-virus (AV) software or out of date AV Software is at least a partial cause.
 
Sometimes it's a lack of consistent updating of the Operating System or software from Microsoft.  Microsoft Windows has the ability to be set to update itself and they also offer a free,  decent,  auto-updating, Anti-Virus product called Microsoft Security Essentials which can be downloaded  here .
 
What about all that other software on your personal computer?  Some of the most frequent hacking attacks are being directed against ancillary software such as Adobe Acrobat Reader, Adobe Flash, Firefox, Wireshark and others.

Some people can have dozens of software packages and keeping them up-to-date can be difficult and is frequently where individuals can be most susceptible to compromise.

Enter Secunia PSI (Personal Software Inspector).  This is a free tool (if used for personal use) that will inspect your software, detect out-of-date or vulnerable software and offer to update. It will also detect and install missing security patches and provides you with a nice Dashboard of your personal computer's software status.

Secunia PSI can be downloaded  here.

So, here is a quick survey of a few things you can do to reduce the chances of getting compromised.

1. Use Anti-Virus Software and keep it up to date.
2. Consider using Firefox or Google Chrome browser, Internet Explorer is less safe, more on why in another  post.
3. Consider using a plugin called Ghostery.  It blocks ads, spyware, malware and gives you control over javascript.  Works in Safari, IE, Firefox, and Chrome.  More on this in a later post.
4. Consider installing and using  Secunia PSI.
5. Do NOT open links, PDF’s or other junk via email. Google what people send you and let Ghostery tell you what it finds on that link.
6. DO NOT ever use a USB thumb drive you find.  Bad, Bad, Bad!
7. Set your AV Software to scan USB drives and to have “Real-time” protection on and to scan all downloads.
8. DO NOT frequent file sharing sites. The content is probably illegally copied and highly likely to be a delivery platform for much badness.

      

      

    

4. 

5. 

6. 

7. 

8.   

Malware sleuthing...

Pretty nice blog post over on the Mandiant blog on replacement of the fax server DLL in Windows to hide Malware.  Windows is fertile ground for this type of manipulation. I look forward to studying and talking more about this type of thing in upcoming posts.  In the mean time enjoy this analysis by Nick Harbour.
What the fxsst?