Web Based Malware And Browser Catch Rate

The study shows IE8 and it’s new SmartScreen filter head and shoulders above all other browsers. “Socially engineered malware,” as they put it, is arguably the most important form of malware these days. We’ve reported on it many times in the last year. The basic idea is that the user is enticed into visiting a web site and downloading malware believing it to be something else. The study was funded by Microsoft but the methodology was designed and the tests executed by NSS Labs.

The recent generation of web browsers has approached this problem with reputation services, just as they have with phishing. Just as phishing sites are often initially blocked by browsers (“…this is a reported phishing web site”) based partly on blacklists of domains and IP addresses, so are malware sites being blocked.

NSS Labs’ tests came up with these results overall:

Browser	Malware Catch Rate
IE8 (RC1)	69%
Firefox 3.07	30%
Safari v3	24%
Chrome 1.0.154	16%
Opera 9.84	5%
IE7	4%

Results like these can change over time as companies change priorities and find new sources of reputation data. It’s clear, for example, that Opera and Microsoft with IE7 aren’t even trying very hard to find malware. It’s also true that tests for phishing sites could find very different results. In fact, phishing is all those two browsers may be looking for, and they may find what malware they find by sheer coincidence. Finally, it’s likely that Microsoft was interested in such testing because they had been working hard on improving detection of such sites.

The other important take-away from this is that even the best numbers from IE8 are low. Protection such as this is a good defense-in-depth measure, but it’s no substitute for a good anti-malware program and other protections, such as least-privileged access.

Google updates the Chrome browser

The Google Chrome browser has been updated to fix a vulnerability, which could have resulted in a “severe” attack.

Google Chrome was updated to version 1.0.154.59, fixing an error that could have allowed cross-site scripting attacks without the user doing anything, under certain conditions.

This followed an IBM security advisory, which said that three separate issues in various parts of Google Chrome could make an attacker craft the “powerful” attacks.

Chrome users should receive the update automatically, but will also see an ‘update’ button in the browser.

Google Chrome received its last large major update back in March, while IT PRO blogger Davey Winder revealed how the browser survived the PWN2OWN hacking competition.

• Related post’s : Google Releases new version 1.0.154.159 for Chrome

Google Releases new version 1.0.154.159 for Chrome

Google comes up with a new version release for its Chrome Browser to fix a high security problem flaw detected with its last version.

The problems affected the Google mainstream version which was stable for quite some time before the new version 1.0.154.159. The update has been done automatically without user intervention and Google itself has built the Chrome.

The security problem, which was made into notice on April 8 by Roi Saltzman of the IBM Rational Application Security Research Group, the spoof allowed cross-site scripting attacks. This short of flaw can make a Web browser process unauthorized code such as JavaScript, enabling a variety of attacks, including impersonation or phishing.

An error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions.

If a user has Google Chrome installed, visiting an attacker-controlled Web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker’s choice. Such an attack only works if Chrome is not already running.