A study by Accuvant Labs, commissioned by Google, has concluded that of the top three browsers, Chrome, Internet Explorer and Firefox, Chrome is the most secure. Internet Explorer ranks second and Firefox comes in third. Accuvant took a different approach than previous comparisons that relied on historical vulnerability statistics and URL blacklist services favoring instead a more comprehensive look that included sandboxing, plug-in security, JIT hardening, address space layout randomization (ASLR), and data execution prevention (DEP) as well as URL blacklist services. They concluded:
The URL blacklisting services offered by all three browsers will stop fewer attacks than will go undetected. Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art anti-exploitation technologies, but Mozilla Firefox lags behind without JIT hardening. While both Google Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies, Google Chrome’s plug-in security and sandboxing architectures are implemented in a more thorough and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured against attack.
The 140-page report is highly informative, especially if you want to get your security geek on.]]>
For some time now, modern browsers have been coded to detect and block malicious websites. We have all seen the messages like the one shown below:
Have you ever wondered how well your browser stacks up with respect to blocking malware? The answer might surprise you. Msnbc.com’s Technolog reports that IE9 is the clear winner:
Tests by NSS Labs to “examine the ability of five different web browsers to protect users from socially-engineered malware” showed that IE9 was able to block this kind of threat 99 percent of the time, beating out Apple Safari 5, Google Chrome 12, Mozilla Firefox 4 and Opera 11.
(Msnbc.com is a joint venture of Microsoft and NBC Universal.)
The closest another Web browser got to that blocking-the-bad stuff rate was Chrome, at a very distant 13.2 percent. At the low end of the blockers was Opera, with a 6.1 percent rate.
Makes you think twice, doesn’t it? Those tests are meaningful, of course, but they don’t take into account that IE9′s market share is only 6.8 percent whereas IE8 controls the market with 29.23 percent, so the overall effect at this time is not significant. However, perhaps this will spur the others on to increasing the effectiveness of their own technologies.]]>
We can now consider Google’s Chrome browser a rousing success. Cybercrooks have begun targeting Chrome users; a compliment, kind of.
The attack begins with a spam message that tries to dupe the unwary into trying an add-on that “helps you better organize your documents received in your email”. A write-up by BitDefender provides a full analysis including screen shots. One interesting note in the analysis:
Although the sham application has the same description as that of an original Google Chrome Extension, the first sign the more inquisitive users will get about it not being what they were looking for should be the fact that instead of the expected “.crx” extension, it features a flamboyant “.exe” tail.
The trojan modifies the Windows HOSTS to redirect any requests for Google or Yahoo pages to counterfeit, malware-laden versions of thoses sites owned by the crooks.
Repeat after me, I will not click links in spam, I will not click links in spam, I will not click links in spam.]]>