IE9 vs. Chrome Download Security.

0
Microsoft Internet Explorer 9 has been available for download now for a few weeks. Results of independent tests are now available.

Secure downloads is important to eveyone who uses the net for information sharing.
Malware of all types can ride along with the most innocent file download and the result can vary from ones computer being taken over for denial of service attacks to having one files erased or identity stolen. None of these scenarios are desirable.

ZDNet has completed an exhaustive review of IE9 and Chrome that is worth reading.

From:
http://www.zdnet.com/blog/bott/ie9-versus-chrome-which-one-blocks-malware-better/3175?pg=3&tag=mantle_skin;contentbr>
Excerpt:

Social engineering has become the dominant method of distribution for fake antivirus software these days. Google Chrome puts you at risk: in my testing, malware broke through Chrome’s defenses in four clicks. Internet Explorer 9 flags the exact same sites and files as suspicious. What’s really going on?
Blogger Info
Ed Bott


Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.

Google Chrome handles unknown executables that same way Internet Explorer 8 and Firefox do. It allows you to save the file locally, and then you can decide whether to run it. If the social engineering did its job, that means that a significant number of people are going to choose wrong.

Google Chrome frequently allowed me to save what turned out later to be malware. In a few cases I received a warning, but more often the executable file was simply downloaded and allowed to sit in the download bar at the bottom of the browser window. Here are the two download prompts I saw in Google Chrome, taken literally moments apart and representing tiny variations on the exact same dangerous executable.

In some cases, just clicking the plain white background of a hijacked web page caused Chrome to download a file and save it in the Downloads folder. Because this is an executable file simply clicking its entry in the Chrome downloads bar causes it to run. In the video I showed here, that took only four clicks, none of which offered any information to help me make a smart decision.

So how is Internet Explorer 9 different? Every download request gets passed through Microsoft’s SmartScreen filters. Google does something similar. But the IE9 version of SmartScreen includes a new set of algorithms designed to test the reputation of this executable file. Has it been seen before? Is there anything about the file name or the domain that looks suspicious?

In fact, that turns out to be one of the most important questions to ask: Is the executable file signed? Microsoft’s researchers found that roughly 96% of all those red warnings are attached to unsigned, previously unseen files. The algorithm assumes that a file—signed or unsigned—is untrustworthy until it establishes a reputation. No domain or file gets a free pass—not even a new signed release from Microsoft or Google. Every file has to build a reputation. Digitally signed files from legitimate domains do so very quickly. Unsigned files from unknown domains automatically get red-flagged and typically stay that way.

This approach turns conventional thinking on its head, but from a security perspective it’s the right thing to do. It deals with the problem of “dialog box fatigue” by reserving the most dire warnings for files that are new and unknown. Microsoft says that its data show the risk of being infected with malware from clicking through one of these “unknown file” warnings is at least 25% and possibly as high as 70% on any given day. Legitimate files quickly establish a reputation and no longer produce a warning. Actual malware quickly gets identified within a day or two and is fully blocked around the same time the hosting site gets shut down.

According to data that Microsoft gathered during beta testing of IE9, this approach has had a profound impact on user behavior. Fully 95% of previously undetected malware is now either deleted or not run by the user. The impact on actual infections is equally profound, with Microsoft infection rates have dropped to 1/20th compared to similar rates for IE8.

This kind of improvement isn’t just a matter of clever code. It takes a tremendous investment in back-end services and a huge commitment of resources—people and money—to do the necessary analysis. This is one feature that other browser makers—especially Google—desperately need to copy.


Having used IE9 since it was in Beta release I can attest that downloads with IE9 are more secure than with any browser previous.
The dialogue nag boxes are appropriate when they appear and should be read and advice provided followed!

Safe surfing!

0 comments: