Internet Explorer comes out on top against Phishing

[YoKenny]

Internet Explorer comes out on top against Phishing
Anthony Barboza   

 NSS Labs, an independent security research group, found that Internet Explorer 8 was the best browser tested at thwarting phishing attempts. Firefox was statistically tied with IE for first with Opera and Chrome bringing up the rear. Safari was the real loser of the group with only 2% of phishing attempts blocked and there was no difference between the Mac or Windows client. 

http://www.neowin.net/news/main/09/08/14/internet-explorer-comes-out-on-top-against-phishing

[DavidR]

So this could just as easily have read 'Firefox comes out on top against Phishing and was statistically tied with IE8 for first' depending on who wrote the piece

[cinchez]

FF won over Opera, Chrome, and Safari...and tied with IE?!(tied with IE 8, I wonder )^^

-AnimeLover^^

[polonus]

Hi malware fighters,

Very good news for those that use IE8 fully patched and "out of the box", but what about the couple of "nutters" like those that have layered in-browser security like with Firefox with NoScript, RequestPolicy etc. and off-course have the avast shields up there. I think this personally tweaked and security configured Firefox browser with extensions or Flock for that reason cannot be beaten - not even by IE8.
But agreed that browser flaw does not come as default and never will probably.
Also very few "noob" users protect the privacy inside their browser with ABP, Super Cookie management, etc. And I think this kind of personalisation will never reach IE8 out of the box for obvious reasons, there Adobe and MS think alike. Ad launching and profiling and tracking is the name of the game!

Again we will be waiting for IE8 to tackle some very insecure default settings like:(1) .NET Framework reliant components: Run components not signed with Authenticode (not that a signature guarantes secure components, but without a signature you do not know who produced the component or has changed it aftwerwards)
(2) "Binary and script behaviors" (what does that stand for?!)
(3) "Font download"
(4) "Drag and drop or copy and paste files"
(5) "Include local directory path when uploading files to a server" (OK, Word documenten by default also have full local pathss, so who cares)
(6) "Installation of desktop items"
(7) "Open files based on content, not file extension" - good scheme! (not) What about gigantic improvements towards phishing?

ActiveX
While ActiveX still is an important source of various bugs, we see each version of IE getting better in this respect. "Since IE8 abusing Active X has become less interesting for malcreants. In IE6 these objects could still call all sort of things freely. IE8 at leats warns you."

The main problem was that COM-objects and ActiveX-object were not being used separately.  First mentioned objectsn may be called to re-use parts inside an application, but if they are registered in a wrong way you can call them from within the browser what was never meant to be. Even av-scanners could be uninstalled through a specific COM-object via the browser. Now they cannot be called just like that. Even better would be when Microsoft would run ActiveX inside a sandbox, then bugs are much more difficult to be abused. "Google Chrome has a similar procedure."

polonus