what are you doing with nsslabs report that has internet explorer doing better job of blocking socially engineered malware than firefox?
I read a report Socially Engineered Malware (NSS Labs) report showing that Internet Explorer tops all browsers in blocking this type of malware. Here is the link: http://www.technewsworld.com/story/79342.html
Since Firefox is my preferred browser, I would like to know why the significant difference and whether I am missing something that was not covered in the detailed pdf document?
Additional System Details
- Shockwave Flash 11.9 r900
- RealPlayer(tm) LiveConnect-Enabled Plug-In
- RealPlayer Download Plugin
- RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In
- RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In
- RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In
- RealDownloader Plugin
- The plug-in allows you to open and edit files using Microsoft Office applications
- Office Authorization plug-in for NPAPI browsers
- User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Thank you for contacting support. The link you have provided is a news report of the diaries and summary of what the nsslabs are doing in Internet Explorer to prevent socially engineered malware.
Currently Firefox has an active security and privacy community that reports on Security Advisories when using Firefox http://www.mozilla.org/security/known.../firefox.html
Currently our knowledge base has an educating article for Firefox users to keep an active eye out for suspicious phishing and malware How does built-in Phishing and Malware Protection work?
Phishing is reported from this community, the APWG http://www.antiphishing.org/
In the security section of Firefox's Preferences... menu there is a build in option to check for Web Forgeries and Blocking reported attack sites. These are based on lists that are publicly reported and are updated every 30 minutes. More information on the public http://code.google.com/p/google-safe-.../Protocolv2Spec
It is part of our mission to protect user privacy and security. http://www.mozilla.org/en-US/firefox/security/
Here's how I see it:
Historically Mozilla has relied on other sources for its lists of bad URLs. Neither Microsoft nor Google is providing its best data to Moziila, and neither has any incentive to do so. Considering that Mozilla is stretched thin as is, I don't think it makes sense to take on a new project to independently compile this data. One alternative would be to enter into a license agreement with a security company that has no love for Microsoft or Google, and use their data/service in the browser. However, due to the nature of open source licensing, security companies may be uncomfortable doing this. So for the time being, I think you will continue to need a layer of protection provided at the operating system level and optionally as a browser add-on, to identify and block bad URLs (whether the source is social engineering, phishing, or just a web search).