Internet Explorer Investigation
I was checking out Microsoft's IE page, and I found this official graph that showed performance, and safety. Take a look at both of them.
This one is for speed (ms):
This one is for security (although this sounds a bit suspicious):
99.9%? Really? There's a catch somewhere...
Now, both of these seem crazy at first thought, because, let's be honest, when has IE ever been fast compared to Chrome? And what about the 99.9% of blocked malware...? If you have ever met a Firefox fan, you will know that Firefox has a reputation for being probably the safest browser (second to Tor)! And doing a bit more inspection, it appears that there is an interesting difference between Microsoft's report and NSS Lab's report. If you look closely between the two, you will notice that Microsoft switched around Firefox and Safari. Now, you may be thinking, "Why does 0.1% of blockage matter?" Well, it's the fact that the "official" report and Microsoft's report differ from each other. Here is what Microsoft said:
"Help protect your PC:
Industry–leading SmartScreen Filter helps protect your PC from malware and other mischief makers. Internet Explorer blocks 99.9% of socially engineered malware—that's more than Chrome, Safari, and Firefox. Here's the proof. Shows diagram
Help protect your privacy:
You care about your browsing history. That's why Internet Explorer built in a Do Not Track feature, has an InPrivate Browsing option, and Tracking Protection that you personalize."
Pretty much all of the other browsers mentioned have the same features that were boldfaced. Also, IE itself doesn't have a security scan, even if you see the "Running security scan" banner at the download banner. What it appears IE is looking for AV (Windows Defender) to scan for it. An experiment with my own trojan (easy to detect), and downloaded the trojan twice: once with AV on, once with AV off. (Windows Defender for Windows 8.1 was used in this experiment.)
The results follow:
AV on: Internet Explorer blocked the trojan
AV off: Trojan successfully downloaded
It seems that Internet Explorer does not scan files for viruses on its own...
It is uncertain that we really needed a test to prove that 99.9% of blocked malware is quite a stretch, considering that Internet Explorer is potentially exposed. That brings up another point: Microsoft's results may only show the amount of malware blocked, not the amount of exploits.
The browsers used in the test may have been also outdated, with newer versions available at the time.
Microsoft is being vague with this, so I'm just trying to make sense of what I can. If I'm wrong about anything, please correct me.
C|H of C3