Microsoft has unveiled a website aimed at raising awareness of browser security by comparing the ability of Internet Explorer, Mozilla Firefox, and Google Chrome to withstand attacks from malware, phishing, and other types of threats. Your Browser Matters gives the latest versions of Firefox and Chrome a paltry 2 and 2.5 points …
Browser Sniffing Rulez OK!
Opera: Can't give you a rating.
Opera masked as Firefox 2/4
Opera masked as IE: 4/4
Really, you would have to be an idiot to fall for this... However, as most IE users are idiots, they have a warm fuzzy feeling of safety right now....
Sounds like marketing bullshit to me.
You know what they say
Or at least I say.
False security is no security at all.
Thanks for the misleading FUD Microsloth.
I scored 4
On opera 11.5 on opensuse 12.1.
So the site doesn't do any security checks at all.
I think I'll email them to find out why they are leading people
into a sense of false security.
Back to www.grc.com. They do some tests that come in handy.
Just change the user agent and tada...
Funny it actively refuses to rate an iOS user agent, whilst others just leave you with a lot of coloured boxes on the screen and no text.
Well spotted Mike
Firefox 6.02 masquerading as Internet Explorer 9 gets 4 out of 4.
The fact that plugins for Firefox give such a high level of control over the behaviour of the browser with regard to cookie acceptance, script execution, referrer string, user agent, advertisement blocking etc. offers much of the security I need in a browser.
As for Smartscreen filter: From the Internet Explorer 9 privacy statement
"Addresses that are not on the local list and the addresses of files you are downloading will be sent to Microsoft and checked against a frequently updated list of webpages "
Quite an invasion of privacy I would say. So switch on Smartscreen filter and tell Microsoft of every website you visit. I would also describe such a feature as information disclosure and thus a security issue in itself. But IE 9 is not marked down for this.
I agree that Microsoft has made huge improvements to the security of their OS wrt Windows 7 and standards compliance wrt IE9 but to punt such disingenuous bullshit as this website does to the average surfer should be illegal.
Firefox on Solaris
Just for the hell of it I accessed the site with Firefox on Open Solaris ...
Under "Key Security Features" under "Attacks on your browser" I have ticks next to:
"Does the browser benefit from Windows Operating System features that protect against arbitrary data execution?" and
"Does the browser benefit from Windows Operating System features that randomize the memory layout to make it harder for attackers to find their target?"
which I have to say is decidedly odd :)
Not to mention the fact that I went there with NoScript on and saw, well, a lot of boxes telling me that "This page requires Flash Player version 10.2.0 or higher." ... *sighs*
What an absolute crock of flaming bullshit ...
Apparently, my browser "benefit(s) from Windows Operating System features that protect against arbitrary data execution". I suppose the lack of a Windows operating system might count in that regard.
It gave FF under Linux a score of 2, the same as FF under Win 7.
It doesn't test the browser on my HTC either, but it does show me that I'm vulnerable to having my Back button hijacked.
What a bunch of cocks. I emailed to tell them it's bullshit.
Pots and kettles
Talk about the pot calling the kettle black! MS should be ashamed, given the YEARS that their insecure browser IE was feeding their customers malware!
Wont rate Opera either... so for my money it is worthless
Odd - AFAIK Opera was one of the options in that 'choose your browser' thing they ran with Win7. I would have thought all those browsers would work
Aahhh, just like the bad old days
Nice to see M$ back on form with the FUD machine. What's that Steve? every time I use OSS a penguin dies?
Now let's see a website that grades security based on which OS your browser is installed on.
In other news, Tobacco companies claim their product is safe! Sigh.
Even if they're right they really need to learn something about "trustworthiness". In my books, they have none, which makes this site nothing more than cheap propaganda. Sad part is, all they're checking is the user agent tag and going on that. They aren't even checking the operating system, which means their claim that my non-Windows based Firefox isn't using Windows Protected Mode falls... very flat.
They also aren't doing any active checking at all, as done by the Qualsys browser check: https://browsercheck.qualys.com/
Qualys browser check...
...says my version of Java (18.104.22.168) is an "Insecure version" (in red text) and I should upgrade to 22.214.171.124.
I check the 6u27 release notes to find "Java SE 6u27 does not add any fixes for security vulnerabilities beyond those in Java SE 6u26".
I like the idea of OS protection being necessary because of the piece of brain crap that is ActiveX, you know the way IE runs plugins.
re: Qualys browser check
Personally, I'd consider a few of these to be "security" issues that got fixed, where "security" is defined as "freedom from danger or risk" (not just _external_ danger or risks):
But yea, the Qualys check isn't perfect. But it's a hell of a lot more useful than the propaganda crap Microsoft just spewed out.
What -- you mean I really need to use Windows?
But I don't know how to do that. I haven't used Windows for years.
Coat -- I need to see if I can find a Windows manual.
What a Crock
The site does no "testing", it just matches your browser to whatever it has in its lookup table.
I browsed there in FF7 on Ubuntu and discovered this;
Does the browser benefit from Windows Operating System features that protect against arbitrary data execution? [TICK]
Just more MS dirty tricks and FUD, nothing to see here, move along citizen.
so I turned on all the Windows security features but they don't work?
I'm equally puzzled: my copy of FF7 running on XP, with Data Execution Prevention *enabled* and no exception for Firefox isn't being protected by DEP? Are Microsoft claiming DEP in the OS doesn't work or just lying... (can you guess which I think it is).
Also notable that they can't tell that my FF is running with very restricted rights and almost no access to the file system, none at all to critical areas. Another OS protection that apparently doesn't work on anything from Mozilla... or are they lying again (go on, have another guess what I think).
My browser has severe restrictions imposed, both internally via plugins and settings and externally from the OS. I'm pretty certain if I imposed the same on IE it wouldn't run at all and probably take down my desktop or OS along the way.
When Microsoft stop giving their own software special privileges and dangerous hooks into the OS I'll take their security BS more seriously. Till then it's just lies.
In fairness the site doesn't claim to do any testing. Its a bit odd it doesn't check you are running windows before marking for that but it is clearly aimed at the great unwashed who all use windows.
I wonder what score anyone running a Mac gets? This site does seem a little un-thought out.
(can you guess which I think it is).
can't it be both?
I said bollards Audrey
As a wise man one said.....
Fail, MS really do seem to have a problem with a little thing called reality, although sadly I think a few more gulable people will be taken in by this.
What a complete and utter joke.
I agree it's insanely amusing that all they do is check the browser agent. Not only that, but they do even THAT poorly. Another microsoft "rating" that is absolutly useless, like the windows 7 "performance rating" that says my system sucks because I "only" have a sata3 drive and that isn't fast enough for them ...
Guess the FUD police woke up from the long sleep caused by windows vista
If you look at the page source it's obvious that it can't rate any browser other than IE, FF or Chrome due to the terrible way it's been written.
Make Firefox as Safe as IE9...Just pretend
Raving Loony is absolutely right...Using a user agent switcher to change Firefox to IE9...result score now 4/4! What a load of baloney eh? The website does nothing to test the browser for security flaws, just gives a score according the version of the browser it thinks is visiting...if only I could as successfully pretend to be Bill Gates...
"GET TEH FACTS"
The reality is that they've been outright criminally negligent for over a decade and a couple fancy buzzwords (that themselves can and have been bypassed) just isn't enough. They have a well-deserved reputation and shaking that off is going to take some real effort along with some real groveling, anti-fanbois notwithstanding. This even though they are so big they can "afford" to make goofs that would see many lesser companies in administration. That they're still there doesn't mean they're good. They're just big.
Tooting their own horn, redmond does like no other. Maybe they have to since they've attracted such a hatedom. But that doesn't make it the right thing to do, security wise. They have several decades to catch up with. It's no more than reasonable they're trying. But they're not there yet, and a bit of effort does not a saviour make. Not by a long shot. How cringeworthy can you make a simple comparison? I'm sure it'll get worse if you dare look too closely at how they compared.
After how many times the same trick am I allowed to assume it won't be better than the last time, nevermind good, Dan? Or do you insist I have to re-visit my previous experiences every time their marketeering department says I should give them yet another chance? I call that cruel and unusual, I tells you. And you're not giving me lots of reason to assume they're not up to their old tricks yet all over again with deja vu on top. Really now.
I wonder if those endorsers didn't also endorse those windows seven launch parties. Or maybe they just got cooked up for the occasion. Not the first time redmond did such a thing ("alexis de tocqueville institute", anyone?). I can't be bothered to figure out who those guys are and I see Dan didn't either, or if he did he didn't share. Well, that's informative.
IE9 is still an omnishambles of a browser, are there not UN resolutions that can prevent MS from unleashing browsers on the world. Each and every time i do any work it'll go smooth as ice till testing gets done on IE at which point a ton of things will fall to pieces for absolutely no reason. Why do they bother? to promote bing? nobody give a fuck about bing either, they should stick to their core competences, xbox and shite operating systems.
It doesnt check anything
If you're running a Firefox 8 Beta build, Aurora, or Tinderbox it cant give you a score. Its bullshit pure and simple. I haven't tried it with Konqueror yet, but Im curious if it has it. I wont install Chrome or Chromium but can a Chromium user tell us what it says about that?
Linux Mint Chromium: WE CAN'T GIVE YOU A SCORE FOR YOUR BROWSER.
Linux Mint Chromium: WE CAN'T GIVE YOU A SCORE FOR YOUR BROWSER.
@FrankAlphaXII re: Chromium
Chromium 12.0.742.112 (90304) Ubuntu 10.10:
"WE CAN'T GIVE YOU A SCORE FOR YOUR BROWSER."
Konqueror doesn't work either
Clearly it's a pattern match against the user agent, but I haven't spotted where. If anyone finds it before I do, please do share. Me thinks their credibility will go out the window if that truth came to light.
I'll bet they won't show us the source as it'll be too embarrassing to admit they fudged it.
"Me thinks their credibility will go out the window if that truth came to light."
Yes well… sometimes it has been lacking… but I notice they have made some very credible statements in more recent times…
http://www.theregister.co.uk/2011/09/14/windows_server_2008_overview/ for example.
Does it subtract 10 from your score for each of Adobe Reader and Adobe Flash that you have installed?
"Make sure you are opening secured connections to the pages; you do this by typing in "HTTPS" at the beginning of a URL."
Nice to see that doesn't actually work on the page that says to do this.
That's the same page that is using Flash.
It then comes up with:
"Your browser is only as secure as the operating system it runs on. Make sure you have an up to date operating system with the latest security features."
Then presents me with a link to update Windows - which I don't run. And they expect this "information" to be taken seriously?
Firefox under Mint gives me:
Does the browser help protect you from websites that are known to distribute socially engineered malware?
Does your browser provide a distinct warning when you download an application that is of higher risk but not yet confirmed as malware?
How much Linux malware is distributed through browsers? Even if I were able to somehow install malware, it would run as a non-privileged user.
How is it that even though they admit IE lacks a couple security features Chrome and/or Firefox have, IE gets a perfect score? Apparently by rounding up to the nearest half-point at each step. Fishy. A better tally would be something like this:
IE 3.5 • Chrome 2.1 • Firefox 1.8
Which still looks good for IE, but would have improved the illusion of impartiality quite a bit, I wonder why they didn't go with that?
I can only assume they do the calculations server-side using an earlier Pentium chip that suffered the floating-point bug:
Poll results just in... Shock!
Philip Morris polled 100 smokers working at their Marlboro factory in Virginia, who owned shares in the company and bought into the company pension scheme and were retiring soon after 40 years as companymen, whether or not they felt healthier, happier and more invigorated after smoking a Philip Morris cigarette. Uncredibly, 96.2%* said that they absolutely were, and would recommend them to friends!
So now you know. For a long healthy life, smoke cigarettes today! And remember folks, the younger you start, the healthier our prof— err, I mean YOU will be. So why not recommend our new Nico-Teens™ mini cigarettes to your nephews & nieces before the winter arrives.
* Average excludes responses from candidates with very breathy speech, appearing to drag around oxy-acetylene gear wherever they go.
>>So why not recommend our new Nico-Teens™ mini cigarettes to your nephews & nieces before the winter arrives
No IT angle here, but they have them already, at least in the US, they call them Marlboro 72's.
They're marketed as being shorter for short breaks. Yeah right, they're shorter so High School students can flush them down the toilets faster when a School Administrator or School Cop walks into the Bathroom they're smoking in. They're also usually two dollars cheaper than the regular packs.
I smoke, its one of those bad habits the Army and Military in general tends to do to people, along with Alcoholism (though I dont drink in any real quantity, oddly enough. Makes me too sick the next day), but I see through Phillip Morris' bullshit on those things loud and clear. Makes me want to quit even more than I already do, but Nicovax doesnt work well, Chantix made me literally lose three days (I apparently slept for three days), I dont think using the same drug Im addicted to to quit using it makes any sense so the gums, electronic cigarettes and lozenges are out, and the antidepressants make me have insomnia worse than I already do. Some nerd or boffin as you guys call them needs to come up with something better based off of snake venom or something like that which blocks the nicotine receptors but doesn't have all the very strange and downright dangerous side effects of Chantix.
Anyway, funny thing about those Nico-Teens/"72's" is that they have the same levels of Nicotine and "Tar" as a regular Marlboro, but you wind up smoking a pack twice as fast. So kids get hooked twice as fast, for less money.
Trouble with this drivel....
... people will believe it. Not everyone is as tech savvy as most people who read these articles on the Reg.
There must be laws against this site, as it's false advertising.
- Review We have a winner! Fresh Linux Mint 17.1 – hands down the best
- Vid Antarctic ice THICKER than first feared – penguin-bot boffins
- Antique Code Show World of Warcraft then and now: From Orcs and Humans to Warlords of Draenor
- iPhone sales set to PLUMMET: Bleak times ahead for Apple
- HTML5 vs native: Harry Coder and the mudblood mobile app princes