back to article Microsoft flags Firefox and Chrome for security failings

Microsoft has unveiled a website aimed at raising awareness of browser security by comparing the ability of Internet Explorer, Mozilla Firefox, and Google Chrome to withstand attacks from malware, phishing, and other types of threats. Your Browser Matters gives the latest versions of Firefox and Chrome a paltry 2 and 2.5 points …

COMMENTS

This topic is closed for new posts.
  1. Mike Judge
    FAIL

    Browser Sniffing Rulez OK!

    Opera: Can't give you a rating.

    Opera masked as Firefox 2/4

    Opera masked as IE: 4/4

    EPIC FAIL.

    Really, you would have to be an idiot to fall for this... However, as most IE users are idiots, they have a warm fuzzy feeling of safety right now....

    1. Anonymous Coward
      Anonymous Coward

      Sounds like marketing bullshit to me.

    2. Framitz

      You know what they say

      Or at least I say.

      False security is no security at all.

      Thanks for the misleading FUD Microsloth.

    3. atomic jam
      FAIL

      I scored 4

      On opera 11.5 on opensuse 12.1.

      So the site doesn't do any security checks at all.

      I think I'll email them to find out why they are leading people

      into a sense of false security.

      Back to www.grc.com. They do some tests that come in handy.

    4. Steve Evans

      Yup...

      Just change the user agent and tada...

      Funny it actively refuses to rate an iOS user agent, whilst others just leave you with a lot of coloured boxes on the screen and no text.

    5. adnim

      Well spotted Mike

      Firefox 6.02 masquerading as Internet Explorer 9 gets 4 out of 4.

      The fact that plugins for Firefox give such a high level of control over the behaviour of the browser with regard to cookie acceptance, script execution, referrer string, user agent, advertisement blocking etc. offers much of the security I need in a browser.

      As for Smartscreen filter: From the Internet Explorer 9 privacy statement

      "Addresses that are not on the local list and the addresses of files you are downloading will be sent to Microsoft and checked against a frequently updated list of webpages "

      Quite an invasion of privacy I would say. So switch on Smartscreen filter and tell Microsoft of every website you visit. I would also describe such a feature as information disclosure and thus a security issue in itself. But IE 9 is not marked down for this.

      I agree that Microsoft has made huge improvements to the security of their OS wrt Windows 7 and standards compliance wrt IE9 but to punt such disingenuous bullshit as this website does to the average surfer should be illegal.

      1. CD001

        Not to mention the fact that I went there with NoScript on and saw, well, a lot of boxes telling me that "This page requires Flash Player version 10.2.0 or higher." ... *sighs*

        What an absolute crock of flaming bullshit ...

    6. Jad
      FAIL

      Firefox on Solaris

      Just for the hell of it I accessed the site with Firefox on Open Solaris ...

      Under "Key Security Features" under "Attacks on your browser" I have ticks next to:

      "Does the browser benefit from Windows Operating System features that protect against arbitrary data execution?" and

      "Does the browser benefit from Windows Operating System features that randomize the memory layout to make it harder for attackers to find their target?"

      which I have to say is decidedly odd :)

  2. paulm

    Apparently, my browser "benefit(s) from Windows Operating System features that protect against arbitrary data execution". I suppose the lack of a Windows operating system might count in that regard.

    1. Anonymous Coward
      Anonymous Coward

      It gave FF under Linux a score of 2, the same as FF under Win 7.

  3. Craigness

    It doesn't test the browser on my HTC either, but it does show me that I'm vulnerable to having my Back button hijacked.

  4. DF118
    WTF?

    Wow

    What a bunch of cocks. I emailed to tell them it's bullshit.

  5. William Boyle
    Thumb Down

    Pots and kettles

    Talk about the pot calling the kettle black! MS should be ashamed, given the YEARS that their insecure browser IE was feeding their customers malware!

  6. Da Weezil
    FAIL

    Wont rate Opera either... so for my money it is worthless

    1. The Commenter formally known as Matt
      Facepalm

      Odd - AFAIK Opera was one of the options in that 'choose your browser' thing they ran with Win7. I would have thought all those browsers would work

  7. Shonko Kid
    Linux

    Aahhh, just like the bad old days

    Nice to see M$ back on form with the FUD machine. What's that Steve? every time I use OSS a penguin dies?

  8. Keep Refrigerated
    Linux

    Now let's see a website that grades security based on which OS your browser is installed on.

  9. raving angry loony
    FAIL

    In other news, Tobacco companies claim their product is safe! Sigh.

    Even if they're right they really need to learn something about "trustworthiness". In my books, they have none, which makes this site nothing more than cheap propaganda. Sad part is, all they're checking is the user agent tag and going on that. They aren't even checking the operating system, which means their claim that my non-Windows based Firefox isn't using Windows Protected Mode falls... very flat.

    They also aren't doing any active checking at all, as done by the Qualsys browser check: https://browsercheck.qualys.com/

    1. colinm
      FAIL

      Qualys browser check...

      ...says my version of Java (1.6.0.26) is an "Insecure version" (in red text) and I should upgrade to 1.6.0.27.

      I check the 6u27 release notes to find "Java SE 6u27 does not add any fixes for security vulnerabilities beyond those in Java SE 6u26".

      1. raving angry loony

        re: Qualys browser check

        Personally, I'd consider a few of these to be "security" issues that got fixed, where "security" is defined as "freedom from danger or risk" (not just _external_ danger or risks):

        http://www.oracle.com/technetwork/java/javase/2col/6u27bugfixes-444150.html

        But yea, the Qualys check isn't perfect. But it's a hell of a lot more useful than the propaganda crap Microsoft just spewed out.

    2. Charlie Clark Silver badge

      I like the idea of OS protection being necessary because of the piece of brain crap that is ActiveX, you know the way IE runs plugins.

    3. RegGuy
      Coat

      Windows?

      What -- you mean I really need to use Windows?

      But I don't know how to do that. I haven't used Windows for years.

      Coat -- I need to see if I can find a Windows manual.

  10. Goat Jam
    FAIL

    What a Crock

    The site does no "testing", it just matches your browser to whatever it has in its lookup table.

    I browsed there in FF7 on Ubuntu and discovered this;

    Does the browser benefit from Windows Operating System features that protect against arbitrary data execution? [TICK]

    O'rly?

    Just more MS dirty tricks and FUD, nothing to see here, move along citizen.

    1. Paul Shirley
      WTF?

      so I turned on all the Windows security features but they don't work?

      I'm equally puzzled: my copy of FF7 running on XP, with Data Execution Prevention *enabled* and no exception for Firefox isn't being protected by DEP? Are Microsoft claiming DEP in the OS doesn't work or just lying... (can you guess which I think it is).

      Also notable that they can't tell that my FF is running with very restricted rights and almost no access to the file system, none at all to critical areas. Another OS protection that apparently doesn't work on anything from Mozilla... or are they lying again (go on, have another guess what I think).

      My browser has severe restrictions imposed, both internally via plugins and settings and externally from the OS. I'm pretty certain if I imposed the same on IE it wouldn't run at all and probably take down my desktop or OS along the way.

      When Microsoft stop giving their own software special privileges and dangerous hooks into the OS I'll take their security BS more seriously. Till then it's just lies.

      1. Robert E A Harvey

        (can you guess which I think it is).

        can't it be both?

    2. The Commenter formally known as Matt
      Boffin

      In fairness the site doesn't claim to do any testing. Its a bit odd it doesn't check you are running windows before marking for that but it is clearly aimed at the great unwashed who all use windows.

      I wonder what score anyone running a Mac gets? This site does seem a little un-thought out.

  11. Anonymous Coward
    Anonymous Coward

    I said bollards Audrey

    As a wise man one said.....

  12. Nights_are_Long
    FAIL

    Fail, MS really do seem to have a problem with a little thing called reality, although sadly I think a few more gulable people will be taken in by this.

  13. herkamur
    FAIL

    What a complete and utter joke.

  14. Mad Chaz
    Trollface

    I agree it's insanely amusing that all they do is check the browser agent. Not only that, but they do even THAT poorly. Another microsoft "rating" that is absolutly useless, like the windows 7 "performance rating" that says my system sucks because I "only" have a sata3 drive and that isn't fast enough for them ...

    Guess the FUD police woke up from the long sleep caused by windows vista

  15. Dave Murray Silver badge
    Thumb Down

    Other browsers

    If you look at the page source it's obvious that it can't rate any browser other than IE, FF or Chrome due to the terrible way it's been written.

  16. saif
    Joke

    Make Firefox as Safe as IE9...Just pretend

    Raving Loony is absolutely right...Using a user agent switcher to change Firefox to IE9...result score now 4/4! What a load of baloney eh? The website does nothing to test the browser for security flaws, just gives a score according the version of the browser it thinks is visiting...if only I could as successfully pretend to be Bill Gates...

  17. This post has been deleted by its author

  18. Anonymous Coward
    Anonymous Coward

    "GET TEH FACTS"

    The reality is that they've been outright criminally negligent for over a decade and a couple fancy buzzwords (that themselves can and have been bypassed) just isn't enough. They have a well-deserved reputation and shaking that off is going to take some real effort along with some real groveling, anti-fanbois notwithstanding. This even though they are so big they can "afford" to make goofs that would see many lesser companies in administration. That they're still there doesn't mean they're good. They're just big.

    Tooting their own horn, redmond does like no other. Maybe they have to since they've attracted such a hatedom. But that doesn't make it the right thing to do, security wise. They have several decades to catch up with. It's no more than reasonable they're trying. But they're not there yet, and a bit of effort does not a saviour make. Not by a long shot. How cringeworthy can you make a simple comparison? I'm sure it'll get worse if you dare look too closely at how they compared.

    After how many times the same trick am I allowed to assume it won't be better than the last time, nevermind good, Dan? Or do you insist I have to re-visit my previous experiences every time their marketeering department says I should give them yet another chance? I call that cruel and unusual, I tells you. And you're not giving me lots of reason to assume they're not up to their old tricks yet all over again with deja vu on top. Really now.

    I wonder if those endorsers didn't also endorse those windows seven launch parties. Or maybe they just got cooked up for the occasion. Not the first time redmond did such a thing ("alexis de tocqueville institute", anyone?). I can't be bothered to figure out who those guys are and I see Dan didn't either, or if he did he didn't share. Well, that's informative.

  19. markd74

    Fuck IE

    IE9 is still an omnishambles of a browser, are there not UN resolutions that can prevent MS from unleashing browsers on the world. Each and every time i do any work it'll go smooth as ice till testing gets done on IE at which point a ton of things will fall to pieces for absolutely no reason. Why do they bother? to promote bing? nobody give a fuck about bing either, they should stick to their core competences, xbox and shite operating systems.

  20. FrankAlphaXII
    FAIL

    It doesnt check anything

    If you're running a Firefox 8 Beta build, Aurora, or Tinderbox it cant give you a score. Its bullshit pure and simple. I haven't tried it with Konqueror yet, but Im curious if it has it. I wont install Chrome or Chromium but can a Chromium user tell us what it says about that?

    1. Anonymous Coward
      Anonymous Coward

      Linux Mint Chromium: WE CAN'T GIVE YOU A SCORE FOR YOUR BROWSER.

      Linux Mint Chromium: WE CAN'T GIVE YOU A SCORE FOR YOUR BROWSER.

    2. The Envoy
      Facepalm

      @FrankAlphaXII re: Chromium

      Chromium 12.0.742.112 (90304) Ubuntu 10.10:

      "WE CAN'T GIVE YOU A SCORE FOR YOUR BROWSER."

    3. Anonymous Coward
      FAIL

      Konqueror doesn't work either

      Actually, I had a look at the JavaScript, and haven't yet spotted how they do the browser detection.

      Clearly it's a pattern match against the user agent, but I haven't spotted where. If anyone finds it before I do, please do share. Me thinks their credibility will go out the window if that truth came to light.

      1. Big-nosed Pengie
        Facepalm

        "Me thinks their credibility will go out the window if that truth came to light."

        Credibility? Microsoft?

        1. Anonymous Coward
          Anonymous Coward

          Yes well… sometimes it has been lacking… but I notice they have made some very credible statements in more recent times…

          http://www.theregister.co.uk/2011/09/14/windows_server_2008_overview/ for example.

    4. Anonymous Coward
      Facepalm

      Okay, my earlier remark about JavaScript checking, it's probably done server side. So we won't see it in the JavaScript. Didn't think of that naturally, but of course, I should've seen that coming.

      I'll bet they won't show us the source as it'll be too embarrassing to admit they fudged it.

  21. BristolBachelor Gold badge
    Joke

    Plugins?

    Does it subtract 10 from your score for each of Adobe Reader and Adobe Flash that you have installed?

  22. Gordon 11

    Hypocritical

    "Make sure you are opening secured connections to the pages; you do this by typing in "HTTPS" at the beginning of a URL."

    Nice to see that doesn't actually work on the page that says to do this.

    That's the same page that is using Flash.

    It then comes up with:

    "Your browser is only as secure as the operating system it runs on. Make sure you have an up to date operating system with the latest security features."

    Then presents me with a link to update Windows - which I don't run. And they expect this "information" to be taken seriously?

  23. Anonymous Coward
    Anonymous Coward

    Firefox under Mint gives me:

    Does the browser help protect you from websites that are known to distribute socially engineered malware?

    Does your browser provide a distinct warning when you download an application that is of higher risk but not yet confirmed as malware?

    How much Linux malware is distributed through browsers? Even if I were able to somehow install malware, it would run as a non-privileged user.

  24. Old Handle
    Paris Hilton

    How is it that even though they admit IE lacks a couple security features Chrome and/or Firefox have, IE gets a perfect score? Apparently by rounding up to the nearest half-point at each step. Fishy. A better tally would be something like this:

    IE 3.5 • Chrome 2.1 • Firefox 1.8

    Which still looks good for IE, but would have improved the illusion of impartiality quite a bit, I wonder why they didn't go with that?

    1. Anonymous Coward
      Joke

      I can only assume they do the calculations server-side using an earlier Pentium chip that suffered the floating-point bug:

      http://en.wikipedia.org/wiki/P5_%28microprocessor%29#Bugs_and_problems

  25. Anonymous Coward
    Anonymous Coward

    Poll results just in... Shock!

    Philip Morris polled 100 smokers working at their Marlboro factory in Virginia, who owned shares in the company and bought into the company pension scheme and were retiring soon after 40 years as companymen, whether or not they felt healthier, happier and more invigorated after smoking a Philip Morris cigarette. Uncredibly, 96.2%* said that they absolutely were, and would recommend them to friends!

    So now you know. For a long healthy life, smoke cigarettes today! And remember folks, the younger you start, the healthier our prof— err, I mean YOU will be. So why not recommend our new Nico-Teens™ mini cigarettes to your nephews & nieces before the winter arrives.

    * Average excludes responses from candidates with very breathy speech, appearing to drag around oxy-acetylene gear wherever they go.

    1. FrankAlphaXII
      Facepalm

      "Nico-Teens"

      >>So why not recommend our new Nico-Teens™ mini cigarettes to your nephews & nieces before the winter arrives

      No IT angle here, but they have them already, at least in the US, they call them Marlboro 72's.

      They're marketed as being shorter for short breaks. Yeah right, they're shorter so High School students can flush them down the toilets faster when a School Administrator or School Cop walks into the Bathroom they're smoking in. They're also usually two dollars cheaper than the regular packs.

      I smoke, its one of those bad habits the Army and Military in general tends to do to people, along with Alcoholism (though I dont drink in any real quantity, oddly enough. Makes me too sick the next day), but I see through Phillip Morris' bullshit on those things loud and clear. Makes me want to quit even more than I already do, but Nicovax doesnt work well, Chantix made me literally lose three days (I apparently slept for three days), I dont think using the same drug Im addicted to to quit using it makes any sense so the gums, electronic cigarettes and lozenges are out, and the antidepressants make me have insomnia worse than I already do. Some nerd or boffin as you guys call them needs to come up with something better based off of snake venom or something like that which blocks the nicotine receptors but doesn't have all the very strange and downright dangerous side effects of Chantix.

      Anyway, funny thing about those Nico-Teens/"72's" is that they have the same levels of Nicotine and "Tar" as a regular Marlboro, but you wind up smoking a pack twice as fast. So kids get hooked twice as fast, for less money.

  26. Lord Lien

    Trouble with this drivel....

    ... people will believe it. Not everyone is as tech savvy as most people who read these articles on the Reg.

    There must be laws against this site, as it's false advertising.

  27. Anonymous Coward
    Coffee/keyboard

    Am I the only one annoyed at El Reg??

    yes, the checker is complete horse pukky, but I am also outraged that El Reg ran it as a straight news story; this story should contain so much sarcasm it should be pouring out of the screen and making my feet wet.

    1. Anonymous Coward
      Anonymous Coward

      Not the only one, no.

      Then again, IIRC (I haven't checked) this isn't the first time for Dan to toss off a straight-ish story with a nice kicker at the end to tick off the commentards. He does that fairly well, whether he means to or not, and heck, without dissent having a good discussion is that much harder. And at least it shows very clearly where the readership's sentiments are.

      Yes of course that's trolling, and yes of course I'll bite just for the heck of it.

  28. Anonymous Coward
    Thumb Down

    Using only the browser headers without doing any scan tells a lot about their credibility on this...

    I knew it right away because I'm using Firefox but I've installed the "noscript" plugin which takes care of the XSS stuff so I knew they were actually just using the agent id to display their rating... also the displaying was way too quick for any scanning to have occurred.

    Actually this means someone could be using IE9 with a "dangerous" custom setting, which wouldn't protect the user efficiently, and the user would still get 4/4 on their page... which is much worst a situation I believe than my browser i.e. Firefox, which I supplement with NoScipt and CookieSafe... so their stunt is borderline reckless! They're so much in conflict of interest here. Awarding a perfect score to your own browser is just wrong when you set the standard of what the "secure" browser should be. I believe it's false advertising, and they should be forced to indicate that no actual scanning occurs and that the "result" indicate a static MS opinion on the subject of browser security.

  29. Tristan Young

    It's hard to take Microsoft seriously anymore.

    Security is not one of Microsoft's strong suits. It was their fault that people started dumping IE and switching to other browsers.

    You couldn't pay me to switch back to IE. In fact, the only Microsoft software I run now is Windows 7 itself. There is no other software Microsoft produces that is worth running on any of my machines.

    My security has improved vastly since switching to Firefox.

  30. Anonymous Coward
    Windows

    Look what got!

    I'm on SeaMonkey which is powered by AdBlock+ and NoScript (highly recommended plugins!).

    So what did I get? Well, also a 2 out of 4 but its the end of the website which made me laugh:

    How does your browser keep you safer?

    Get Adobe Flash player

    This page requires Flash Player version 10.2.0 or higher.

    IMPORTANT: After installing the required upgrade please reload this browser window to view the video.

    This is all positioned right besides the green "What is MALWARE?" column.

    Not so funny?

    Ok, how about this one... This is how the bottom section looks like on my end:

    1 DANGEROUS DOWNLOADS <banner stating "F Get ADOBE Flash player">

    2 PHISING WEBSITES White section stating: "This website requires Flash Player version 10.2.0 or higher"

    3 ATTACKS ON YOUR BROWSER White section stating: "IMPORTANT: After installing the required upgrade please reload this browser window to view the video".

    Maybe you already think this to be funny, I know I did. But what really made me laugh was noticing the summary of key features at the bottom:

    "Does your browser provide a distinct warning when you download an application that is of higher risk but not yet confirmed as malware?" and according to this website mine doesn't. But the messages I see above beg to differ.

    I know MS probably bases this on pristine browsers. But that's where this goes wrong. Mozilla's browsers were made to be extended upon. At the very least they could have added some code to check up on this and confirm that (for example) the existence of a NoScript plugin is also enough to keep you safe.

    THAT would have been a winner because THAT would have gained them some more respect (maybe a little, but all little bits count) from the technical community.

    And now all they get are ridicules. Their loss, missed opportunity.

  31. eulampios

    On the up-to-date Ubuntu 10.04 LTS with a custom kernel I get

    ff7 ---> 2

    konqeror,epiphany, w3m, lynx, elinks ---> "Cannot rate your browser"

    Funny guys.

  32. Anonymous Coward
    Anonymous Coward

    Had a look

    ... and concluded that they forgot to put a header "Advertisement" on the page. Smacks of desperation.

  33. Tom 7 Silver badge

    This will obviously help the virus writers

    as they can nick the code that does the browser sniffing.

    Personally I'd like a bit of code that prevents browser OS sniffing for the same reason.

    If we could all just use some 8 year old standards none of this crap would be necessary.

  34. Socrates
    FAIL

    Ms can't identify their own browsers

    I'm running IE8 on Win7 x64 with Protected Mode, SmartScreen filters etc., but the website said I have IE7, and scored it only 1/4.

    By my reckoning, it should have scored it 3/4 - epic fail....

  35. Youngdog
    Thumb Down

    Company Punts Own Product Yawn

    Creating a link for people to click that takes them to a page loaded with well-meaning sentiments might make people feel 'engaged' and create the illusion of credibility.

    Unfortunately the 'engagement' is akin to someone taking the Pepsi Challenge and then letting the twonk from Pepsi do the tasting!

  36. Anonymous Coward
    FAIL

    FAIL

    "The site dings Firefox for a variety of omissions, including its inability to restrict an extension or a plug-in on a per-site basis, its failure to use Windows Protected Mode or a similar mechanism such to prevent the browser from modifying parts of the system it doesn’t have access to"

    That points more to an omission in the OS, in my IMNSHO. On linux, for example, you have AppArmor, which prevents programs from accessing parts of the system it ought not to be touching. The browser does not have to write something to use this, since it is part of the OS.

  37. Robert E A Harvey

    Yawn

    I am reminded of some dockyard whore watching a lady in evening dress and describing her as 'a bit of a slapper'

    I think the Mandy Rice-Davies comment is apposite here.

  38. Anonymous Coward
    Anonymous Coward

    Smart screen,,,hmm, smartscree where have I heard that before

    Ih yes its the complete waste of time that classifies malware peddling sites as safe while whenever MS has a hissy fit slows browsing down on some machines to the point it looks like the broadband connection went away.

    Still given how mind numbingly slow IE8/9 are on anything but a brand new pc I suppose they are secure, people get bored waiting and turn off.

  39. James O'Brien
    Devil

    @ Stuart Longland

    You mean they have credibility left to begin with?

    When faced with the truth MS even lies to themselves.

  40. Anonymous Coward
    FAIL

    Flash?

    I don't know whether anybody noticed or not, but there is some Flash on that website (videos under Browser features for an example). Does that mean Silverlight is so dead that not even Microsoft will use it anymore?

  41. big_D Silver badge
    FAIL

    IE no score...

    Evidently, Microsoft have never heard of IE 8 on Windows Phone 7! :-D

  42. Anonymous Coward
    Anonymous Coward

    I must try running this

    from some god-only-knows-how-old version of Netscape under Windows 3.1.

  43. Rhiakath Flanders
    Facepalm

    not biased at all..... nooooo

    And it rates mostly capabilities only found on Internet explorer. It's like asking "is your car blue? No? Then you failed, because ours is".

    They should just be asking "is your browser made by microsoft? If so, get 4 automatically"

  44. Charlie Clark Silver badge
    FAIL

    Their own worst enemy

    I guess the site is mainly trying to encourage IE 6, 7 and 8 users to "upgrade" to the latest and greatest version of IE, seeing as that has been such an utter fail so far (stats on international sites are approx 5% IE 6, 10% IE 7, 15% IE 9. 30% IE 8). Well, no shit Sherlock! By not providing a reasonable upgrade path for IE users, ie. forcing them to change their operating systems in order to change their browser, Microsoft has caused this fragmentation.

    Solution: backport IE 9 to XP and Windows 2000 or get out of the browser game.

  45. Anonymous Coward
    Anonymous Coward

    BAD OMEN to see Fraud alive and well in 2011

    The website doesn't test jack shit.

    It only reads the user agent.

    I dare the creator to a test of truth

    the loser gets a baseball bat in the face

  46. BoxedSet
    Mushroom

    So we have a perfect score for IE9, oh lordy what a surprise. Tish and Pish m'lud!

    How about M$ actually rewriting the next version of it to actually be *totally* secure and not require several security patches released every month to address yet another raft of fixes for the perenial "may allow a remote user elevated access". FFS

    Not that I would use it even if they did. It still makes a dogs breakfast of some websites so will stick with a FF or Opera.....

  47. The Real Tony Smith
    WTF?

    Complete Bullshit!

    Using Konqueror with the default Browser ID gives......

    'We do not have any data for your browser, so we can’t give your browser a score.'

    Changing the browser ID to IE4 on Windows 2K gives a blank screen!

  48. Benanov
    Holmes

    Midori

    Midori - "we can't give you a score"

    Wow, user agent sniffing is like, what, 1998 technology? Way to stay current, Microsoft.

    I suppose if we were looking for an ACID style test, a lot of IT admins would wonder why Microsoft.com is serving 'malware' - you'd have to be able to have some sort of actual test, and that'd trip a lot of 'security' software in companies these days.

  49. John F***ing Stepp

    I don't visit this type site.

    Too afraid I'll download malware.

  50. CampyLinux

    So this isn't actually a dynamic test it is just a UA look up

    I had thought that visiting the site would look at my specific browser instance and look for security flaws, but it is nothing that elaborate.

    When I visit the site with Firefox using the correct UA, "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1", I get a 2 out of 4 score. When I use a FF browser plugin to change my UA to "User-Agent: Mozilla/5.0 (compatible, MSIE 9.0; Windows NT 6.1; Trident/5.0", I jump to a perfect 4.

    Not sure why they made the site appear to be dynamic instead of just providing a chart!

  51. Tree

    IE is the WORST, Chrome is second WORST

    The Microsoft browser was designed to defeat Netscape by being part of Windows making Windows most vulnerable to what comes into the browser from outside. Internet Exploder is now much better, yet we still have dot.NET and Silverlight with Highly URGENT Critical flaws just patched and Active-X whuch cannot be made totally safe. Gurgle makes a living selling your personal information to third parties and that can't be safe. Maybe you trust Gurgle, but those info buyers may be evil. You are tracked by Chrome. With Firefox extensions like NoScript and Better Privacy, not to mention Customise Google and AdBlock Plus, one can have better control of your identity from bad guys trolling for suckers. Firefox rules for safety!

  52. Anteaus

    Largely irrelevant result anyway.

    By far the most common exploit is social engineering. Put-up a notice telling the user to upgrade their Flash plugin, and users will reflexively click Yes. No clever exploits needed, just a simple layered javascript popup.

    Problem here is computers which constantly hammer the user with upgrade requests, and browsers which allow system dialogs to be simulated, even to the extent of simulating 'screen dimming' UAE prompts.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021