Beruflich Dokumente
Kultur Dokumente
Tested
Products
Qihoo
360
Safe
Browser
Version:
6.3.1.132,
Proxy
Version:
21.0.1180.89
Firefox
Version:
27.0.1
Google
Chrome
Version:
33.0.1750
Internet
Explorer
Version:
11.0.9600.16384
Kingsoft
Liebao
Browser
Version:
4.5.37.6837
Opera
Version:
19.0.1326.63
Safari
Version:
5.1.7
(7534.57.2)
Sogou
Explorer:
4.2.6.10812
Environment
Operating
System:
Windows
8.1
Enterprise
with
Windows
Defender
disabled
Security
Stack:
Testing
Methodology
V1.5
NSS Labs
Overview
Eight
leading
browsers,
including
three
from
China,
were
tested
against
the
Security
Stack:
Testing
Methodology
V1.5,
using
657
samples
of
socially
engineered
malware
(SEM)
that
were
captured
over
14
days
in
NSS
Labs
unique
live
testing
harness.
SEM
attacks
use
several
different
methods
to
deceive
users
into
downloading
malicious
software,
but
the
browser
is
the
primary
vector
for
delivery
of
SEM
and
therefore
is
the
first
line
of
defense
against
such
attacks.
Internet Explorer
99.9%
85.1%
Liebao Browser
70.7%
Chrome
60.1%
Sogou Explorer
Opera
360 Safe Browser
28.8%
6.3%
Firefox
4.2%
Safari
4.1%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Figure
1
demonstrates
that
Internet
Explorer
blocked
99.9%
of
the
SEM
that
was
used
in
this
test.
Internet
Explorer
provides
SEM
protection
by
using
a
combination
of
SmartScreen
URL
filtering
and
App
Rep,
a
technology
that
requires
no
knowledge
of
whether
an
application
is
harmful
or
benign.
Chrome,
which
placed
third,
uses
URL
filtering
and
an
application
reputation
system
called
Download
Protection.
Both
App
Rep
and
Download
Protection
1
are
content-agnostic
malware
protection
(CAMP)
technologies.
The
Chinese
browser,
Liebao,
by
Kingsoft
placed
second,
despite
the
browsers
lack
of
a
CAMP
technology.
Sogou
Explorer,
another
browser
from
China,
placed
fourth,
scoring
more
than
30
percentage
points
higher
than
the
fifth-place
browser.
NSS Labs
Microsoft
Internet
Explorer
provides
SEM
protection
that
is
superior
to
all
other
tested
browsers
and
many
endpoint
protection
(EPP)
products.
Cloud-based
EPP
file
scanning
can
provide
substantial
SEM
protection
when
integrated
into
a
browser.
The
Google
Safe
Browsing
API
does
not
provide
adequate
SEM
protection.
The
Chinese
browsers
tested
are
viable
and
demonstrate
the
ability
to
compete
on
technical
merit.
Learn
to
identify
social
engineering
attacks
in
order
to
maximize
protection
against
SEM
and
other
social
engineering
attacks.
Use
caution
when
sharing
links
from
friends
and
other
trusted
contacts,
such
as
banks.
Waiting
just
one
day
before
clicking
on
a
link
can
significantly
reduce
risk
Enterprises
should
review
current
NSS
reports
when
selecting
browsers.
Do
not
assume
the
browser
market
is
static.
NSS Labs
Table
of
Contents
Environment
...........................................................................................................................
1
Overview
................................................................................................................................
2
NSS
Labs
Findings
....................................................................................................................
3
NSS
Labs
Recommendations
...................................................................................................
3
Analysis
..................................................................................................................................
5
Protection
Metrics
..................................................................................................................
5
Zero-Hour
Protection
...................................................................................................................................
5
Average
Time
to
Block
..................................................................................................................................
7
The
Death
of
the
Safe
Browsing
API
for
SEM
Protection
.............................................................................
8
Consistency
of
Protection
over
Time
...........................................................................................................
9
The
Chinese
Browsers
................................................................................................................................
10
Education
Is
a
Component
of
SEM
Protection
...........................................................................................
10
Contact
Information
..............................................................................................................
11
Table
of
Figures
Figure
1
Average
Block
Rate
for
SEM
.........................................................................................................................
2
Figure
2
SEM
URL
Response
Histogram
.....................................................................................................................
6
Figure
3
Average
Time
to
Block
.................................................................................................................................
7
Figure
4
Limitations
of
the
Safe
Browsing
API
...........................................................................................................
8
Figure
5
SEM
Protection
of
Products
Using
the
Safe
Browsing
API
...........................................................................
9
Figure
6
SEM
Protection
over
Time
...........................................................................................................................
9
Figure
7
SEM
Protection
over
Time
Chinese
Browsers
.........................................................................................
10
NSS Labs
Analysis
For
several
years,
the
use
of
social
engineering
has
accounted
for
the
bulk
of
cyberattacks
against
consumers
and
enterprises.
SEM
attacks
use
a
dynamic
combination
of
factors
such
as
social
media,
hijacked
email
accounts,
false
notification
of
computer
problems,
and
other
deceptions
to
encourage
users
to
download
the
malware.
Cybercriminals
use
hijacked
email
accounts
to
take
advantage
of
the
implicit
trust
between
contacts
and
deceive
victims
into
believing
that
links
to
malicious
files
are
trustworthy.
Hijacked
social
media
accounts
are
used
in
the
same
way
as
hijacked
email
accounts.
In
the
case
of
social
networks,
however,
the
circle
becomes
wider:
friends
and
even
friends
of
friends
risk
being
deceived.
Social
engineering
tactics
may
use
pop-up
messages
advising
users
that,
for
example,
their
computers
are
infected;
their
computers
require
optimizing;
their
computers
require
updates
to
Windows;
or
that
they
should
install
applications,
such
as
Adobe
Flash
Player.
Once
malware
is
installed,
victims
are
vulnerable
to
identity
theft,
bank
account
compromise,
and
other
potentially
devastating
consequences.
During
NSS
testing,
Internet
Explorer
provided
the
highest
level
of
SEM
protection
of
all
browsers.
This
is
because
of
its
use
of
SmartScreen
and
Application
Reputation
technology
(App
Rep).
Chromes
Download
Protection
had
elevated
it
to
second
place
in
three
tests
from
2011
to
2013,
but
in
this
test,
Liebao
Browser
achieved
the
second
place
ranking,
outperforming
Chrome
by
more
than
14
percentage
points
in
the
average
block
rate.
Unlike
Internet
Explorer
and
Chrome,
the
Liebao
Browser
does
not
use
an
application
reputation
system
but
instead
takes
advantage
of
the
same
cloud-based
file
scanning
system
that
is
used
by
Kingsoft
Antivirus,
and
it
does
so
with
considerable
efficacy.
Qihoos
360
Safe
Browser
relies
on
Qihoos
anti-malware
technology
to
boost
its
SEM
protection,
but
this
technology
is
not
integrated
into
the
browser
itself.
All
of
the
browsers,
including
the
360
Safe
Browser,
were
tested
for
their
stand-alone
SEM
blocking
abilities.
It
should
be
noted
that
NSS
tested
the
Chinese
language
version
of
the
360
Safe
Browser.
Qihoo
has
advised
that
the
English
language
version
of
the
browser
integrates
the
cloud-
based
anti-malware
protection
that
is
used
in
the
Qihoo
EPP
product.
Protection
Metrics
The
average
SEM
block
rate
is
a
key
metric
against
which
browsers
are
tested.
Consistency
of
protection,
the
amount
of
time
required
to
add
protection
for
new
threats,
and
zero-day
protection
are
also
important
metrics,
and
they
are
included
in
this
report.
Zero-Hour
Protection
Immediate
protection
against
new
threats
is
critical.
As
sites
that
host
SEM
are
discovered,
they
are
taken
down,
often
within
a
relatively
short
amount
of
time.
Products
that
fail
to
add
protection
in
a
timely
manner
may
be
too
late
to
counter
the
threat.
Figure
2
reveals
that
the
98%
zero-hour
protection
provided
by
Internet
Explorer
is
24
points
higher
than
any
other
browser.
By
the
end
of
the
seventh
day
of
testing,
Internet
Explorer
was
maintaining
a
14%
lead
over
every
other
browser.
Chrome
was
in
second
place
for
SEM
protection
from
for
zero-hour
until
the
fourth
day,
at
which
point
NSS Labs
Liebao
browser
had
sufficient
protection
to
equal
and
marginally
surpass
Chrome.
Sogou
Explorer
began
with
a
41%
zero-hour
block-rate
and
substantially
increased
its
response
time
by
the
end
of
the
first
day.
The
zero-hour
block
rates
of
the
fifth
through
eighth
place
browsers
(Opera,
360
Safe
Browser,
Firefox,
and
Safari)
are
significantly
lacking.
Operas
results
range
from
18.7%
(zero-hour
blocking)
to
33%
(after
7
days).
The
360
Safe
Browser
began
at
zero
hour
with
more
than
double
the
block
rate
of
Firefox
or
Safari,
and
by
the
end
of
the
seventh
days,
it
had
retained
a
similar
advantage.
100%
90%
80%
Coverage
70%
60%
50%
40%
30%
20%
10%
0%
0-hr
1d
2d
3d
4d
5d
6d
7d
Total
Internet Explorer 11
98.3%
99.5%
99.5%
99.5%
99.5%
99.5%
99.5%
99.5%
99.5%
Chrome
75.2%
79.6%
81.7%
82.6%
82.6%
83.7%
84.0%
84.2%
84.5%
Liebao Browser
69.3%
76.1%
78.1%
81.3%
83.0%
84.2%
84.6%
84.9%
85.8%
Sogou Explorer
41.1%
63.2%
68.5%
70.2%
71.1%
71.5%
72.0%
72.0%
72.9%
Opera
18.7%
23.6%
30.6%
31.5%
32.4%
32.7%
33.2%
33.2%
33.8%
8.4%
9.1%
9.1%
9.7%
10.2%
10.4%
10.7%
10.8%
11.0%
Firefox
4.0%
4.0%
4.1%
4.1%
4.4%
4.4%
4.4%
4.7%
4.7%
Safari
3.0%
3.8%
3.8%
4.1%
4.1%
4.4%
4.4%
4.4%
4.7%
Figure
2
SEM
URL
Response
Histogram
NSS Labs
32.13
29.81
21.73
19.50
13.73
12.91
3.77
0.07
0
10
15
20
25
30
35
Hours
Figure
3
reveals
that
Internet
Explorer
requires
an
average
of
less
than
5
minutes
to
block
new
SEM.
At
over
3
hours
and
45
minutes,
Chrome
has
the
next
best
average
time
to
block.
Only
Firefox
and
Safari
take
longer
than
one
day
on
average
to
block
malware.
Opera,
which
requires
less
than
a
day
to
add
SEM
protection,
outperforms
browsers
using
Googles
Safe
Browsing
API.
NSS Labs
Internet Explorer
99.9%
Internet Explorer
(URL/CAMP)
97.0%
70.7%
Chrome
Chrome
(URL/CAMP)
2.9%
4.2%
0%
66.5%
10%
20%
URL Reputation
30%
40%
50%
60%
70%
80%
90%
100%
Figure
4
Limitations
of
the
Safe
Browsing
API
NSS Labs
Figure
5
compares
the
Safe
Browsing
API
products.
Without
Download
Protection,
Chromes
performance
is
almost
identical
to
that
of
Firefox
and
Safari.
100%
Chrome
90%
80%
Firefox
70%
60%
50%
Safari
40%
Chrome w/
o Download
Protection
30%
20%
Test
Average
10%
0%
Figure
5
SEM
Protection
of
Products
Using
the
Safe
Browsing
API
100%
90%
Internet
Explorer
80%
Liebao
Browser
Chrome
70%
60%
50%
Sogou
Explorer
Opera
40%
360 Safe
Browser
30%
Firefox
20%
Safari
10%
Test
Average
0%
Figure
6
SEM
Protection
over
Time
NSS Labs
Liebao
Browser
placed
second,
rarely
dropping
below
80%
SEM
protection.
Chrome
and
Sogou
Explorer
both
placed
above
the
test
average.
Throughout
the
test,
Internet
Explorer
blocked
consistently
at
100%,
with
some
barely
perceptible
dips.
360 Safe
Browser
60%
Test
Average
50%
40%
Liebao
Browser
30%
20%
10%
Sogou
Explorer
0%
Figure
7
SEM
Protection
over
Time
Chinese
Browsers
Figure
7
compares
the
performance
of
the
Chinese
browsers.
Liebao
Browser
demonstrated
superior
SEM
protection,
while
Sogou
Explorer,
in
second
place,
provided
a
level
of
protection
slightly
above
the
average
of
all
of
the
browsers
tested.
Although
the
Chinese
version
of
the
360
Safe
Browser
relies
on
external
anti-malware
protection,
NSS
has
been
advised
that
the
English
language
version
of
the
360
Safe
Browser
incorporates
cloud-
based
SEM
protection
technology.
Further
testing
will
be
required
to
validate
the
claim
and
quantify
the
additional
protection.
10
NSS Labs
Test
Methodology
Security
Stack:
Test
Methodology
v1.5
A
copy
of
the
test
methodology
is
available
on
the
NSS
Labs
website
at
www.nsslabs.com.
Contact
Information
NSS
Labs,
Inc.
206
Wild
Basin
Rd
Building
A,
Suite
200
Austin,
TX
78746
+1
(512)
961-5300
info@nsslabs.com
www.nsslabs.com
This
and
other
related
documents
available
at:
www.nsslabs.com.
To
receive
a
licensed
copy
or
report
misuse,
please
contact
NSS
Labs
at
+1
(512)
961-5300
or
sales@nsslabs.com
2014
NSS
Labs,
Inc.
All
rights
reserved.
No
part
of
this
publication
may
be
reproduced,
photocopied,
stored
on
a
retrieval
system,
or
transmitted
without
the
express
written
consent
of
the
authors.
Please
note
that
access
to
or
use
of
this
report
is
conditioned
on
the
following:
1.
The
information
in
this
report
is
subject
to
change
by
NSS
Labs
without
notice.
2.
The
information
in
this
report
is
believed
by
NSS
Labs
to
be
accurate
and
reliable
at
the
time
of
publication,
but
is
not
guaranteed.
All
use
of
and
reliance
on
this
report
are
at
the
readers
sole
risk.
NSS
Labs
is
not
liable
or
responsible
for
any
damages,
losses,
or
expenses
arising
from
any
error
or
omission
in
this
report.
3.
NO
WARRANTIES,
EXPRESS
OR
IMPLIED
ARE
GIVEN
BY
NSS
LABS.
ALL
IMPLIED
WARRANTIES,
INCLUDING
IMPLIED
WARRANTIES
OF
MERCHANTABILITY,
FITNESS
FOR
A
PARTICULAR
PURPOSE,
AND
NON-INFRINGEMENT
ARE
DISCLAIMED
AND
EXCLUDED
BY
NSS
LABS.
IN
NO
EVENT
SHALL
NSS
LABS
BE
LIABLE
FOR
ANY
CONSEQUENTIAL,
INCIDENTAL
OR
INDIRECT
DAMAGES,
OR
FOR
ANY
LOSS
OF
PROFIT,
REVENUE,
DATA,
COMPUTER
PROGRAMS,
OR
OTHER
ASSETS,
EVEN
IF
ADVISED
OF
THE
POSSIBILITY
THEREOF.
4.
This
report
does
not
constitute
an
endorsement,
recommendation,
or
guarantee
of
any
of
the
products
(hardware
or
software)
tested
or
the
hardware
and
software
used
in
testing
the
products.
The
testing
does
not
guarantee
that
there
are
no
errors
or
defects
in
the
products
or
that
the
products
will
meet
the
readers
expectations,
requirements,
needs,
or
specifications,
or
that
they
will
operate
without
interruption.
5.
This
report
does
not
imply
any
endorsement,
sponsorship,
affiliation,
or
verification
by
or
with
any
organizations
mentioned
in
this
report.
6.
All
trademarks,
service
marks,
and
trade
names
used
in
this
report
are
the
trademarks,
service
marks,
and
trade
names
of
their
respective
owners.
11