[LINK] Microsoft

Stephen Loosley stephen at melbpc.org.au
Thu Apr 3 16:35:35 AEDT 2014




Several interesting news items regarding Microsoft today. Thinking about it, with some smarts, it seems quite possible Microsoft will remain the dominate world ICT player. For example, free mobile phone etc operating systems that readily function as fully networked remote extensions to home Windows networks, complete with now reasonably effective Microsoft security, will be very attractive. 

In future, who knows what features a tight home-network/mobile-device technology OS coupling might enable?  

Especially if Microsoft also fosters the development of a large and private/secure mobile app ecosystem. (Compared with and unlike Android apps ... by design with almost zero privacy).

 1. "Microsoft to give away Windows for phones, small tablets."  The move is an attempt to increase the OS' presence in those devices, where Android and iOS rule. By Juan Carlos Perez (IDG News Service) 03 April, 2014 

2. "IE easily beats Chrome, Firefox, Safari in malware detection." NSS Labs tests showed IE with a 99.9 per cent block rate for socially engineered malware (SEM). By Antone Gonsalves (InfoWorld) 03 April, 2014.

Microsoft's combination of application reputation technology and URL filtering gave Internet Explorer a malware block rate that blew pass Google Chrome, Mozilla Firefox and Apple Safari.

The latest tests from NSS Labs showed IE with a 99.9 per cent block rate for what the security tester calls socially engineered malware (SEM). Chrome had a rate of 70.7 per cent while Firefox and Safari hovered around 4 percent.

In general, SEM includes all malware that a computer user is tricked into downloading on the Web through a malicious link in an email, instant message or other vehicle. Malware delivered as an email attachment is excluded.

Microsoft and Google use a combination of application reputation technology and URL filtering in detecting malware. The difference is Microsoft relies more on URL filtering, while Google does the opposite.

"They both use the same approaches, but the recipes are different," Randy Abrams, research director at NSS Labs, said.

The low rates of Firefox and Safari are due to the browsers only using Google's URL filtering through its Safe Browsing service available to application developers, Abrams said. Neither browser uses an application reputation system, which scans all downloads for attributes that indicate malware.

Chrome's latest block rate was substantially lower than the previous NSS Labs test, when the browser's score was 83.17 percent. Abrams did not know the reason for the significant drop, but suggested two possibilities.

Google might have lowered the aggressiveness of its application reputation system, if it was preventing too many legitimate applications from being downloaded. Another possibility is hackers have profiled how the system works and have figured out a way to game the system.

Google did not respond to a request for comment.

NSS Labs also tested three leading browsers from China. The Liebao Browser, developed by anti-virus vendor Kingsoft, came in second behind IE with a block rate of 85.1 percent.

Liebao does not use application reputation technology. Instead, Kingsoft depends on its cloud-based malware detection system to scan all downloads.

Liebao surpassing Chrome is unexpected because most browser makers have turned toward application reputation, also called content-agnostic malware protection (CAMP), because it is believed to be the most effective.

Kingsoft's approach uses URL filtering with cloud-based file scanning, which Abrams found "very interesting."

"I thought application reputation was going to be the predominant technology for protection, and it really is a surprise to see this cloud-based file scanning perform so well," he said.

As of last month, IE held nearly 58 percent of the browser market, with Firefox and Chrome each with slightly more than 17 percent, according to Net Applications.
--
Cheers,
Stephen
 		 	   		  


More information about the Link mailing list