Malware is malicious software which the user is tricked into downloading and/or installing from an e-mail attachment, or more commonly today, malicious and infected websites.  Social Engineering is a term used to describe the techniques used to deceive people and trick pe0ple into revealing information or taking an action that is unsafe.  Socially-engineered malware is malware that is pushed to Internet users from malicious URL’s (website addresses) that have content designed to grab your attention and trick you into clicking a link in a search engine or e-mail, or which exploit a vulnerability via JavaScript or within a plugin (Java, Flash, Silverlight, Adobe Reader etc.) to gain access to the computer and install malware.  Once installed, the malware remotely grants hackers control of the computer, and full access to everything on the computer and everything the computer is used to access, including email, online banking and personal online investment accounts.  The hacker may even be able to observe the screen, and record keyboard and mouse activities.

The latest website to fall victim to getting hacked is MySQL.com, owned by Oracle Corporation, which was briefly forcing malware downloads to computers running vulnerable web browsers that connected to the MySQL.com website.

According to recent statistics published at Virus Bulletin by Bruce Hughes of anti-virus company AVG technologies, Internet users are four times more likely to encounter social engineering as the mechanism used to infect their computers than a technological ‘hack’.

An independent security firm has released their third quarter report on the protection provided by each of the top five web browsers. The test was designed to determine how well each browser protects against malicious URL’s, malicious downloads and phishing.

The firm compared the following browser versions:

Which browser blocked the most malware and was the best, most secure browser against socially-engineered malware?

According to NSS Labs,  all of these browsers offer a reputation system to warn the user about malicious URL’s and block malicious software downloads from those addresses. Reputation systems are used to provide the user additional feedback to make a determination as to whether the site is safe and to recommend blocking the website to the user in cases where the sites are known to be malicious. However, one of these browsers proved dramatically more effective at blocking socially-engineered malware–malware that users are tricked into downloading simply by visiting a website or clicking a picture or link in a search engine result, e-mail, tweet or SMS text.

Opera, Safari and Firefox caught the least

If you use Opera, Safari or Firefox without additional plugins or add-ons, you are at risk, especially if you haven’t enabled the anti-phishing and reputation service functions. However, the Reputation functionality in these browsers is weak in comparison to the other browsers.  For Firefox, there is the NoScript plugin, which intercepts JavaScript, CSS and other technologies and prompts the users before running JavaScript. Firefox actually dropped from a 19% detection rate in 2010 to just 7.6% in 2011.

Google Chrome 12 caught only 13.2%,  that’s over 400% more effective than last year’s 3% in the same tests in 2010. Google Chrome takes advantage of the SafeBrowsing feature that is enabled by accessing the Wrench icon >  Options > Under the hood  and checking the Enable phishing and malware protection checkbox.

Secure Browser Results

NSS Labs Q3 Report - Mean Block Rate for Socially Engineered Malware

Internet Explorer caught 99.2% of live malware threats using its built-in SmartScreen Filter which is composed of the URL Reputation filter (new in IE8) and the new Application Reputation function (new in IE9).  Internet Explorer 9’s SmartScreen Filter provides anti-phishing protection to prevent the theft of personal information, application reputation checks to prevent the download of malicious software, and URL Reputation checks to warn you about unsafe websites.

But while Internet Explorer 9 trumped the other browsers in the NSS labs report, it doesn’t mean that Internet Explorer is actually safer overall than any other browser. IE9 users can still ignore the warnings and attempt to install the malware anyway.

Microsoft Windows Vista, Windows 7 and Windows Server 2008  include User Account Control (UAC) which slows down malware attempting to access protected areas of the operating system by running most processes. The web browser runs as an ordinary user even when run by accounts with administrator access to the computer (members of the local Administrators group).  For any action that requires accessing a sensitive system file or resource, the user’s administrator token is required. If so, then the user is prompted to accept the action.  Since most users don’t understand what they are clicking on, they click ‘ok’ or ‘yes’ most of the time, so this really doesn’t do much to block malware because the user can be tricked into authorizing the activity.  While UAC helps isolate an executable from touching sensitive areas of the system, but it doesn’t prevent an exploit from crashing a process and gaining  administrator access to install more malware on the system.

My Recommendations

Internet Explorer is the most common browser on the planet because it is installed on the most common operating system on the planet.  Therefore it is the browser most hackers target and if you use it, you run the greatest risk.  However, malicious websites now contain multiple exploits and will automatically detect the brand and version of browser you use, and the list of plugins and plugin versions, and will then automatically deliver the necessary exploit to break into your computer via the browser, the plugin or both.   Other browsers are equally vulnerable, and that includes the Apple browsers.  At the most recent Pwn2Own contest at CanSecWest, Internet Explorer, Firefox and Safari all fell to ‘hacker’ competitors, who won free equipment as prizes for ‘cracking’ the browsers.  Only Chrome survived unscathed.  Opera wasn’t tested.

By itself, no browser will protect you from Internet threats.  Safe browsing habits will protect you better than any browser or technology.  Learning to use the security technologies available to you will protect you better still.  A complete, up-to-date Internet Protection Suite will help stop access to the computer system and to detect and quarantine questionable files for the most common malware, and any malware that accesses sensitive system files or performs suspicious activities, but the newest malware is tested against the top anti-virus products before release into the wild, so it’s no guarantee.

Regarding Windows UAC, Windows UAC protects all browsers, so that’s not an IE 9 exclusive, but still should be enabled and used (honor the UAC warning and deny the request when you’re not sure). Chrome further isolates each web browser tab as a separate ‘sandboxed’ instance that the hacker has to ‘break out of’ to get access to anything.  Furthermore, if you disable JavaScript and plugins for all sites in Chrome, you will be prompted to enable them on one site at a time.  It is painful to surf the net that way, but its more secure, at least until you authorize the JavaScript or plugin to run.  If you never enable JavaScript or plugins on new or alien sites you don’t recognize, and only enable them for sites you are certain you can trust, you dramatically reduce your risk of running malicious JavaScript and eliminate it, and browser plugin exploits from the hacker’s arsenal, which makes for a stronger defense.

There is a plugin for Mozilla Firefox called NoScript which I highly recommend, which performs the same JavaScript blocking function but is more flexible than the Chrome option of disabling JavaScript entirely.  Again, don’t enable JavaScript for sites you don’t trust. For sites you think might be trustworthy, you can enable one script at a time temporarilly. Enable only the scripts that come from the local website, not from another website (approve the JavaScripts from CNN when you’re browsing CNN).   This avoids another common hacker technique called XSS (cross site scripting).  If you use Firefox and install the NoScript plugin, you will be promoted whenever a page contains JavaScript and be offered the option to run individual scripts once, run all scripts, or to allow them to always run.

But whichever browser you choose:

  • NEVER surf without an Internet Protection Suite installed
  • Keep your Internet Protection Suite subscription paid and the software updated to latest version and definitions.
  • Think before you click
  • Stick to sites you know are safe.
  • Don’t panic. Take a second look and… think before you click.
  • If you didn’t go looking for it, don’t install it.  Think before you click.
Support InetDaemon.Com

IT Tutorials
Get Tutorials in your INBOX!
Archives
Recent Comments