Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IE Should Use Google's Malware List

timothy posted about 5 years ago | from the hey-it's-a-good-pr-opportunity-at-least dept.

Google 109

Frequent contributor Bennett Haselton writes with an idea that he thinks could help keep browsing on Microsoft's browser more secure for users — and benefit Microsoft as a result. "Tests show that IE's malware filter performs well against other browsers that use the Safe Browsing blacklist from Google. But wouldn't IE's filter be even more effective if it used both filter lists at the same time? And are the political obstacles to that really so insurmountable?" Read on for the rest of a plan that seems a lot more than half-baked.Most major browsers now come with a built-in blacklist of malware-infected or phishing websites, that display a warning if the user tries to access them in the browser. Internet Explorer 8 uses Microsoft's SmartScreen filter, while Firefox, Safari and Chrome all use Google's Safe Browsing API. Recent tests from NSS Labs reported that IE's filter blocked 81% of "socially engineered malware sites" from the lab's sample, while Firefox, in second place, blocked only 27%, and other browsers trailed even further behind. When NSS Labs ran a test of the different browsers' efficiency at blocking phishing sites, IE and Firefox scored about the same, both blocking about 80% of the sites in the sample. These results left a lot of unanswered questions, such as: Why Firefox, Safari and Chrome got such different scores in both tests (since they supposedly all use the Safe Browsing blacklist), and why such a huge gap between IE's and Firefox's performance in the malware test, but such close scores for the two browsers in the phishing test (the Google Safe Browsing API page says that the database is an attempt to list both malware and phishing sites, after all).

But I had a different question: Since Google allows anybody to use the Safe Browsing API, why doesn't Internet Explorer use it as well, in conjunction with their own blacklist, so that a site will be blocked by IE if it's present on either list? This would almost certainly increase the block rate for IE (unless the set of sites blocked by Safe Browsing was entirely a subset of the sites blocked by SmartScreen, which is extremely unlikely). Google's Terms of Use for the Safe Browsing API do require parties to obtain written permission for any usage that will result in more than 10,000 users sending "regular requests" to the API, which would obviously include Internet Explorer. But Google already serves requests for all Firefox users who have the SafeBrowsing API turned on, so for them to process requests for all Internet Explorer users might require four or five times as much computing power, not orders of magnitude more. It's impossible to guess what kind of deal Microsoft and Google would make for the right to have IE do lookups on the Safe Browsing API, but if Microsoft placed a dollar value on increasing the protection for their users, and that dollar value exceeded the cost to Google of running the servers to process the additional queries, then in theory they should be able to agree on a price between those two amounts. Google might well offer to service the queries for free, just for the prestige of being able to say that the Safe Browsing database provided protection for almost all major browsers on the market.

(Microsoft's SmartScreen team declined to comment on the record about their reasons for not using the Safe Browsing list in addition to their own database. I couldn't get an official response from Google about what position they would have on Internet Explorer using the Safe Browsing list, although unofficially an employee said the team would probably be "delighted" if IE were to use it.)

It's worth underlining what a strong statement Microsoft is making by not using the Safe Browsing list. They're not just saying that their own list is better. They're saying that the Safe Browsing list is of such low quality that adding it to their own product would actually make the product worse.

This is different from, for example, what McAfee and Symantec might say about each other's anti-virus lists. Consider the set of all viruses that McAfee blocks and the set of all viruses that Symantec blocks. Let List X be the overlap — the huge swath of viruses that are blocked by both McAfee and Symantec. Then let List Y be the set of all viruses that are blocked by McAfee but not blocked by Symantec, and let list Z be the set of all viruses that are blocked by Symantec but not by McAfee. (So McAfee blocks viruses in the set X+Y, and Symantec blocks viruses in the set X+Z.) Now, representatives from McAfee and Symantec will each say that their list is the better one, which they may or may not believe. But even McAfee is not claiming that List Z — that portion of the list that is blocked by Symantec but not by McAfee — is so worthless that McAfee wouldn't incorporate it into their own product if they could get it for free. If Symantec allowed any anti-virus maker to download Symantec's anti-virus signature database, then presumably McAfee would scratch their heads a bit about why Symantec would do this, but if they cared about giving their users maximum protection, they would incorporate it into their product as well (so that McAfee would then be blocking all viruses in the set X+Y+Z, instead of just the set X+Y as they were before). But Symantec doesn't make it available for free, so McAfee doesn't have the option of using it and the issue doesn't come up. Other than each company claiming their product is the better one (which is par for the course for competitors), the two companies' positions are not contradicting each other.

But consider the analogous situation for anti-malware lists, where X is the set of all sites blocked by both IE's SmartScreen and by the Google Safe Browsing API, Y is the set of all sites blocked by SmartScreen but not by the Safe Browsing API, and Z is the set of all sites blocked by the Safe Browsing API but not by SmartScreen. When Microsoft says that they don't want to use the Safe Browsing list in addition to their own — that they would rather block just X+Y than block X+Y+Z — they're saying that they're estimating that the list Z is of such poor quality (too much risk of containing too many false positives) that it would be better not to block it at all.

In this case, Microsoft's position really is contradicting that of Google, Firefox, Safari, and others who use the Google Safe Browsing API. To achieve the best tradeoff between user safety and convenience, should the sites on List Z — the set of sites on the Safe Browsing API blacklist but not on the SmartScreen blacklist — be blocked, or not? If the answer is Yes, then IE should use the Safe Browsing API in addition to their own SmartScreen list. If the answer is No, then Google should take the URLs in the Safe Browsing API list, run them through IE using some automated script, and then remove all the URLs that weren't blocked by IE — in other words, remove all the URLs on List Z from the Safe Browsing blacklist. But I can think of no consistent set of assumptions that would lead one to recommend that both companies continue doing what they're doing now — that IE should continue not to use the Safe Browsing API, and that Google should continue publishing the Safe Browsing API without trimming URLs that aren't also blocked by IE. Microsoft is saying that the URLs on List Z should not be blocked; Google is saying that they should be.

(Note that this argument is independent of the relative weights that you assign to the benefit of blocking a genuinely malicious site, versus the cost of accidentally blocking a site which is not malicious. Different users might assign different values to these costs and benefits, and depending on what values they assign, those users would want different thresholds to be used in deciding whether to block a site or not. And Microsoft and Google have picked default thresholds that they estimate will meet the needs of the average user. But no matter what values you assign to the benefit of blocking a malicious site and the penalty for blocking a false positive, it's still the case that blocking the sites on List Z either does increases the total cost/benefit score — in which case IE should block sites on the Safe Browsing list in addition to its own — or it doesn't — in which case Google should remove sites from the Safe Browsing list that aren't blocked by SmartScreen.)

I suspect, of course, that the answer is the former — that the set of sites on List Z, those which are blocked by the Safe Browsing API but not blocked by SmartScreen, are probably approximately as likely to be malware as the rest of the sites on the list, and that it would make Internet Explorer safer if Microsoft augmented SmartScreen to use the Safe Browsing API as well. So why don't they?

The answer is probably what people have been shouting out from the back of the classroom since the first paragraph: That for political reasons, Microsoft doesn't want to be seen incorporating anything from Google into their own flagship application. It's not news that a company would prefer to promote its products over its rivals'. But this goes beyond, for example, Microsoft bundling Internet Explorer with Windows instead of Google's Chrome browser. Chrome and Internet Explorer do virtually the same thing, so it would look positively odd for Microsoft to promote IE over Chrome. But IE's SmartScreen list and Google's Safe Browsing list can be used simultaneously, providing more protection than either one by itself.

Still, Microsoft has already calculated that it would be an unwise move politically to use Google's Safe Browsing list. So I'm not trying to second-guess the calculation that they made, based on data that was available to them at the time. Rather, I think that if some publicity can increase the political benefit that they could get from using Google's Safe Browsing list in conjunction with SmartScreen (and increase the political cost of not using it), that might lead them to recalculate and make a different decision. To that end, let me raise up a banner that people can gather under if they want to:

Microsoft, we will not think any less of you if you use the Google Safe Browsing API in Internet Explorer in conjunction with the SmartScreen filter! We'll give you credit for setting aside petty rivalries and using the technology of a competitor in order to make users safer.

The IE team's blog post about the initial success of the SmartScreen filter, from March 2009, cited statistics showing 10 million malware blocks in the previous six months, and asked readers to think about those numbers in terms of their impact on real humans and the grief it saved them: "These are BIG numbers — each malicious download blocked helps prevent compromise of that user's computer." Since then, Microsoft has released new statistics showing that SmartScreen has delivered about 70 million blocks since IE8 was officially released. Of course, not every one of those blocks made the difference between infecting a machine with spyware and keeping it clean (many users wouldn't have downloaded or installed the software that the website was trying to send them), but the IE team is right to be proud anyway. However that also means that if adding Safe Browsing support to IE resulted in only a small percent increase in the filter's effectiveness, it would mean several million additional malware blocks over the same period, and cumulatively tens of millions of more in the years ahead. Isn't that worth Microsoft forming an alliance with Google, especially if doing that would make them look good?

cancel ×

109 comments

Sorry! There are no comments related to the filter you selected.

first psot (0, Offtopic)

ionix5891 (1228718) | about 5 years ago | (#29186501)

meh [slashdot.org] , we supposed to read all of that ^^^

Re:first psot (-1, Offtopic)

Anonymous Coward | about 5 years ago | (#29186697)

Suckin on
Tampons
Sucking on my
Girlfriend's tampons
Suckin on
Tampons
I'm sucking on my
Girlfriend's tampons.

Re:first psot (0)

Anonymous Coward | about 5 years ago | (#29186977)

What did the British vampire say when he found discarded tampons?

Teatime.

Re:first psot (1)

V!NCENT (1105021) | about 5 years ago | (#29187499)

tl;dr

It would destroy the Internet. (3, Funny)

Anonymous Coward | about 5 years ago | (#29186515)

You see, IE would go up to the malware list, find itself, and then consider itself to be malware and implode. Multiply times a billion and you know what we'll get? That's right, 911 times a billion!

Re:It would destroy the Internet. (0)

Anonymous Coward | about 5 years ago | (#29189473)

911 times a billion? Are you saying that IE is responsible for 9/11/01 now? Intriguing idea....

Re:It would destroy the Internet. (1)

pushing-robot (1037830) | about 5 years ago | (#29190115)

911 times a billion? Are you saying that IE is responsible for 9/11/01 now? Intriguing idea....

Yes, well, that's the sort of mediocre conspiracy theory I'd expect from you non-creative garbage.

Any truly paranoid expert will tell you the attacks were planned by Zionist Freemason Nazi Illegal Immigrants with H1B Terrorist Visas and carried out by trained fleas.

The Real Question (4, Insightful)

Anonymous Coward | about 5 years ago | (#29186535)

is why shouldn't Firefox, Opera, et al. use IE's list as well, if it's so much better?

Re:The Real Question (4, Insightful)

clang_jangle (975789) | about 5 years ago | (#29186657)

Because that wouldn't have the same sensational ring to it?
But honestly, I think The Real Questions are, "Why does Bennett Haselton have to blog every silly thought that pops into his brain, and why does slashdot have to put them all on the front page?"

Re:The Real Question (1)

Flea of Pain (1577213) | about 5 years ago | (#29187235)

Because perhaps this is in fact news for nerds. Why a web browser, which is where most of us spend most our time, would not want to implement safety features is a great topic which merits debate. Seems like a cut and dried example of front page material to me.

Re:The Real Question (2, Insightful)

thePowerOfGrayskull (905905) | about 5 years ago | (#29187651)

Because perhaps this is in fact news for nerds. Why a web browser, which is where most of us spend most our time, would not want to implement safety features is a great topic which merits debate. Seems like a cut and dried example of front page material to me.

If it were a concise, well-written article, then I would agree. As it stands, it's rambling, repetitive, and just a bit painful to read.

Re:The Real Question (1)

Flea of Pain (1577213) | about 5 years ago | (#29188789)

I won't argue that at all, but once you wade through the article it contains material significant to all IE users.

Re:The Real Question (1)

thePowerOfGrayskull (905905) | about 5 years ago | (#29190925)

Does it? Seems to be much more significant to FF users if anyone at all. That is: FF has an 80% fail rate. IE has a 20% fail rate. The rest is just an anti-MS spin.

Re:The Real Question (1, Funny)

Anonymous Coward | about 5 years ago | (#29187963)

...a web browser, which is where most of us spend most our time...

FAIL! We nerds spend most of our time in vi or emacs. Please turn in your geek card on the way out.

Re:The Real Question (1)

FutureDomain (1073116) | about 5 years ago | (#29195223)

I use M-x browser, you insensitive clod!

Re:The Real Question (1)

jonbryce (703250) | about 5 years ago | (#29189895)

Firefox and Safari have advertising deals with Google. IE doesn't, as it directs people to Bing and the Live services instead.

The Safe Browsing API is what you get from Google along with some money for signing this advertising deal.

Re:The Real Question (3, Insightful)

TheRealMindChild (743925) | about 5 years ago | (#29187295)

Why does Bennett Haselton have to blog every silly thought that pops into his brain...

Isn't that, by the very definition, what a blog is?

Re:The Real Question (1)

interval1066 (668936) | about 5 years ago | (#29187425)

@TheRealMindChild: "Isn't that, by the very definition, what a blog is?"

You sir, are the Real Genius.

Re:The Real Question (1)

AnEducatedNegro (1372687) | about 5 years ago | (#29187719)

ahh a digg user on slashdot.

Re:The Real Question (1)

Tolkien (664315) | about 5 years ago | (#29193129)

What do you think blogs are for, exactly?

Re:The Real Question (1, Informative)

Anonymous Coward | about 5 years ago | (#29186983)

Perhaps because it is not being made freely available for use.

Re:The Real Question (0, Offtopic)

jgrahn (181062) | about 5 years ago | (#29189209)

No, it's "why should a bloody web browser try to protect me from my own broken software?" Seems to me that if IE, Firefox or whatever feels like doing something good, they should scan the local file system and delete software known to be open to malware.

But I must admit that I don't even know what malware is. I assume it's not executables -- I cannot imagine people still download and execute those.

Re:The Real Question (1)

Lennie (16154) | about 5 years ago | (#29190551)

Actually, it is, their are people that are that stupid, that's why Firefox includes the list.

Also maybe if their is an exploit which doesn't have a fix yet, it would be good if the sites that incorporate the exploit are on the list.

Maybe their are other reasons as well ?

Re:The Real Question (1)

Mozk (844858) | about 5 years ago | (#29191151)

The real question: why is anybody on Slashdot using these malware lists?

Using something like this means you're sending every URL you visit to Google/Microsoft. Why would anybody here be for that in the first place?

Re:The Real Question (1)

Deanalator (806515) | about 5 years ago | (#29191417)

Obvious answer:

"malware lists" are the new cookie tracking systems. Every time you go to a website, firefox tells google about it, and the service being provided is that google will let you know if it thinks the site is malicious or not. Internet usage data is some of the most valuable data on the internet. Why would any company give that sort of data to their competitors?

Re:The Real Question (1)

TikiTDO (759782) | about 5 years ago | (#29192617)

I believe it has something to do with IE list using proprietary technology, that Firefox, Opera, et al. would need to license before actually being able to use said list.

Re:The Real Question (0)

Anonymous Coward | about 5 years ago | (#29193793)

MS licenses Netcraft data for IE. Actually Opera is already using Netcraft's (and phishtank's) data since 9.5. If you want it on Firefox just install the Netcraft toolbar. Mozilla probably doesn't want to bother licensing the data when it's trivial to give the end user the choice to use it instead. If you really want, install phishtank also; even though it is largely (entirely?) duplicated by netcraft who iirc uses it for at least some of their data.

Recursive (-1, Flamebait)

Jason1729 (561790) | about 5 years ago | (#29186587)

Shouldn't IE itself and microsoft.com be on any decent malware list?

Re:Recursive (2, Insightful)

westlake (615356) | about 5 years ago | (#29187329)

Shouldn't IE itself and microsoft.com be on any decent malware list?

I read this as Troll.

It contributes absolutely nothing useful to the discussion - but instead simply feeds on the modder's visceral hatred of everything Microsoft.

   

Re:Recursive (1)

Vu1turEMaN (1270774) | about 5 years ago | (#29187487)

I agree. It got +4 Insightful from sheer hatred.

Re:Recursive (1)

svtdragon (917476) | about 5 years ago | (#29188373)

Really, mods? I can understand Funny or Troll, on either end of the spectrum, but Insightful? Seriously?

broswing (3, Insightful)

snarfies (115214) | about 5 years ago | (#29186591)

"Frequent contributor Bennett Haselton writes with an idea that he thinks could help keep broswing on Microsoft's browser more secure for users -- and benefit Microsoft as a result."

I have an idea that I think could help keep Slashdot from embarrassing itself even more than failing to ask Blizzard about bnetd - use a spellchecker.

results may be biased (4, Interesting)

Anonymous Coward | about 5 years ago | (#29186625)

From Bit Tech [bit-tech.net] It should be noted that the NSS Labs testing was sponsored by Microsoft. In comments posted online, NSS Labs president Rick Moy suggested that Microsoft's security engineering team had originally commissioned the study, whose results were then picked up by Redmond's marketing department for use. However, a number of sources online, including Ars Technica and The Tech Herald, feel that Microsoft's sponsorship could have introduced a biased element into the study. The testing also found that Internet Explorer 8 needed an average of 4.96 hours to add a requested phishing URL to its block list, while Firefox 3 took 5.24 hours and Opera 10 Beta needed 6.19 hours. The mean time for a browser to block a site was 16.43 hours, a number exceeded in testing only by Safari 4, which needed an average of 54.67 hours to put a site on its block list.

Re:results may be biased (1, Insightful)

eln (21727) | about 5 years ago | (#29187151)

Sure, the results could be biased. On the other hand, NSS is a supposedly independent lab with no apparent connection to MS other than that MS commissioned this particular study. Unless there's a pattern of pro-MS bias in NSS-run tests, it's probably likely that this test was as evenhanded as any such test can be.

The fact that MS marketing is touting this result is not evidence of bias, it's just evidence that the test results favored MS. If the test were completed and showed Google's list performed better, MS would have simply not published the result at all and we never would have heard about it.

Rather than crying about bias, perhaps the OSS community should be spending their time figuring out how to make their own lists better.

Re:results may be biased (2, Insightful)

speedtux (1307149) | about 5 years ago | (#29187613)

The fact that MS marketing is touting this result is not evidence of bias,

We don't have to show bias, NSS Labs has to convincingly show absence of bias. Their experiments are not peer reviewed and they are not reproducible, which means that they aren't worth the paper they are written on.

If the test were completed and showed Google's list performed better, MS would have simply not published the result at all and we never would have heard about it.

That alone means there is bias: selection bias. They can simply commission enough studies under enough different conditions and then select the (possibly tiny) subset of studies that show what they want.

Re:results may be biased (1)

eln (21727) | about 5 years ago | (#29187727)

That alone means there is bias: selection bias. They can simply commission enough studies under enough different conditions and then select the (possibly tiny) subset of studies that show what they want.

Sure, except that the only available evidence we have is that this study was commissioned as a private study by the engineers within MS in order to determine how they might improve their own list, and was not initially intended as any sort of marketing effort. It was only picked up by marketing after the positive results were known. Unless you have some evidence that MS spent a lot of time commissioning multiple studies on this, there's no basis on which to claim bias.

Re:results may be biased (0)

Anonymous Coward | about 5 years ago | (#29194831)

It doesn't matter, maintained blacklists are not the type of security I want to rely on.

Correcetion? (-1, Redundant)

Anonymous Coward | about 5 years ago | (#29186643)

Shouldn't that be "IE Should Be On Google's Malware List"?

Re:Correcetion? (0)

Anonymous Coward | about 5 years ago | (#29186749)

Ah, didn't see Jason1729's similar post...

Re:Correcetion? (0)

El Lobo (994537) | about 5 years ago | (#29187063)

Don't worry, you are on /. With a so "insightful" and "informative" post, you will get moderated +5 soon, even if there are 56 similar posts before yours.

four or five times as much computing power (0)

Anonymous Coward | about 5 years ago | (#29186655)

is at least two orders of magnitude more in base 2.

Re:four or five times as much computing power (4, Funny)

Yvan256 (722131) | about 5 years ago | (#29186727)

And in base Z, it's over 9000!

Re:four or five times as much computing power (0)

Anonymous Coward | about 5 years ago | (#29190197)

What the hell, 50% Interesting and 50% Informative?

The mods are on crack again!

Google's worst feature... (2, Insightful)

Anonymous Coward | about 5 years ago | (#29186665)

You mean they should use that obnoxious Google feature that tries to stop one visiting crack sites? At least they could provide a link to continue, after the user is informed of the risks - to not include one is simply irritating.

Re:Google's worst feature... (1)

Mozk (844858) | about 5 years ago | (#29191063)

I've been pissed off by that too, but there may be technical reasons for doing so. For example, some browsers prefetch links, and there could potentially be an exploit there.

Re:Google's worst feature... (1)

visualight (468005) | about 5 years ago | (#29191897)

You mean they should use that obnoxious Google feature that tries to stop one visiting crack sites? At least they could provide a link to continue, after the user is informed of the risks - to not include one is simply irritating.

Googles malware list is a crap list with many legit sites on it. It sucks almost as much as when they redirect links via their God-awful slow google.com/url slow boat to China. I have never encountered the malware redirect for a site that actually has malware. To be honest, the malware thing and the google.com/url redirects have me using yahoo more and more. I turned off the malware censor, but I can only 'mostly' turn off the google.com/url redirect. But I do hover the links now and will not ever ever ever ever click on a link that points to google.com/url , ever. YOU HEAR ME GOOGLE?
I don't need them to protect me from malware, I can do that myself. My most desired feature from Google would be a way to ban scribd and experts-exchange from my search results. That would make the internet as a whole so much better. Sites like scribd and experts-exchange would probably stop sucking when they realize 80% of the population essentially has them on /ignore. Maybe someone could make a firefox plugin that appends a inurl -scribd line in every search?

SPF (2, Insightful)

dword (735428) | about 5 years ago | (#29186677)

I've recently heard about a concept called single point of failure [wikipedia.org] , maybe you should look into it. If anything goes wrong and Google goes down with its malware list or they simply choose to block IE, we'll be completely defenseless.

Re:SPF (2, Funny)

Pieroxy (222434) | about 5 years ago | (#29187427)

The point of the article is suggesting that IE use BOTH its own list and Google's. So it is closer to redundancy than to SPF.

You should try to read the summary, it helps understand the matter.

Re:SPF (2, Informative)

ojintoad (1310811) | about 5 years ago | (#29187439)

I'm confused how this got modded insightful. Microsoft still has their blacklist, the suggestion is to ADD Google's list. If anything, they suffer from the single point of failure problem now more than if they took the writer's suggestion to add on a backup source.

This post was generally full of speculation, but made me aware that there's a lot more I could be doing to add on protections to my general surfing.

Re:SPF (1)

thePowerOfGrayskull (905905) | about 5 years ago | (#29187803)

This post was generally full of speculation, but made me aware that there's a lot more I could be doing to add on protections to my general surfing.

There's really only one thing you need to do to "add protections". Ready? Don't click the dancing bunnies [codinghorror.com] . Only download software from trusted locations, when it's something you're specifically seeking out. In my last 25 years of computing, I've managed to not get any viruses or trojans I did not actively want to install for research purposes. Malware scanning disabled,"safe surfing" and its annoying ilk disabled, and no antivirus except manual clamav scans once a month to make sure I didn't do something stupid.

All of the protections you can install, all of the blacklists you can use -- they're all a case of closing the barn door after the horse has escaped.

Re:SPF (1)

dword (735428) | about 5 years ago | (#29188883)

I'm confused how this got modded insightful.

That's easy: I didn't RTFA and neither did the mods :)

Political obstacles? (1)

Yvan256 (722131) | about 5 years ago | (#29186705)

And are the political obstacles to that really so insurmountable?

You forgot one thing: Steve Ballmer [wikipedia.org] .

microsoft basher (-1, Redundant)

Anonymous Coward | about 5 years ago | (#29186729)

such a BS bash microsoft story. i could spend an hour trying to outline how contrived and flawed the whole article is but i dont have that hour to waste.

Re:microsoft basher (2)

Colonel Korn (1258968) | about 5 years ago | (#29186851)

such a BS bash microsoft story. i could spend an hour trying to outline how contrived and flawed the whole article is but i dont have that hour to waste.

I didn't notice that. Granted, I only skimmed the huge summary, but I only saw two things:

1) IE has a better anti-malware feature than anyone else.
2) IE could do even better by combining their own anti-malware set with Google's.

Re:microsoft basher (0)

Anonymous Coward | about 5 years ago | (#29187045)

The story really is:

1) Microsofts anti-malware is better than Google's.
2) ZOMG Micro$$$oft is EVIL for not being even BETTER
2a) Google, however, is fine.

Re:microsoft basher (2, Insightful)

eln (21727) | about 5 years ago | (#29187225)

The focus of the story is colored by the blogger's own bias. Rather than focusing on why MS isn't doing better than 81%, the focus should be on why Google's product performs so abysmally in comparison to Microsoft's. Sure, MS could in theory make marginal improvements, but Google is the one that really ought to be taken to task for their poor results.

I know the conventional wisdom is MS == bad, and Google == good, but trying to find an MS-bashing angle to every bit of news is counterproductive and tiresome.

lies all spin and lies (0)

Anonymous Coward | about 5 years ago | (#29186767)

this is only becuase thier crippled web standards make it hard to execute malware.

Dangerous (4, Interesting)

Anonymous Coward | about 5 years ago | (#29186771)

All browsers using Google's blacklist effectively gives Google the power to censor the Internet.

Re:Dangerous (1)

CastrTroy (595695) | about 5 years ago | (#29187085)

However, on Firefox, when I get a warning that says a site may contain malware, I'm still free to visit that site. It just gives me a warning. If Google was everybody's DNS Server, then I might agree with you. But there is nothing stopping you from ignoring the warning given to you by your browser, and viewing whatever Google decides to "censor".

Re:Dangerous (2, Interesting)

Halotron1 (1604209) | about 5 years ago | (#29192263)

True that people can still ignore the warning, but if we're talking about the common user who is now terrified of viruses, spyware and 1337 h4x0rs, odds are they won't click continue.

The CMS that ran our corporate site got hacked a few months back.
Google crawled it and found some hidden links to some malware sites, and my company got on that blacklist.

Customers, suppliers and CEOs were all freaking out, so after we fixed it ASAP we went to Google webmaster tools and requested a recrawl of the site, and that's the ONLY option you have. No phone number to call, no support email, and not even a time frame for when your site will be recrawled.

Meanwhile people are freaking out about the website and we just have to wait a day or more.

I'm not objecting to Google having blacklisted our site, that was LEGIT.

Just that when you are blacklisted, you have no recourse other than to just sit on your ass, wait for Google and hope you don't get fired.
If they're going to wield that kind of almighty power over everyone's website, there should be a better option for a way to get off that list.

Google support is pretty crappy, and I can guarantee they're missing out on some big money in paid support options,
because I can guarantee my company would have shelled out a few grand just to get the website off the blacklist immediately!

Re:Dangerous (1, Funny)

Anonymous Coward | about 5 years ago | (#29187087)

Only if IE blindly applies Google's blacklist with no preference to turn it off.

More likely it will show "Warning, this url is on Google's Malware blacklist. Click here to visit the url anyway."

more than half-baked (1)

Tx (96709) | about 5 years ago | (#29186785)

Where I come from, "baked" means stoned. With that in mind, I can't help thinking that "more than half-baked" is a very good description for this plan. The blindingly obvious flaw is that if Microsoft did use Google malware list, people would immediately start asking why Microsoft wasn't sharing it's list. While it might be easy for many Slashdotters to say that Microsoft should indeed do that, it does not make any more sense for Microsoft to do that than it does for it to open-source any of the rest of it's products. It's a commercial entity looking for competitive advantage over other players in the marketplace, and that does not go hand-in-hand with these airy-fairy sharing ideas.

Soo.... (4, Funny)

Eil (82413) | about 5 years ago | (#29186809)

Read on for the rest of a plan that seems a lot more than half-baked.

11/16 baked?

Evolution gives you the answer. (3, Interesting)

140Mandak262Jamuna (970587) | about 5 years ago | (#29186823)

Why does IE's internal blocking so much better (80%) than Google+Firefox (27%)?

Basically Firefox and Google can be much more conservative when estimating a site's malware potential. Since the browser is more secuire, it can let it more attacks and trust Firefox to protect itself to a large extent. IE has a long history of being used in intranets of corporations, and making the browser secure will break tons of installations and companies will not accept it. Their only choice is to find all the malware hosting sites and block them.

Children who grew up in farms with contact with animals dont develop asthma. The nose and lungs are insensitive to some of the irritants. Kids who grow up in ultra clean, sanitized environment develop asthma. Japan is a basket case in this example. They need a bubble around them.

IE grew up in friendly benign corporate environment. It needs very good filters and blocks. Unix cut its teeth in multiuser, college enviornment. So its derivatives Linux and its cultural progeny Firefox and other OSS have immunity built into them deep down.

Re:Evolution gives you the answer. (1)

elrous0 (869638) | about 5 years ago | (#29187323)

Most viruses these days will work with almost any browser. IE just has a longer legacy of old vulnerabilities. Sure, you could probably protect yourself by using the Cello browser with the OS/Warp operating system, but aside from going that far, you had better use your head and not get cocky (even Linux isn't bulletproof). The ultimate vector of any virus isn't the software, it's the user.

Re:Evolution gives you the answer. (1)

dkf (304284) | about 5 years ago | (#29187551)

Most viruses these days will work with almost any browser. IE just has a longer legacy of old vulnerabilities. Sure, you could probably protect yourself by using the Cello browser with the OS/Warp operating system, but aside from going that far, you had better use your head and not get cocky (even Linux isn't bulletproof). The ultimate vector of any virus isn't the software, it's the user.

If you're running Firefox with NoScript, nothing is going to get through without you deliberately choosing to allow it. While yes, that still leaves the "cute kitten screensaver" attack vector open, it does make drive-by attacks much rarer.

As a side-benefit, it speeds up browsing by stopping page display from being held up for a stupid flash advert. (I don't mind ads, but hate being held up waiting for them. Webmasters, take note...)

Re:Evolution gives you the answer. (1)

gazbo (517111) | about 5 years ago | (#29187633)

Haha - the fact this was modded to +5 is fucking hilarious. Hopefully one day the people who did so will grow up and realise why; but I don't hold out a great deal of hope.

Re:Evolution gives you the answer. (1)

TheCowSaysMooNotBoo (997535) | about 5 years ago | (#29187897)

Maybe, just maybe, you could educate them instead of just plain laughing in their face.

Re:Evolution gives you the answer. (1)

gad_zuki! (70830) | about 5 years ago | (#29188367)

Well, I dont know what he is laughing about exactly but I see a few major flaws here:

1. Firefox has vulnerabilities too. Any user running as root/admin with any browser is really taking a huge chance.

2. This post is really a lot of fanboy nonsense. You cant turn a negative like having a worse phishing filter into a positive. The fact that he is getting mod points shows the ridiculous fanboyism that defines slashdot.

3. This is a PHISHING FILTER. So it doesnt matter if you cant hack grandmas Firefox, shes already typed in her social security number and credit card number.

Re:Evolution gives you the answer. (1)

gazbo (517111) | about 5 years ago | (#29189177)

You may not have known, but you did a pretty damn good job of guessing.

Re:Evolution gives you the answer. (1)

DerekLyons (302214) | about 5 years ago | (#29187653)

IE grew up in friendly benign corporate environment. It needs very good filters and blocks. Unix cut its teeth in multiuser, college enviornment. So its derivatives Linux and its cultural progeny Firefox and other OSS have immunity built into them deep down.

In other words... "IE has defenses, Firefox and other OSS has defenses, but I'm going to spin it such that Firefox and OSS sound like they are better at it". The only real difference between wearing a bulletproof vest under a tailored suit and wearing the same over just a concert t-shirt is... well, there isn't actually a difference is there?

Re:Evolution gives you the answer. (2, Informative)

gad_zuki! (70830) | about 5 years ago | (#29188293)

>. Since the browser is more secuire, it can let it more attacks and trust Firefox to protect itself to a large extent.

There are mostly phishing filters, so what you just wrote doesnt matter. Yeah, its great grandma's firefox isnt taken by some IE-only exploit, but she just typed in her social security number and credit card numbers at www.macys-apparel-0459593-discount.com.

Re:Evolution gives you the answer. (1)

Magic5Ball (188725) | about 5 years ago | (#29188663)

Your argument about evolution is faulty.

Evolution predicts that individual features become more capable as the benefit of having such features increases within the relevant environment. If "IE grew up in a friendly benign corporate environment" implies that it was exposed to relatively fewer threats than if it were exposed to more threats in a different environment, having protection against malware in an environment free of malware would provide a lower value than having protection against malware in a hostile environment, thus features providing malware protection would be LESS likely to occur for that reason alone. Instead, the energy required to maintain the infrastructure of that feature would be better spent on other features more closely correlated with survival and propagation.

If, on the other hand, you meant to argue that the designers of Chrome and the designers of IE had plans and considerations which were informed by things other than their browsers' operating environment, you may have a tenable argument, but not one which is based on evolution.

Re:Evolution gives you the answer. (0)

Anonymous Coward | about 5 years ago | (#29193929)

This is nonsense with IE protected mode being available.

This Google-worship really has to end (1, Insightful)

Anonymous Coward | about 5 years ago | (#29186905)

To paraphrase: "blah blah blah bllah bllah blah everyone should use Google blah blah blah."

Look, monoculture wasn't a good thing the last time and it isn't a good thing this time either. Multiple, competing sources of data please. I don't want a mistake in Google's data to mean it will automatically get propagated to MS' products, nor do I want a mistake in MS's list to automatically propogate to Google.

As for Microsoft having calculated this politically, I'll bet it never gave the matter a moment's thought. MS have to be answerable for their own product - sticking a reliance on a competitor and changeable competitor APIs in there just doesn't make any sense at all.

Another possible solution (1)

Mr_Silver (213637) | about 5 years ago | (#29186957)

Since Google allows anybody to use the Safe Browsing API, why doesn't Internet Explorer use it as well, in conjunction with their own blacklist, so that a site will be blocked by IE if it's present on either list?

Surely a slightly better solution would be for the Smartscreen server to import Google's data rather than everyone's version of IE? That way they could insert the results directly into their own database and so there would only be one hit to Google's API (rather than several million), they could vet and filter the data prior to importing (assuming they were mad enough to want to do it) and - best of all - it wouldn't need an update to IE.

Whilst it's a nice idea, I don't think Microsoft will do it. If it was someone else apart from Google (like Yahoo) then there would be a chance - but with Google, I seriously doubt it.

How about other browsers use the MS list? (2, Insightful)

alanjstr (131045) | about 5 years ago | (#29186971)

This advocates MS also using the Google list. How about Firefox, etc, also access the Microsoft API?

Re:How about other browsers use the MS list? (0)

Anonymous Coward | about 5 years ago | (#29188309)

Does Microsoft offer its API to competitors for free (like Google is doing it)?

Someone is Assuming something. (2, Insightful)

Icegryphon (715550) | about 5 years ago | (#29186999)

I think you are assuming Microsoft cares about customer security.
If that were really the case then this would have already been implemented or in the works to be.
Better yet, why should Microsoft care?
Most people don't fix computer and just go out and buy a new one ever few years
Sounds like another Microsoft fee for a new computer to me.
Maybe I am just to cynical?

Use as safe-browsing services as you can ... (1, Informative)

Anonymous Coward | about 5 years ago | (#29187005)

... because you can never send your complete browser history to enough 3rd parties :D

Summary (0)

Anonymous Coward | about 5 years ago | (#29187093)

tl;dr:

Author thinks IE should use SafeBrowsing in addition to Microsoft's technology to catch more bad sites.

And because the authors opinion is a fact, "IE Should Use Google's Malware List".

Anonymous Coward (0)

Anonymous Coward | about 5 years ago | (#29187177)

Google has shown their political bias in the past (the "miserable failure" search manipulation, censoring/banning content from Google News, etc.). Why would Microsoft blindly trust something from a competitor that can, regardless of intent on either side, be (mis)interpreted by the public and/or their shareholders as a political endorsement? It's not worth the risk, especially if their existing product surpasses their competitors.

Re:Anonymous Coward (3, Interesting)

Desler (1608317) | about 5 years ago | (#29187597)

Yeah this article is funny in light of previous threads on Google's anti-malware list that show it blocking legitimate sites [slashdot.org] and it flagging everything as harmful [slashdot.org] . How soon we forget these things when it comes to posting a bash Microsoft submission.

What About The Index.Dat? (0)

Anonymous Coward | about 5 years ago | (#29187513)

Can someone tell me if IE8 provides any ability to clear out the index.dat files IE creates?

Dear Microsoft, (1)

V!NCENT (1105021) | about 5 years ago | (#29187529)

Why, for the love of god, can't you buy Opera, slip in IE6,7&8 support and call it IE9?

Re:Dear Microsoft, (1)

drx (123393) | about 5 years ago | (#29188659)

I think they even might secretly sponsor Opera so that it appears as if there is a competition in the browser market.

Re:Dear Microsoft, (1)

V!NCENT (1105021) | about 5 years ago | (#29188763)

And then make Opera sue Microsoft so they have to give you the install option in Windows 7 to install something else then IE and have themselves fined by the EU? Yeah right...

Re:Dear Microsoft, (1)

drx (123393) | about 5 years ago | (#29189617)

Haha! :)

Dude, i have never heard more people argue in favor of Microsoft than when this browser install stupidity was announced.

Anyway, Microsoft also needs to prove that there is competition to their products in order not get rated a monopoly. So they will not buy Opera. That they are secretly funding Opera was a satirical exaggeration i allowed myself to make.

After all, if it can be done, it's free! (0)

Anonymous Coward | about 5 years ago | (#29187557)

"It's worth underlining what a strong statement Microsoft is making by not using the Safe Browsing list. They're not just saying that their own list is better. They're saying that the Safe Browsing list is of such low quality that adding it to their own product would actually make the product worse."

or

"It's worth underlining what a strong statement the airline industry is making by not using teleportation. They're not just saying their planes are better. They're saying that teleportation is of such low quality that adding it to their own product line would actually make their service worse."

Seriously. Features don't grow on trees, SOMEONE has to spec them, write them and test them.

10 Things That Should Happen (0)

Anonymous Coward | about 5 years ago | (#29187659)

Gotta love those posts. I thought I'd add some on my own:

1. Apple should switch to Windows (in fact I remember Dvorak writing that one).
2. People should type with the mouse and move the pointer with the keyboard.
3. Pink should be the official colors of men.
4. USA should switch to Islam.
5. Slashdot should report news that matter.

I know, I know: they're all hilarious, since it's absurd any of these would happen!

Re:10 Things That Should Happen (0)

Anonymous Coward | about 5 years ago | (#29191581)

1

Bootcamp

2

On-screen keyboards do half of it

3

History fail

4

USA has no official religion so it wouldn't count as switch

5

You got me there

Be careful though (1)

Tarlus (1000874) | about 5 years ago | (#29188065)

If IE gets anywhere close to even a list of malware, it'll get infected by it.

The real reason why MS doesn't do this (0)

Anonymous Coward | about 5 years ago | (#29188745)

1. If MS were to adopt Google's API, there would be pressure within MS to eliminate (or at least downsize) the Smartscreen team. Perhaps someone with friends in high places is defending their turf by mandating its exclusive use in IE. This is just like the mandatory silliness we have in the corporate world, where corporate IT creates policies primarily for control and job security, often with diminished productivity for everyone and no real effect on data security.

2. Google is a competitor in the browser market. As mentioned above, if MS adopts the Google API, pretty soon MS is out of the smartscreen business. Nothing prevents Google from slacking off in their detection of sites that are toxic only to IE + Windows, while all other browsers are well-defended. MS has a legitimate concern, primarily because MS would do this to Google within milliseconds if the roles were reversed. MS probably feels "married" to Smartscreen because it's a last line of defense for IE (whose bugs are hard to remove thanks to corporate intranets and MS products that practically depend on them).

In a previous job, there were many opportunities to make things better, but sometimes we had to pass. Thinking a few steps ahead, we realized that the CFO would misinterpret our idea, jump to conclusions, overestimate the sustainability and long-term benefits, and ultimately blame the consequences on us. No thanks.

I have a better idea... (1)

argent (18001) | about 5 years ago | (#29188937)

Do a few things to really address the security problems inherent in the current designof IE, like eliminating ActiveX and fixing the helper function quoting issue, before worrying about blacklists.

Make leaps of reason much? (1)

Gouru (1568313) | about 5 years ago | (#29189155)

"It's worth underlining what a strong statement Microsoft is making by not using the Safe Browsing list. They're not just saying that their own list is better. They're saying that the Safe Browsing list is of such low quality that adding it to their own product would actually make the product worse" Talk about a major leap. Completely ignores all the business, competitive, financial and other reasons that Microsoft may not choose to use it, then states the only interpretation is that Microsoft thinks the list is of low quality. Given the authors ability (or lack thereof) to reason, this article sounds like nothing more than self-adulating hype.

Utter Rubbish (0)

Anonymous Coward | about 5 years ago | (#29189171)

Utter rubbish. The best way to secure IE is to uninstall it. There are no alternatives. Get a life.

Google is a Microsoft competitor. (1)

Derpnooner (1606505) | about 5 years ago | (#29191221)

Microsoft probably doesn't include these lists, I speculate, because Microsoft and Google are in direct competition; i.e. Chrome vs. IE, Windows vs. (Googles new desktop), Google vs. Bing (live search), Android vs. Windows Mobile, etc. Microsoft doesn't want to include the competitor in their software. Remember when Windows 98 came out, and the anti-trust issue came about? Microsoft did not want to include Netscape Navigator in their software because they (Netscape) were a direct competitor with Microsoft. The evil empire does not share power. One software mogul to rule them all. lol

tl;dr (0)

VGPowerlord (621254) | about 5 years ago | (#29191707)

tl;dr

However, I imagines it boils down to:
"Hey Microsoft, you should use your competitors blacklist in addition to your own!"

Key word there being competitors.

Hey, you know what, they should make the IE search box default to searching both Bing and Google! They should make Live Messenger support both MSN and Google Talk! They should make Microsoft Office include both Word and Google Docs!

Oh, even better, Mozilla should make Firefox render pages in both Gecko and Trident (at the same time, mind you)! Thunderbird should support its own mailboxes and Outlook (if it's installed).

Do I need to continue beating this dead horse?

Google List (1)

mistralol (987952) | about 5 years ago | (#29193679)

I have been looking at this recently in a completly different way. I was looking around for implementing a n2h2 or websense server. However i have not been able to locate any technical information about the 2 protocols. The reasonf or doing it with these specific protocols are because that is what is currently implemented on cisco and is reasonably common against other routers. The reasons or doing this is of course obvious. To make sure all lists on a larger office network are enfored all the time and to prevent people being able to ignore the current lists from within firefox. Can anyone paste some links to info about these 2 protocols.

Only one thing though: (1)

MtViewGuy (197597) | about 5 years ago | (#29194227)

If you're running Windows XP/Vista, many users install a full Internet security suite program. Don't these programs override the browser security settings and use the malware list from the security program itself, a list that is usually automatically updated on a regular basis anytime you're connected to the Internet?

I'm running Norton Internet Security 2009 on my Windows Vista machine at home and this program imposes its own malware monitoring list into Internet Explorer 7.0/8.0 and Firefox 3.0 and 3.5.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>