SlideShare una empresa de Scribd logo

2012 browser phishing

Комсс Файквэе
Комсс Файквэе

browser phishing

Tecnología
1 de 16
Descargar para leer sin conexión
  BROWSER  SECURITY  COMPARATIVE  ANALYSIS   Phishing  Protection       2012  –  Randy  Abrams,  Orlando  Barrera,  Jayendra  Pathak     Tested  Products   Apple  Safari  5   Google  Chrome  21   Microsoft  Internet  Explorer  10   Mozilla  Firefox  15     Overview   During  October  2012  NSS  Labs  performed  a  comprehensive  test  of  web  browser  phishing  protection  against  our   live  web  browser  security  testing  methodology  v2.0.    This  report  is  based  upon  empirically  validated  evidence   gathered  by  NSS  Labs  during  10  days  of  continuous  testing.  Testing  was  performed  every  6  hours  for  a  total  of  37   discrete  test  runs,  each  one  adding  fresh  new  phishing  URLs.  Each  product  was  updated  to  the  most  current   version  available  at  the  time  testing  began  and  allowed  access  to  the  live  Internet.   The  most  common  and  impactful  security  threats  facing  users  today  are  socially  engineered  malware  and  phishing   attacks.  As  such,  they  have  been  the  primary  focus  of  NSS  Labs  continued  research  and  testing  of  the  security   effectiveness  of  browsers.  While  drive-­‐by  downloads  and  clickjacking  are  also  effective  attacks  that  have  achieved   notable  publicity,  they  represent  a  smaller  percentage  of  today’s  threats.  Drive-­‐by  downloads  are  commonly  the   result  of  a  successful  phishing  attack  and  clickjacking  attacks  often  lead  to  a  phishing  web  page.     Note:  This  test  was  performed  alongside  a  similar  test  of  socially  engineered  malware  (see:  Browser  Security   Comparative  Analysis:  Socially  Engineered  Malware).   The  average  phishing  URL  catch  rate  for  browsers  over  the  entire  10  day  test  period  ranged  from  90  percent  for   Firefox  (version  15)  to  94  percent  for  Chrome  (version  21).    With  a  margin  of  error  of  about  2  percent,  there  is  little   difference  in  the  average  block  rate  of  the  browsers  and  one  must  consider  other  factors,  such  as  socially   engineered  malware  blocking  capabilities,  for  qualitative  differences  in  the  security  effectiveness  of  the  browsers.    
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Chrome  21   94%   Internet  Explorer  10   92%   Safari  5   91%   Firefox  15   90%   0%   10%   20%   30%   40%   50%   60%   70%   80%   90%   100%     Figure  1  -­‐  Mean  Block  Rate  for  Phishing  (higher  is  better)   Generally  available  software  releases  were  used  in  all  cases  except  for  Internet  Explorer  10,  which  was  only   available  in  Windows  8  and  was  generally  only  available  as  a  beta  during  the  test.  Each  product  was  updated  to  the   most  current  version  available  at  the  time  testing  began.   Internet  Explorer  10  was  the  only  tested  browser  that  does  not  use  the  Google  SafeBrowsing  API  and  had  a  mean   block  rate  of  92%.  For  products  using  the  SafeBrowsing  API,  Chrome  21  had  a  mean  block  rate  of  94%,  Safari  5   achieved  a  mean  block  rate  of  90%,  and  Firefox  15  had  a  mean  block  rate  of  90%.     There  was  a  maximum  difference  of  4%  between  browsers  using  Google’s  SafeBrowsing  API.  In  NSS  Labs  2009     Web  Browser  Group  Test,  there  was  a  78%  difference  in  protection  levels  between  the  most  and  least  effective   SafeBrowsing  products.     Key  Findings   • The  mean  phishing  block  rates  among  the  tested  browsers  have  improved  from  a  group  average  of   approximately  47  percent  just  3  years  ago  to  a  group  average  of  approximately  92  percent  today.     • The  time  required  to  add  protection  for  new  phishing  site  is  an  important  factor  and  can  vary  by  more   that  25%.   • Phishing  protection  is  only  one  security  attribute  of  a  browser.  Socially  engineered  malware  blocking   capabilities  must  be  factored  into  an  assessment  of  overall  browser  security.     Recommendations   • Use  current  versions  of  web  browsers  to  increase  protection  against  phishing  attacks.   • The  average  time  to  block  attacks  should  be  a  factor  in  browser  selection.   • Augment  browser  protection  with  education  to  protect  against  the  attacks  that  do  bypass  the  browsers.   • Include  the  ability  to  block  socially  engineered  malware  in  the  browser  selection  decision.     ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     2        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     This  analysis  brief  was  produced  as  part  of  NSS  Labs’  independent  testing  information  services.  Leading  vendors   were  invited  to  participate  fully  at  no  cost,  and  NSS  Labs  received  no  vendor  funding  to  produce  this  report.   Table  of  Contents   Analysis  ..................................................................................................................................  4   The  Phishing  Threat  ......................................................................................................................................  4   Web  Browser  Security  ..................................................................................................................................  5   Test  Composition  –  Phishing  URLs  ...............................................................................................................  5   Total  Number  Of  Malicious  URLs  In  The  Test  ...............................................................................................  5   Average  Number  Of  Malicious  URLs  Added  Per  Day  ....................................................................................  5   Mix  Of  URLs  ..................................................................................................................................................  6   Blocking  Phishing  URLs  .................................................................................................................................  6   Average  Time  To  Block  Phishing  URLs  ..........................................................................................................  6   Average  Response  Time  To  Block  Phishing  ..................................................................................................  7   Real-­‐time  Blocking  of  Phishing  URLs  Over  Time  ...........................................................................................  7   SafeBrowsing  Analysis  ..................................................................................................................................  8   Conclusion  ..............................................................................................................................  9   Appendix  A:  Test  Environment  ..............................................................................................  10   Appendix  B:  General  Test  Procedures  ...................................................................................  12   Contact  Information  ...................................................................................................................................  16       Table  of  Figures   Figure  1  -­‐  Mean  Block  Rate  for  Phishing   .......................................................................................................  2   Figure  2  -­‐  Phishing  URL  Response  Histogram  ...............................................................................................  6   Figure  3  -­‐  Average  Time  to  Block  ..................................................................................................................  7   Figure  4  -­‐  Phishing  Protection  Over  Time  .....................................................................................................  8   Figure  5  -­‐  Phishing  Protection  Over  Time  –  SafeBrowsing  Products  .............................................................  8       ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     3        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Analysis   Long   before   the   Greeks   hid   a   group   of   soldiers   in   a   wooden   gift   horse   (Trojan   horse),   social   engineering   was   a   popular  tool  for  con  artists  and  other  criminals  deceiving  people  for  their  own  personal  gain.  Phishing  is  the  natural   application  of   modern   technology  to   social   engineering   by   criminals   perpetrating   this   proven   attack   strategy.     In   this   report,   NSS   Labs   studied   the   leading   web   browsers’   ability   to   protect   against   phishing.   In   a   companion   report,   NSS   Labs   reported   the   findings   of   the   protection   capabilities   of   web   browsers   against   socially   engineered   malware   (see:  Browser  Security  Comparative  Analysis:  Socially  Engineered  Malware).     The  Phishing  Threat   "Phishing”  attacks  can  be  constructed  in  two  basic  ways.  The  first  is  an  attempt  to  persuade  a  victim  to  provide   personal   information   to   the   attacker.   The   information   may   be   credit   card   details,   login   information   for   email   or   social   media   accounts,   or   other   personal   information   that   can   be   used   for   identity   theft   and   other   information-­‐ based  attacks.  The  second  type  of  phishing  attack  attempts  to  lure  users  into  installing  a  malicious  application  or   navigating  to  a  website  where  malicious  software  will  be  installed  through  the  exploitation  of  vulnerable  software.   Common  to  both  phishing  attacks  is  that  they  arrive  via  email,  instant  messages,  SMS  messages,  and  links  on  social   networking  sites.     Phishing   attacks   pose   a   significant   risk   to   individuals   and   organizations   alike,   by   threatening   to   compromise   or   acquire  sensitive  personal  and  corporate  information.    The  number  of  reported  phishing  attacks  peaked  in  2009.   However,  they  have  remained  high  and  the  actual  number  of  unique  phishing  sites  has  increased  from  56,362  in   August  2009  to  a  high  of  63,253  in  April  of  2012.  The  average  number  of  unique  phishing  sites  detected  in  2011   was   well   under   40,000   per   month.   In   2012,   the   average   number   of   unique   phishing   sites   detected   has   consistently   1 been  well  over  50,000  per  month.     The  average  uptime  for  a  phishing  attack  has  been  steadily  falling  from  a  high   2 of  73  hours  in  the  second  half  of  2010  to  a  record  low  of  23  hours  and  10  minutes  in  the  first  half  of  2012.    The   speed  at  which  these  threats  are  “rotated”  to  new  locations  is  staggering  and  poses  a  significant  challenge  to  those   attempting  to  defend  against  such  attacks.   In  response  to  this  trend,  security  vendors  have  developed  reputation  systems  that  classify  malicious  and  phishing   URLs  via  in-­‐the-­‐cloud  services.  The  2009  NSS  Labs  Web  Browser  Group  Test  stated:     “Reputation   systems   are   literally   the   next   “big   thing”   in   computer   security   and   offer   an   additional   layer   of   protection   to   client   endpoint   machines,   which   have   effectively   become   the   mobile   corporate   perimeter.   For   home  users  this  was  always  the  case,  and  now  they  too  can  benefit  from  in  the  cloud  services,  usually  without   even  knowing  it.”   The  proof  of  this  becomes  obvious  when  comparing  the  results  of  the  two  tests.  In  2009,  the  average  block  rate   was  46%,  whereas  it  currently  stands  at  91.75%.                                                                                                                                           1  http://www.antiphishing.org/phishReportsArchive.html   2  http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_1H2012.pdf   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     4        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Web  Browser  Security   Web  browsers  have  stepped  up  their  role  in  protecting  clients  by  adding  mechanisms  for  warning  users  about   suspected  phishing  sites,  and  even  blocking  them.  This  report  examines  the  abilities  of  four  different  web  browsers   to  protect  users  from  live  phishing  attacks.   The  foundation  is  an  in-­‐the-­‐cloud  reputation-­‐based  system  that  scours  the  Internet  for  malicious  websites  and   categorizes  content  accordingly,  either  by  adding  it  to  a  black  or  white  list,  or  assigning  a  score  (depending  on  the   vendor’s  approach.)    This  may  be  performed  manually,  automatically,  or  a  combination  of  the  two.  The  second   functional  component  resides  within  the  web  browser  and  requests  reputation  information  from  the  in-­‐the-­‐cloud   systems  about  specific  URLs,  and  then  enforces  warning  and  blocking  functions.     When  results  are  returned  that  a  site  is  “bad,”  the  web  browser  redirects  the  user  to  a  warning  message  explaining   that  the  URL  is  malicious.  Some  programs  include  additional  educational  content  as  well.  Conversely,  when  a   website  is  determined  to  be  “good,”  the  web  browser  takes  no  action  and  the  user  is  unaware  that  a  security   check  was  just  performed  by  the  browser.     Test  Composition  –  Phishing  URLs   Data  in  this  report  spans  a  testing  period  of  10  days  from  October  15  through  October  25,  2012.  All  testing  was   performed  in  the  NSS  Labs  testing  facility  in  Austin,  TX.  During  the  course  of  the  test,  NSS  Labs  engineers  routinely   monitored  connectivity  to  ensure  the  browsers  could  access  the  live  Internet  sites  being  tested,  as  well  as  their   reputation  services  in  the  cloud.   The  emphasis  was  on  freshness,  thus  a  larger  number  of  sites  were  evaluated  than  were  ultimately  kept  as  part  of   the  result  set  as  new  URLs  were  constantly  being  added  to  the  test  and  dead  sites  removed.  See  the  methodology   for  more  details.     Total  Number  Of  Malicious  URLs  In  The  Test   Throughout  the  course  of  this  study,  158,  635  results  were  collected  from  37  discrete  tests  conducted  without   interruption  over  240  hours  (every  6  hours  for  10  days.)    A  collection  of  4,306  unique  URLs  were  available  at  the   time  of  entry  into  the  test  and  were  successfully  accessed  by  the  browsers  in  at  least  one  run.  NSS  Labs  engineers   removed  samples  that  did  not  pass  the  validation  criteria,  including  those  tainted  by  exploits  (not  part  of  this  test.)   Ultimately  2,291  unique  URLs  were  included  in  our  final  set  of  phishing  sites,  providing  a  margin  of  error  of  2.05%   with  a  95%  confidence  interval.     Average  Number  Of  Malicious  URLs  Added  Per  Day   On  average,  208  new  validated  URLs  were  added  to  the  test  set  per  day;  numbers  varied  on  some  days  as  criminal   activity  levels  fluctuated.   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     5        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Mix  Of  URLs   The  mixture  of  URLs  used  in  the  test  was  representative  of  current  threats  on  the  Internet.  Care  was  taken  not  to   overweight  any  one  domain  to  represent  more  than  10%  of  the  test  set;  sites  were  pruned  once  this  limit  was   reached.     Blocking  Phishing  URLs   NSS  Labs  assessed  the  browsers’  ability  to  block  malicious  URLs  as  quickly  as  they  were  discovered  on  the  Internet.   Engineers  continued  testing  them  every  six  hours  to  determine  how  long  it  took  a  vendor  to  add  protection,  if  they   did  at  all.     Average  Time  To  Block  Phishing  URLs     The  following  histogram  shows  how  long  it  took  the  browsers  to  block  a  threat  once  it  was  introduced  into  the  test   cycle.  Cumulative  protection  rates  are  listed  at  the  time  of  introduction,  the  “zero  hour,”  through  the  end  of  the   test.  Final  protection  scores  for  the  URL  test  duration  are  summarized  under  the  “Total”  column.  The  initial   protection  from  phishing  sites  ranged  from  53.2%  (Chrome  21)  to  79.2%  (Firefox  15.)     100% 90% 80% 70% Coverage 60% 50% 40% 30% 20% 10% 0% 0-hr 1d 2d 3d 4d 5d 6d 7d Total Firefox 15 79.2% 86.1% 88.2% 88.6% 88.6% 88.7% 88.7% 88.7% 88.7% Safari 5 76.9% 85.6% 88.4% 89.2% 89.3% 90.9% 91.0% 91.3% 91.4% Internet Explorer 10 55.9% 83.2% 86.3% 86.7% 86.8% 86.8% 86.8% 86.8% 86.8% Chrome 21 53.2% 83.5% 86.2% 87.4% 87.4% 87.5% 87.5% 87.5% 87.5%   Figure  2  -­‐  Phishing  URL  Response  Histogram   Firefox  demonstrated  the  strongest  protection  for  zero  hour  phishing  attacks  at  79.2%,  adding  6.9%  during  the  first   24  hours  and  only  2.6%  over  the  rest  of  the  test.  Safari  started  strong  at  76.9%  and  had  caught  up  with  Firefox  by   the  second  day.    Internet  Explorer  and  Chrome  had  weak  starts  ranging  between  53.2%  and  55.9%.  Internet   Explorer  10  reached  its  maximum  rate  in  4  days  and  Chrome  21  required  5  days.     Longer-­‐term  blocking  of  phishing  sites  was  comparable  across  all  of  the  browsers.  Firefox,  Safari  and  Chrome  share   the  SafeBrowsing  API  and,  in  2009,  the  differences  in  protection  were  significant.  In  this  test,  the  SafeBrowsing   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     6        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     products  exhibited  little  difference  over  time.  However,  Firefox  and  Safari  had  a  distinct  advantage  when  blocking   zero  hour  attacks.  This  demonstrates  that  either  different  implementations  yield  different  results  or  that  Firefox   and  Safari  are  not  relying  on  the  SafeBrowsing  API  alone.     Average  Response  Time  To  Block  Phishing   This  table  answers  the  question  of  how  long  a  user  must  wait  on  average  until  a  requested  phishing  URL  is  added   to  the  block  list.  It  shows  the  average  time  to  block  a  phishing  site  once  it  was  introduced  into  the  test  set,  but  only   if  it  was  blocked  during  the  course  of  the  test.  Unblocked  sites  are  not  included,  as  there  is  no  mathematically   empirical  way  to  score  “never.”     Note  that  phishing  sites  have  an  average  life  expectancy  of  only  23  hours.     Hours   0   1   2   3   4   5   6   7   Firefox  15   2.35   Safari  5   5.38   Chrome  21   5.64   Internet  Explorer  10   6.11     Figure  3  -­‐  Average  Time  to  Block  (shorter  time  is  better)   The  mean  time  to  block  a  site  (if  it  is  blocked  at  all)  is  4.87  hours.  Firefox  15  was  significantly  faster  at  adding   protection  in  the  earliest  hours  of  a  phishing  attack  than  any  of  the  other  browsers.    Safari,  Chrome  and  Internet   Explorer  10  were  fairly  close  to  each  other  in  response  time.     Real-­‐time  Blocking  of  Phishing  URLs  Over  Time   The  metrics  for  blocking  individual  URLs  represent  just  one  perspective.  When  it  comes  to  daily  usage  scenarios,   users  are  visiting  a  wide  range  of  sites  that  may  change  quickly.  At  any  given  time,  the  available  set  of  phishing   URLs  is  evolving,  and  continuing  to  block  these  sites  is  a  key  criterion  for  effectiveness.  NSS  Labs  tested  a  set  of  live   URLs  every  six  hours.  The  graph  below  shows  protection  at  each  of  the  37  incremental  tests  of  over  a  period  of  10   days  and  each  score  represents  protection  at  a  given  point  in  time.  The  mean  protection  rate  over  time  for  all   browsers  was  46%  in  2009,  and  now  approaches  92%.     ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     7        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     100%   90%   80%   70%   Safari  5   Block  Rate   60%   Chrome  21   50%   Internet  Explorer  10   40%   30%   Firefox  15   20%   10%   0%     Figure  4  -­‐  Phishing  Protection  Over  Time     Note  that  the  protection  percentage  will  deviate  from  the  unique  URL  results  for  several  reasons.  First,  this  data   includes  multiple  tests  of  a  URL,  so  if  it  is  blocked  early  on,  it  will  improve  the  score.  If  it  continues  to  be  missed,   however,  it  will  detract  from  the  score.    Results  of  individual  URL  tests  were  compounded  over  time.     SafeBrowsing  Analysis   Chrome   21,   Firefox  15   and   Safari   5   all  use   the   Google  SafeBrowsing  API.  In  2009,   NSS  Labs’   testing  revealed   wide-­‐ranging  results  in  the   effectiveness  of  phishing  URL  blocking.   I n   2 009,   t he   w orst   b rowser   h ad   a   2 %   b lock   rate   a nd   t he   b est   8 3%.   I n   2 012,   t he   g aps   h ave   b een   e ffectively   c losed   a nd   p rotection   l evels   a re   extremely   c lose.   100%   90%   80%   70%   Safari  5   Catch  Rate   60%   50%   Chrome  21   40%   Firefox  15   30%   20%   10%   0%     Figure  5  -­‐  Phishing  Protection  Over  Time  –  SafeBrowsing  Products   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     8        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Conclusion   Web  browsers  are  in  a  unique  position  to  combat  phishing  and  other  criminal  activities  by  warning  potential   victims  that  they  are  about  to  stray  onto  a  malicious  website.  Since  phishing  sites  have  an  average  lifespan  of  only   23  hours  it  is  essential  that  the  site  is  discovered,  validated,  classified,  and  added  to  the  reputation  system  as   quickly  as  possible.    This  explains  the  correlation  between  average-­‐time-­‐to-­‐block  and  catch-­‐rate.    A  good   reputation  system  must  be  both  accurate  and  fast  in  order  to  realize  high  catch  rates.    Browser  developers  clearly   understand  this  relationship  and  now  block  substantially  more  phishing  sites  in  the  first  24  hours  of  detection  than   they  did  after  5  days  in  2009.     Early  detection  of  phishing  sites  is  very  important,  but  should  not  be  given  undue  weight.  The  majority  of  standard   phishing  attacks  (not  spearphishing)  are  not  relevant  to  the  recipients.  For  example,  if  an  HSBC  customer  receives  a   Bank  of  America  phish  the  earliest  possible  detection  does  not  afford  greater  protection  across  the  board.       Google  Chrome’s  overall  block  rate  of  94%  was  2.25%  above  the  average,  which,  with  a  2%  margin  of  error,  means   that  there  is  very  little  difference  between  the  overall  ability  of  the  tested  browsers  to  block  phishing  URLs.       Looking  back  to  2009  when  the  best  browser  blocked  83%  and  the  worst  a  mere  2%,  it  is  obvious  that  all  of  the   tested  vendors  have  made  significant  strides  in  their  abilities  to  block  phishing  attacks.    Going  forward,  the   challenge  will  be  to  bring  down  the  response  time,  especially  for  targeted  brands  with  the  largest  consumer  bases.       The  dangers  associated  with  socially  engineered  malware  and  drive-­‐by  downloads  are  significant  enough  that  the   security  capabilities  of  a  browser  protection  against  these  threats  should  be  considered  a  more  critical  component   of  the  selection  criteria.  The  NSS  Labs  Browser  Security  Comparative  Analysis:  Socially  Engineered  Malware   provides  essential  information  with  respect  to  the  ability  of  browsers  to  block  socially  engineered  malware  attacks.     ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     9        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Appendix  A:  Test  Environment   NSS  Labs  has  created  a  complex  test  environment  and  methodology  to  assess  the  protective  capabilities  of   Internet  browsers  under  the  most  real-­‐world  conditions  possible,  while  also  maintaining  control  and  verification  of   the  procedures.  For  this  browser  security  test,  NSS  Labs  created  a  unique  “Live  Testing™”  harness  in  order  to   duplicate  user  experiences  under  real  world  conditions.  158,635  individual  tests  (URL  lookups)  were  performed   over  a  period  of  10  days  (37  discrete  test  runs).         ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     10        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Client  Host  Description   All  tested  browser  software  was  installed  on  identical  virtual  machines,  with  the  following  specifications:   • Microsoft  Windows  8   •        4GB  RAM   •        60GB  HD   Browser   machines   were   tested   prior   to   and   during   the   test   to   ensure   proper   functioning.   Browsers   were   given   full   access  to  the  Internet  so  they  could  visit  the  actual  live  sites.   The  Tested  Browsers   The  browsers  under  test  were  obtained  independently  by  NSS  Labs.  Generally  available  software  releases  were   used  in  all  cases,  except  for  Internet  Explorer  10.  Each  product  was  updated  to  the  most  current  version  available   at  the  time  testing  began.    The  following  is  a  current  list  of  the  web  browsers  that  were  tested:   •        Apple  Safari  5   •        Google  Chrome  21   •        Microsoft  Internet  Explorer  10   •        Mozilla  Firefox  15   Once  testing  began,  the  product  version  was  frozen  in  order  to  preserve  the  integrity  of  the  test.    This  test  relied   upon  Internet  access  for  the  reputation  systems  and  access  to  live  content.     Network  Description   The  browsers  were  tested  for  their  ability  to  protect  the  client  in  “connected”  use  cases.  Thus,  the  tests  consider   and  analyze  the  effectiveness  of  browser  protection  in  NSS  Labs’  real-­‐world,  Live  Testing  harness.   The  host  system  has  one  network  interface  card  (NIC)  and  is  connected  to  the  network  via  a  1Gb  switch  port.  For   the  purposes  of  this  test,  NSS  Labs  utilized  up  to  32  desktop  systems  each  running  a  web  browser  –  eight  each  per   web  browser  (four  browser  types).  Results  were  recorded  into  a  MySQL  database.         ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     11        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Appendix  B:  General  Test  Procedures   The  purpose  of  the  test  is  to  determine  how  well  the  tested  web  browsers  protect  users  from  phishing  threats  on   the  Internet  today.  A  key  aspect  is  the  timing.  Given  the  rapid  rate  and  aggressiveness  with  which  criminals   propagate  and  manipulate  phishing  URLs,  a  key  objective  is  to  ensure  that  the  “freshest”  sites  possible  are   included  in  the  test.     NSS  Labs  has  developed  a  unique  proprietary  “Live  Testing™”  harness  and  methodology.  On  an  ongoing  basis,  NSS   Labs  collects  web-­‐based  threats  from  a  variety  of  sources,  including  partners  and  its  own  servers.  Potential  threats   are  vetted  algorithmically  before  being  inserted  into  the  test  queue.  Threats  are  being  inserted  and  vetted   continually  24x7.  Note:  unique  to  this  procedure  is  that  NSS  Labs  validates  the  samples  before  and  after  the  test.   Actual  testing  of  the  threats  occurs  every  two  hours  and  starts  with  validation  of  the  site’s  existence  and   conformance  to  the  test  definition.     All  tests  are  executed  in  a  highly  controlled  manner,  and  results  are  meticulously  recorded  and  archived  at  each   interval  of  the  test.   Test  Duration   This  NSS  Labs’  browser  test  is  performed  continuously  (24x7)  for  10  days.  Throughout  the  duration  of  the  test,  new   URLs  are  added  as  they  are  discovered.   Test  Frequency   Over  the  course  of  the  test,  each  URL  is  run  through  the  test  harness  every  six  hours.  Regardless  of  success  or   failure,  the  “victim  machine”  in  the  test  harness  will  attempt  to  browse  to  the  phishing  site  for  the  duration  of  the   test.     Collect New Suspicious Malicous Sites from Sources Pre-Filter, Validate, Results Collected & Prune & Archive Archived Sites Test Clients Visit Sites & Record Distribute to Test Clients Block/Allow   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     12        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Samples  Sets  For  Phishing  URLs   Freshness  of  phishing  sites  is  a  key  attribute  of  this  type  of  test.  In  order  to  utilize  the  freshest  most  representative   URLs,  NSS  Labs  receives  a  broad  range  of  samples  from  a  multiple  sources.   Sources   NSS  Labs  operates  its  own  network  of  spam  traps  and  honeypots.  These  email  accounts  with  high-­‐  volume  traffic   yield  thousands  of  unique  emails  and  URLs  per  day.  NSS  Labs  maintains  a  growing  archive  of  phishing  and   malicious  URLs  and  other  malware.  This  archive  contains  multiple  gigabytes  of  confirmed  samples.  Although  only   phishing  URLs  are  used  in  this  test,  some  phishing  URLs  may  also  contain  malware  and  exploits.  In  addition,  NSS   Labs  maintains  relationships  with  other  independent  security  researchers,  networks,  and  security  companies  that   provide  access  to  URLs  and  malicious  content.  Sample  sets  contain  phishing  URLs  distributed  via  spam,  social   networks,  and  other  websites.  Every  effort  is  made  to  consider  submissions  that  reflect  a  real-­‐world  distribution  of   phishing,  categorically,  geographically,  and  by  platform.       In  addition,  NSS  maintains  a  collection  of  “clean  URLs”  that  includes  such  sites  as  Yahoo,  Amazon,  Microsoft,   Google,  NSS  Labs,  major  banks,  etc.  Periodically,  clean  URLs  are  run  through  the  system  to  verify  browsers  are  not   over-­‐blocking.   Catalog  URLs   New  sites  are  added  to  the  URL  consideration  set  as  soon  as  possible  following  initial  discovery.  The  date  and  time   each  sample  is  introduced  is  noted.  Most  sources  are  automatically  and  immediately  inserted,  while  some   methods  require  manual  handling  and  can  be  processed  in  under  30  minutes.  All  items  in  the  consideration  set  are   cataloged  with  a  unique  NSS  Labs  ID,  regardless  of  their  validity.  This  enables  NSS  Labs  engineers  to  track   effectiveness  of  sample  sources.   Confirm  Sample  Presence  of  URLs   Time  is  of  the  essence,  since  the  objective  is  to  test  the  effectiveness  against  the  ‘freshest’  possible  phishing  sites.   Given  the  nature  of  the  feeds  and  the  rate  of  change,  it  is  not  possible  to  validate  each  site  in  depth  before  the   test,  since  the  site  could  quickly  disappear.  However,  each  of  the  test  items  is  given  an  initial  review  to  verify  it   meets  the  basic  criteria  and  is  accessible  on  the  live  Internet.   In  order  to  be  included  in  the  execution  set,  URLs  must  be  live  during  the  test  iteration.  At  the  beginning  of  each   test  iteration,  the  availability  of  the  URL  is  confirmed  by  ensuring  that  the  site  can  be  reached  and  is  active  (e.g.  a   non-­‐404  web  page  is  returned.)   This  validation  occurs  within  minutes  of  receiving  the  samples.    Note:  These  classifications  are  further  validated   after  the  test,  and  URLs  are  reclassified  and/or  removed  accordingly.   Archive  Active  URL  Content   The  active  URL  content  is  downloaded  and  saved  to  an  archive  server  with  a  unique  NSS  ID  number.  This  enables   NSS  Labs  to  preserve  the  URL  content  for  control  and  validation  purposes.   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     13        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Visit  Each  URL   A  customized  client  automation  utility  requests  each  of  the  URLs  deemed  “present”  via  each  of  the  web  browsers   in  the  test.  The  test  harness  records  whether  or  not  the  phishing  site  is  successfully  accessed,  and  if  the  attempt  to   visit  the  site  triggers  a  warning  from  the  browser’s  phishing  protection.     Scoring  &  Recoding  the  Results   The  resulting  response  is  recorded  as  either  “allowed”  or  “blocked  and  warned.”   • Success:  NSS  Labs  defines  “success”  based  upon  a  web  browser  successfully  preventing  access  to  a   phishing  URL.   • Failure:  NSS  Labs  defines  a  “failure”  based  upon  a  web  browser  failing  to  block  and  issue  a  warning.   Pruning   Throughout  the  test,  lab  engineers  review  and  prune  out  non-­‐conforming  URLs  and  content  from  the  test   execution  set.  For  example,  a  URL  that  was  classified  initially  as  phishing  and  that  has  subsequently  been  replaced   by  the  web  host  with  a  generic  splash  page  will  be  removed  from  the  test.   If  a  URL  sample  becomes  unavailable  during  the  course  of  the  test,  the  sample  is  removed  from  the  test  collection   for  that  iteration.  NSS  Labs  continually  verifies  each  sample’s  presence  (availability  to  access)  and  adds/removes   each  sample  from  the  test  set  accordingly.  Should  a  phishing  sample  be  unavailable  for  a  test  iteration  and  then   become  available  again  for  a  subsequent  iteration,  it  will  be  added  back  into  the  test  collection.  Unavailable   samples  are  not  included  in  calculations  of  success  or  failure  by  a  web  browser.   Post-­‐Test  Validation     Post-­‐test  validation  enables  NSS  Labs  to  reclassify  and  even  remove  samples  which  were  either  not  malicious  or   not  available  before  the  test  started.  NSS  Labs  performs  both  automated  and  manual  validation  of  suspected   phishing  sites.    At  the  end  of  this  process,  there  were  2,291  URLs  that  were  live  and  valid  at  the  time  of  testing  and   are  now  part  of  this  report.  The  targeted  brands  are  in  the  table  below.     ABN-­‐AMRO   ABSA   AhliUnitedBank   Alibaba   Alipay   Allegro   AlliedDirect   Amazon   AmBankGroup   AOL   ASB   BancoAVVillas   BancoAzteca   BancoBOD   BancoDeEspana   BancoDelaNacion   BancoDeVenezuela   BancoFalabella   Bancopichincha   BankOfBrazil   BankOfchina   BankWest   Barclays   Battle.Log   Battle.net   BienvenuedansAccesD   BMO   BOA   Bradesco   BT   Cadastro   CapitalBank   CapitecBank   CartaSi   CenturyLink   Chase   ChinaBank   ChinaConstructionBank   CIBC   Cielo   CIMB   Co-­‐Operativebank   CommonwealthBank   DBA   DiamondBank   Ebay   Email   Facebook   FirstOnline   GlobalMail   GlobalSources   Gmail   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     14        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Halifax   HelpDesk   HiperCard   HomeBank   HongLeong   Hotmail   HSBC   ICBC   ING   InternalRevenueService   IRS   Itau   Kiwi   LaBanquePostale   LibertyReserve   Linkedin   Lloyds   MailBox   MasterCard   MayBank   MBNA   MicrosoftAccount   NAB   NatWest   Nets   Nordea   Outlook   PaEbay   Paypal   PNC   Popular   Posteitaliane   postepay   QNB   QuickQuid   RAKBank   RBC   Regions   ReMax   RuneScape   Santander   SFR   Sicredi   Skype   Smiles   St.george   Steam   Suntrust   TAM   TDCanadaTrust   TradeMe   TSB   TSBBank   USAA   Vadofone   Verizon   Very   VISA   Vodafone   WebMail   Wellsfargo   Westpac   WindowSecurity   WindowsSecurity   Yahoo             ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     15        
NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Contact  Information   NSS  Labs,  Inc.   6207  Bee  Caves  Road,  Suite  350   Austin,  TX  78746  USA   +1  (512)  961-­‐5300   info@nsslabs.com   www.nsslabs.com       This  and  other  related  documents  available  at:  www.nsslabs.com.  To  receive  a  licensed  copy  or  report  misuse,   please  contact  NSS  Labs  at  +1  (512)  961-­‐5300  or  sales@nsslabs.com.     ©  2012  NSS  Labs,  Inc.  All  rights  reserved.  No  part  of  this  publication  may  be  reproduced,  photocopied,  stored  on  a  retrieval     system,  or  transmitted  without  the  express  written  consent  of  the  authors.       Please  note  that  access  to  or  use  of  this  report  is  conditioned  on  the  following:     1.    The  information  in  this  report  is  subject  to  change  by  NSS  Labs  without  notice.     2.    The  information  in  this  report  is  believed  by  NSS  Labs  to  be  accurate  and  reliable  at  the  time  of  publication,  but  is  not   guaranteed.  All  use  of  and  reliance  on  this  report  are  at  the  reader’s  sole  risk.  NSS  Labs  is  not  liable  or  responsible  for  any     damages,  losses,  or  expenses  arising  from  any  error  or  omission  in  this  report.     3.    NO  WARRANTIES,  EXPRESS  OR  IMPLIED  ARE  GIVEN  BY  NSS  LABS.  ALL  IMPLIED  WARRANTIES,  INCLUDING  IMPLIED     WARRANTIES  OF  MERCHANTABILITY,  FITNESS  FOR  A  PARTICULAR  PURPOSE,  AND  NON-­‐INFRINGEMENT  ARE  DISCLAIMED  AND   EXCLUDED  BY  NSS  LABS.  IN  NO  EVENT  SHALL  NSS  LABS  BE  LIABLE  FOR  ANY  CONSEQUENTIAL,  INCIDENTAL  OR  INDIRECT     DAMAGES,  OR  FOR  ANY  LOSS  OF  PROFIT,  REVENUE,  DATA,  COMPUTER  PROGRAMS,  OR  OTHER  ASSETS,  EVEN  IF  ADVISED  OF  THE   POSSIBILITY  THEREOF.     4.    This  report  does  not  constitute  an  endorsement,  recommendation,  or  guarantee  of  any  of  the  products  (hardware  or     software)  tested  or  the  hardware  and  software  used  in  testing  the  products.  The  testing  does  not  guarantee  that  there  are  no     errors  or  defects  in  the  products  or  that  the  products  will  meet  the  reader’s  expectations,  requirements,  needs,  or   specifications,  or  that  they  will  operate  without  interruption.       5.    This  report  does  not  imply  any  endorsement,  sponsorship,  affiliation,  or  verification  by  or  with  any  organizations  mentioned     in  this  report.       6.    All  trademarks,  service  marks,  and  trade  names  used  in  this  report  are  the  trademarks,  service  marks,  and  trade  names  of   their  respective  owners.         ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     16        

Recomendados

Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan Client
OPSWAT
 
Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware survey
eSAT Journals
 
IE Exploit Protection
IE Exploit ProtectionIE Exploit Protection
IE Exploit Protection
Kim Jensen
 
Avc Report25
Avc Report25Avc Report25
Avc Report25
Erol Dizdar
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not Enough
GFI Software
 
Cq3210191021
Cq3210191021Cq3210191021
Cq3210191021
IJMER
 
What the fuzz
What the fuzzWhat the fuzz
What the fuzz
Christopher Frenz
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012
DefCamp
 

Recomendados

Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan Client
OPSWAT
 
Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware survey
eSAT Journals
 
IE Exploit Protection
IE Exploit ProtectionIE Exploit Protection
IE Exploit Protection
Kim Jensen
 
Avc Report25
Avc Report25Avc Report25
Avc Report25
Erol Dizdar
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not Enough
GFI Software
 
Cq3210191021
Cq3210191021Cq3210191021
Cq3210191021
IJMER
 
What the fuzz
What the fuzzWhat the fuzz
What the fuzz
Christopher Frenz
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012
DefCamp
 
A Content- and Document-based Approach for Digital Productivity Applications
A Content- and Document-based Approach for Digital Productivity ApplicationsA Content- and Document-based Approach for Digital Productivity Applications
A Content- and Document-based Approach for Digital Productivity Applications
Nuxeo
 
Web phish detection (an evolutionary approach)
Web phish detection (an evolutionary approach)Web phish detection (an evolutionary approach)
Web phish detection (an evolutionary approach)
eSAT Publishing House
 
Detecting malicious facebook applicationsi
Detecting malicious facebook applicationsiDetecting malicious facebook applicationsi
Detecting malicious facebook applicationsi
nexgentechnology
 
Detecting netflixthrough analysis of twitter
Detecting netflixthrough analysis of twitterDetecting netflixthrough analysis of twitter
Detecting netflixthrough analysis of twitter
Jack Shepherd
 
thesis 36 44 Final
thesis 36 44 Finalthesis 36 44 Final
thesis 36 44 Final
meraz rizel
 
stapleton thesis
stapleton thesisstapleton thesis
stapleton thesis
Lisa K Stapleton
 
PhishAri: Automatic Realtime Phishing Detection on Twitter
PhishAri: Automatic Realtime Phishing Detection on TwitterPhishAri: Automatic Realtime Phishing Detection on Twitter
PhishAri: Automatic Realtime Phishing Detection on Twitter
Anupama Aggarwal
 
Towards detecting phishing web pages
Towards detecting phishing web pagesTowards detecting phishing web pages
Towards detecting phishing web pages
Shuvradeb Barman Srijon
 
Thesis klausi
Thesis klausiThesis klausi
Thesis klausi
mooru
 
Master\'s Thesis
Master\'s ThesisMaster\'s Thesis
Master\'s Thesis
taco_dols
 
Cantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websitesCantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websites
thestarlight92
 
Learning to Detect Phishing Emails
Learning to Detect Phishing EmailsLearning to Detect Phishing Emails
Learning to Detect Phishing Emails
butest
 
Suspicious Mail Detection IEEE
Suspicious Mail Detection IEEESuspicious Mail Detection IEEE
Suspicious Mail Detection IEEE
Nikhil Kulkarni
 
Thesis:"DLAlert and Information Alert System for Digital Libraries"
Thesis:"DLAlert and Information Alert System for Digital Libraries"Thesis:"DLAlert and Information Alert System for Digital Libraries"
Thesis:"DLAlert and Information Alert System for Digital Libraries"
Ioannis Alexakis
 
Preventing In-Browser Malicious Code Execution
Preventing In-Browser Malicious Code ExecutionPreventing In-Browser Malicious Code Execution
Preventing In-Browser Malicious Code Execution
Stefano Di Paola
 
Suspicious Email Detection
Suspicious Email DetectionSuspicious Email Detection
Suspicious Email Detection
Suraj Kumar
 
Msc Product Service System Design Final Thesis Book
Msc Product Service System Design Final Thesis BookMsc Product Service System Design Final Thesis Book
Msc Product Service System Design Final Thesis Book
Chiara Cacciani
 
Face detection and recognition
Face detection and recognitionFace detection and recognition
Face detection and recognition
Derek Budde
 
M Tech Projects List
M Tech Projects ListM Tech Projects List
M Tech Projects List
e2-matrix
 
Web Collaboration for Software Engineering (Msc Thesis)
Web Collaboration for Software Engineering (Msc Thesis)Web Collaboration for Software Engineering (Msc Thesis)
Web Collaboration for Software Engineering (Msc Thesis)
Tiago Teixeira
 
2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk
Комсс Файквэе
 
Avc report25
Avc report25Avc report25
Avc report25
Era Brown
 

Más contenido relacionado

Destacado

Detecting netflixthrough analysis of twitter
Detecting netflixthrough analysis of twitterDetecting netflixthrough analysis of twitter
Detecting netflixthrough analysis of twitter
Jack Shepherd
 
PhishAri: Automatic Realtime Phishing Detection on Twitter
PhishAri: Automatic Realtime Phishing Detection on TwitterPhishAri: Automatic Realtime Phishing Detection on Twitter
PhishAri: Automatic Realtime Phishing Detection on Twitter
Anupama Aggarwal
 
Master\'s Thesis
Master\'s ThesisMaster\'s Thesis
Master\'s Thesis
taco_dols
 
Cantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websitesCantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websites
thestarlight92
 
Learning to Detect Phishing Emails
Learning to Detect Phishing EmailsLearning to Detect Phishing Emails
Learning to Detect Phishing Emails
butest
 
Suspicious Mail Detection IEEE
Suspicious Mail Detection IEEESuspicious Mail Detection IEEE
Suspicious Mail Detection IEEE
Nikhil Kulkarni
 
Suspicious Email Detection
Suspicious Email DetectionSuspicious Email Detection
Suspicious Email Detection
Suraj Kumar
 

Destacado (20)

A Content- and Document-based Approach for Digital Productivity Applications
A Content- and Document-based Approach for Digital Productivity ApplicationsA Content- and Document-based Approach for Digital Productivity Applications
A Content- and Document-based Approach for Digital Productivity Applications
 
Web phish detection (an evolutionary approach)
Web phish detection (an evolutionary approach)Web phish detection (an evolutionary approach)
Web phish detection (an evolutionary approach)
 
Detecting malicious facebook applicationsi
Detecting malicious facebook applicationsiDetecting malicious facebook applicationsi
Detecting malicious facebook applicationsi
 
Detecting netflixthrough analysis of twitter
Detecting netflixthrough analysis of twitterDetecting netflixthrough analysis of twitter
Detecting netflixthrough analysis of twitter
 
thesis 36 44 Final
thesis 36 44 Finalthesis 36 44 Final
thesis 36 44 Final
 
stapleton thesis
stapleton thesisstapleton thesis
stapleton thesis
 
PhishAri: Automatic Realtime Phishing Detection on Twitter
PhishAri: Automatic Realtime Phishing Detection on TwitterPhishAri: Automatic Realtime Phishing Detection on Twitter
PhishAri: Automatic Realtime Phishing Detection on Twitter
 
Towards detecting phishing web pages
Towards detecting phishing web pagesTowards detecting phishing web pages
Towards detecting phishing web pages
 
Thesis klausi
Thesis klausiThesis klausi
Thesis klausi
 
Master\'s Thesis
Master\'s ThesisMaster\'s Thesis
Master\'s Thesis
 
Cantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websitesCantina content based approach to detect phishing websites
Cantina content based approach to detect phishing websites
 
Learning to Detect Phishing Emails
Learning to Detect Phishing EmailsLearning to Detect Phishing Emails
Learning to Detect Phishing Emails
 
Suspicious Mail Detection IEEE
Suspicious Mail Detection IEEESuspicious Mail Detection IEEE
Suspicious Mail Detection IEEE
 
Thesis:"DLAlert and Information Alert System for Digital Libraries"
Thesis:"DLAlert and Information Alert System for Digital Libraries"Thesis:"DLAlert and Information Alert System for Digital Libraries"
Thesis:"DLAlert and Information Alert System for Digital Libraries"
 
Preventing In-Browser Malicious Code Execution
Preventing In-Browser Malicious Code ExecutionPreventing In-Browser Malicious Code Execution
Preventing In-Browser Malicious Code Execution
 
Suspicious Email Detection
Suspicious Email DetectionSuspicious Email Detection
Suspicious Email Detection
 
Msc Product Service System Design Final Thesis Book
Msc Product Service System Design Final Thesis BookMsc Product Service System Design Final Thesis Book
Msc Product Service System Design Final Thesis Book
 
Face detection and recognition
Face detection and recognitionFace detection and recognition
Face detection and recognition
 
M Tech Projects List
M Tech Projects ListM Tech Projects List
M Tech Projects List
 
Web Collaboration for Software Engineering (Msc Thesis)
Web Collaboration for Software Engineering (Msc Thesis)Web Collaboration for Software Engineering (Msc Thesis)
Web Collaboration for Software Engineering (Msc Thesis)
 

Similar a 2012 browser phishing

Avc report25
Avc report25Avc report25
Avc report25
Era Brown
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
IBM Security
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
Black Duck by Synopsys
 
Skyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSkyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal Effort
Sarah Elson
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckSoftware Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Black Duck by Synopsys
 

Similar a 2012 browser phishing (20)

2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk
 
Avc report25
Avc report25Avc report25
Avc report25
 
Avc fdt 201209_en
Avc fdt 201209_enAvc fdt 201209_en
Avc fdt 201209_en
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
 
Is av dead or just missing in action - avar2016
Is av dead or just missing in action - avar2016Is av dead or just missing in action - avar2016
Is av dead or just missing in action - avar2016
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
 
Skyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSkyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal Effort
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint Protection
 
Measuring the Actual Security that Vendors Provide to Customers
Measuring the Actual Security that Vendors Provide to CustomersMeasuring the Actual Security that Vendors Provide to Customers
Measuring the Actual Security that Vendors Provide to Customers
 
Thinking of choosing Sophos?
Thinking of choosing Sophos?Thinking of choosing Sophos?
Thinking of choosing Sophos?
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 
Avc fdt 201303_en
Avc fdt 201303_enAvc fdt 201303_en
Avc fdt 201303_en
 
Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?Thinking of choosing Trend Micro?
Thinking of choosing Trend Micro?
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckSoftware Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
 
Continuous Security Testing
Continuous Security TestingContinuous Security Testing
Continuous Security Testing
 
Browsers comparison
Browsers comparisonBrowsers comparison
Browsers comparison
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 
Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for Devops
 

Más de Комсс Файквэе

Más de Комсс Файквэе (20)

Ksb 2013 ru
Ksb 2013 ruKsb 2013 ru
Ksb 2013 ru
 
Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013
 
Rp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xgRp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xg
 
Apwg trends report_q2_2013
Apwg trends report_q2_2013Apwg trends report_q2_2013
Apwg trends report_q2_2013
 
Mobile threat report_q3_2013
Mobile threat report_q3_2013Mobile threat report_q3_2013
Mobile threat report_q3_2013
 
Scimp paper
Scimp paperScimp paper
Scimp paper
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijacking
 
Analitika web 2012_positive_technologies
Analitika web 2012_positive_technologiesAnalitika web 2012_positive_technologies
Analitika web 2012_positive_technologies
 
B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-us
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
 
B intelligence report-08-2013.en-us
B intelligence report-08-2013.en-usB intelligence report-08-2013.en-us
B intelligence report-08-2013.en-us
 
Dtl 2013 q2_home.1.2
Dtl 2013 q2_home.1.2Dtl 2013 q2_home.1.2
Dtl 2013 q2_home.1.2
 
Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012
 
Kaspersky lab av_test_whitelist_test_report
Kaspersky lab av_test_whitelist_test_reportKaspersky lab av_test_whitelist_test_report
Kaspersky lab av_test_whitelist_test_report
 
The modern-malware-review-march-2013
The modern-malware-review-march-2013 The modern-malware-review-march-2013
The modern-malware-review-march-2013
 
Dtl 2012 kl-app_ctl1.2
Dtl 2012 kl-app_ctl1.2Dtl 2012 kl-app_ctl1.2
Dtl 2012 kl-app_ctl1.2
 
Panda labs annual-report-2012
Panda labs annual-report-2012Panda labs annual-report-2012
Panda labs annual-report-2012
 
H02 syllabus
H02 syllabusH02 syllabus
H02 syllabus
 
Course reader-title
Course reader-titleCourse reader-title
Course reader-title
 

Último

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

2012 browser phishing

  • 1.   BROWSER  SECURITY  COMPARATIVE  ANALYSIS   Phishing  Protection       2012  –  Randy  Abrams,  Orlando  Barrera,  Jayendra  Pathak     Tested  Products   Apple  Safari  5   Google  Chrome  21   Microsoft  Internet  Explorer  10   Mozilla  Firefox  15     Overview   During  October  2012  NSS  Labs  performed  a  comprehensive  test  of  web  browser  phishing  protection  against  our   live  web  browser  security  testing  methodology  v2.0.    This  report  is  based  upon  empirically  validated  evidence   gathered  by  NSS  Labs  during  10  days  of  continuous  testing.  Testing  was  performed  every  6  hours  for  a  total  of  37   discrete  test  runs,  each  one  adding  fresh  new  phishing  URLs.  Each  product  was  updated  to  the  most  current   version  available  at  the  time  testing  began  and  allowed  access  to  the  live  Internet.   The  most  common  and  impactful  security  threats  facing  users  today  are  socially  engineered  malware  and  phishing   attacks.  As  such,  they  have  been  the  primary  focus  of  NSS  Labs  continued  research  and  testing  of  the  security   effectiveness  of  browsers.  While  drive-­‐by  downloads  and  clickjacking  are  also  effective  attacks  that  have  achieved   notable  publicity,  they  represent  a  smaller  percentage  of  today’s  threats.  Drive-­‐by  downloads  are  commonly  the   result  of  a  successful  phishing  attack  and  clickjacking  attacks  often  lead  to  a  phishing  web  page.     Note:  This  test  was  performed  alongside  a  similar  test  of  socially  engineered  malware  (see:  Browser  Security   Comparative  Analysis:  Socially  Engineered  Malware).   The  average  phishing  URL  catch  rate  for  browsers  over  the  entire  10  day  test  period  ranged  from  90  percent  for   Firefox  (version  15)  to  94  percent  for  Chrome  (version  21).    With  a  margin  of  error  of  about  2  percent,  there  is  little   difference  in  the  average  block  rate  of  the  browsers  and  one  must  consider  other  factors,  such  as  socially   engineered  malware  blocking  capabilities,  for  qualitative  differences  in  the  security  effectiveness  of  the  browsers.    
  • 2. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Chrome  21   94%   Internet  Explorer  10   92%   Safari  5   91%   Firefox  15   90%   0%   10%   20%   30%   40%   50%   60%   70%   80%   90%   100%     Figure  1  -­‐  Mean  Block  Rate  for  Phishing  (higher  is  better)   Generally  available  software  releases  were  used  in  all  cases  except  for  Internet  Explorer  10,  which  was  only   available  in  Windows  8  and  was  generally  only  available  as  a  beta  during  the  test.  Each  product  was  updated  to  the   most  current  version  available  at  the  time  testing  began.   Internet  Explorer  10  was  the  only  tested  browser  that  does  not  use  the  Google  SafeBrowsing  API  and  had  a  mean   block  rate  of  92%.  For  products  using  the  SafeBrowsing  API,  Chrome  21  had  a  mean  block  rate  of  94%,  Safari  5   achieved  a  mean  block  rate  of  90%,  and  Firefox  15  had  a  mean  block  rate  of  90%.     There  was  a  maximum  difference  of  4%  between  browsers  using  Google’s  SafeBrowsing  API.  In  NSS  Labs  2009     Web  Browser  Group  Test,  there  was  a  78%  difference  in  protection  levels  between  the  most  and  least  effective   SafeBrowsing  products.     Key  Findings   • The  mean  phishing  block  rates  among  the  tested  browsers  have  improved  from  a  group  average  of   approximately  47  percent  just  3  years  ago  to  a  group  average  of  approximately  92  percent  today.     • The  time  required  to  add  protection  for  new  phishing  site  is  an  important  factor  and  can  vary  by  more   that  25%.   • Phishing  protection  is  only  one  security  attribute  of  a  browser.  Socially  engineered  malware  blocking   capabilities  must  be  factored  into  an  assessment  of  overall  browser  security.     Recommendations   • Use  current  versions  of  web  browsers  to  increase  protection  against  phishing  attacks.   • The  average  time  to  block  attacks  should  be  a  factor  in  browser  selection.   • Augment  browser  protection  with  education  to  protect  against  the  attacks  that  do  bypass  the  browsers.   • Include  the  ability  to  block  socially  engineered  malware  in  the  browser  selection  decision.     ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     2        
  • 3. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     This  analysis  brief  was  produced  as  part  of  NSS  Labs’  independent  testing  information  services.  Leading  vendors   were  invited  to  participate  fully  at  no  cost,  and  NSS  Labs  received  no  vendor  funding  to  produce  this  report.   Table  of  Contents   Analysis  ..................................................................................................................................  4   The  Phishing  Threat  ......................................................................................................................................  4   Web  Browser  Security  ..................................................................................................................................  5   Test  Composition  –  Phishing  URLs  ...............................................................................................................  5   Total  Number  Of  Malicious  URLs  In  The  Test  ...............................................................................................  5   Average  Number  Of  Malicious  URLs  Added  Per  Day  ....................................................................................  5   Mix  Of  URLs  ..................................................................................................................................................  6   Blocking  Phishing  URLs  .................................................................................................................................  6   Average  Time  To  Block  Phishing  URLs  ..........................................................................................................  6   Average  Response  Time  To  Block  Phishing  ..................................................................................................  7   Real-­‐time  Blocking  of  Phishing  URLs  Over  Time  ...........................................................................................  7   SafeBrowsing  Analysis  ..................................................................................................................................  8   Conclusion  ..............................................................................................................................  9   Appendix  A:  Test  Environment  ..............................................................................................  10   Appendix  B:  General  Test  Procedures  ...................................................................................  12   Contact  Information  ...................................................................................................................................  16       Table  of  Figures   Figure  1  -­‐  Mean  Block  Rate  for  Phishing   .......................................................................................................  2   Figure  2  -­‐  Phishing  URL  Response  Histogram  ...............................................................................................  6   Figure  3  -­‐  Average  Time  to  Block  ..................................................................................................................  7   Figure  4  -­‐  Phishing  Protection  Over  Time  .....................................................................................................  8   Figure  5  -­‐  Phishing  Protection  Over  Time  –  SafeBrowsing  Products  .............................................................  8       ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     3        
  • 4. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Analysis   Long   before   the   Greeks   hid   a   group   of   soldiers   in   a   wooden   gift   horse   (Trojan   horse),   social   engineering   was   a   popular  tool  for  con  artists  and  other  criminals  deceiving  people  for  their  own  personal  gain.  Phishing  is  the  natural   application  of   modern   technology  to   social   engineering   by   criminals   perpetrating   this   proven   attack   strategy.     In   this   report,   NSS   Labs   studied   the   leading   web   browsers’   ability   to   protect   against   phishing.   In   a   companion   report,   NSS   Labs   reported   the   findings   of   the   protection   capabilities   of   web   browsers   against   socially   engineered   malware   (see:  Browser  Security  Comparative  Analysis:  Socially  Engineered  Malware).     The  Phishing  Threat   "Phishing”  attacks  can  be  constructed  in  two  basic  ways.  The  first  is  an  attempt  to  persuade  a  victim  to  provide   personal   information   to   the   attacker.   The   information   may   be   credit   card   details,   login   information   for   email   or   social   media   accounts,   or   other   personal   information   that   can   be   used   for   identity   theft   and   other   information-­‐ based  attacks.  The  second  type  of  phishing  attack  attempts  to  lure  users  into  installing  a  malicious  application  or   navigating  to  a  website  where  malicious  software  will  be  installed  through  the  exploitation  of  vulnerable  software.   Common  to  both  phishing  attacks  is  that  they  arrive  via  email,  instant  messages,  SMS  messages,  and  links  on  social   networking  sites.     Phishing   attacks   pose   a   significant   risk   to   individuals   and   organizations   alike,   by   threatening   to   compromise   or   acquire  sensitive  personal  and  corporate  information.    The  number  of  reported  phishing  attacks  peaked  in  2009.   However,  they  have  remained  high  and  the  actual  number  of  unique  phishing  sites  has  increased  from  56,362  in   August  2009  to  a  high  of  63,253  in  April  of  2012.  The  average  number  of  unique  phishing  sites  detected  in  2011   was   well   under   40,000   per   month.   In   2012,   the   average   number   of   unique   phishing   sites   detected   has   consistently   1 been  well  over  50,000  per  month.     The  average  uptime  for  a  phishing  attack  has  been  steadily  falling  from  a  high   2 of  73  hours  in  the  second  half  of  2010  to  a  record  low  of  23  hours  and  10  minutes  in  the  first  half  of  2012.    The   speed  at  which  these  threats  are  “rotated”  to  new  locations  is  staggering  and  poses  a  significant  challenge  to  those   attempting  to  defend  against  such  attacks.   In  response  to  this  trend,  security  vendors  have  developed  reputation  systems  that  classify  malicious  and  phishing   URLs  via  in-­‐the-­‐cloud  services.  The  2009  NSS  Labs  Web  Browser  Group  Test  stated:     “Reputation   systems   are   literally   the   next   “big   thing”   in   computer   security   and   offer   an   additional   layer   of   protection   to   client   endpoint   machines,   which   have   effectively   become   the   mobile   corporate   perimeter.   For   home  users  this  was  always  the  case,  and  now  they  too  can  benefit  from  in  the  cloud  services,  usually  without   even  knowing  it.”   The  proof  of  this  becomes  obvious  when  comparing  the  results  of  the  two  tests.  In  2009,  the  average  block  rate   was  46%,  whereas  it  currently  stands  at  91.75%.                                                                                                                                           1  http://www.antiphishing.org/phishReportsArchive.html   2  http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_1H2012.pdf   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     4        
  • 5. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Web  Browser  Security   Web  browsers  have  stepped  up  their  role  in  protecting  clients  by  adding  mechanisms  for  warning  users  about   suspected  phishing  sites,  and  even  blocking  them.  This  report  examines  the  abilities  of  four  different  web  browsers   to  protect  users  from  live  phishing  attacks.   The  foundation  is  an  in-­‐the-­‐cloud  reputation-­‐based  system  that  scours  the  Internet  for  malicious  websites  and   categorizes  content  accordingly,  either  by  adding  it  to  a  black  or  white  list,  or  assigning  a  score  (depending  on  the   vendor’s  approach.)    This  may  be  performed  manually,  automatically,  or  a  combination  of  the  two.  The  second   functional  component  resides  within  the  web  browser  and  requests  reputation  information  from  the  in-­‐the-­‐cloud   systems  about  specific  URLs,  and  then  enforces  warning  and  blocking  functions.     When  results  are  returned  that  a  site  is  “bad,”  the  web  browser  redirects  the  user  to  a  warning  message  explaining   that  the  URL  is  malicious.  Some  programs  include  additional  educational  content  as  well.  Conversely,  when  a   website  is  determined  to  be  “good,”  the  web  browser  takes  no  action  and  the  user  is  unaware  that  a  security   check  was  just  performed  by  the  browser.     Test  Composition  –  Phishing  URLs   Data  in  this  report  spans  a  testing  period  of  10  days  from  October  15  through  October  25,  2012.  All  testing  was   performed  in  the  NSS  Labs  testing  facility  in  Austin,  TX.  During  the  course  of  the  test,  NSS  Labs  engineers  routinely   monitored  connectivity  to  ensure  the  browsers  could  access  the  live  Internet  sites  being  tested,  as  well  as  their   reputation  services  in  the  cloud.   The  emphasis  was  on  freshness,  thus  a  larger  number  of  sites  were  evaluated  than  were  ultimately  kept  as  part  of   the  result  set  as  new  URLs  were  constantly  being  added  to  the  test  and  dead  sites  removed.  See  the  methodology   for  more  details.     Total  Number  Of  Malicious  URLs  In  The  Test   Throughout  the  course  of  this  study,  158,  635  results  were  collected  from  37  discrete  tests  conducted  without   interruption  over  240  hours  (every  6  hours  for  10  days.)    A  collection  of  4,306  unique  URLs  were  available  at  the   time  of  entry  into  the  test  and  were  successfully  accessed  by  the  browsers  in  at  least  one  run.  NSS  Labs  engineers   removed  samples  that  did  not  pass  the  validation  criteria,  including  those  tainted  by  exploits  (not  part  of  this  test.)   Ultimately  2,291  unique  URLs  were  included  in  our  final  set  of  phishing  sites,  providing  a  margin  of  error  of  2.05%   with  a  95%  confidence  interval.     Average  Number  Of  Malicious  URLs  Added  Per  Day   On  average,  208  new  validated  URLs  were  added  to  the  test  set  per  day;  numbers  varied  on  some  days  as  criminal   activity  levels  fluctuated.   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     5        
  • 6. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Mix  Of  URLs   The  mixture  of  URLs  used  in  the  test  was  representative  of  current  threats  on  the  Internet.  Care  was  taken  not  to   overweight  any  one  domain  to  represent  more  than  10%  of  the  test  set;  sites  were  pruned  once  this  limit  was   reached.     Blocking  Phishing  URLs   NSS  Labs  assessed  the  browsers’  ability  to  block  malicious  URLs  as  quickly  as  they  were  discovered  on  the  Internet.   Engineers  continued  testing  them  every  six  hours  to  determine  how  long  it  took  a  vendor  to  add  protection,  if  they   did  at  all.     Average  Time  To  Block  Phishing  URLs     The  following  histogram  shows  how  long  it  took  the  browsers  to  block  a  threat  once  it  was  introduced  into  the  test   cycle.  Cumulative  protection  rates  are  listed  at  the  time  of  introduction,  the  “zero  hour,”  through  the  end  of  the   test.  Final  protection  scores  for  the  URL  test  duration  are  summarized  under  the  “Total”  column.  The  initial   protection  from  phishing  sites  ranged  from  53.2%  (Chrome  21)  to  79.2%  (Firefox  15.)     100% 90% 80% 70% Coverage 60% 50% 40% 30% 20% 10% 0% 0-hr 1d 2d 3d 4d 5d 6d 7d Total Firefox 15 79.2% 86.1% 88.2% 88.6% 88.6% 88.7% 88.7% 88.7% 88.7% Safari 5 76.9% 85.6% 88.4% 89.2% 89.3% 90.9% 91.0% 91.3% 91.4% Internet Explorer 10 55.9% 83.2% 86.3% 86.7% 86.8% 86.8% 86.8% 86.8% 86.8% Chrome 21 53.2% 83.5% 86.2% 87.4% 87.4% 87.5% 87.5% 87.5% 87.5%   Figure  2  -­‐  Phishing  URL  Response  Histogram   Firefox  demonstrated  the  strongest  protection  for  zero  hour  phishing  attacks  at  79.2%,  adding  6.9%  during  the  first   24  hours  and  only  2.6%  over  the  rest  of  the  test.  Safari  started  strong  at  76.9%  and  had  caught  up  with  Firefox  by   the  second  day.    Internet  Explorer  and  Chrome  had  weak  starts  ranging  between  53.2%  and  55.9%.  Internet   Explorer  10  reached  its  maximum  rate  in  4  days  and  Chrome  21  required  5  days.     Longer-­‐term  blocking  of  phishing  sites  was  comparable  across  all  of  the  browsers.  Firefox,  Safari  and  Chrome  share   the  SafeBrowsing  API  and,  in  2009,  the  differences  in  protection  were  significant.  In  this  test,  the  SafeBrowsing   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     6        
  • 7. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     products  exhibited  little  difference  over  time.  However,  Firefox  and  Safari  had  a  distinct  advantage  when  blocking   zero  hour  attacks.  This  demonstrates  that  either  different  implementations  yield  different  results  or  that  Firefox   and  Safari  are  not  relying  on  the  SafeBrowsing  API  alone.     Average  Response  Time  To  Block  Phishing   This  table  answers  the  question  of  how  long  a  user  must  wait  on  average  until  a  requested  phishing  URL  is  added   to  the  block  list.  It  shows  the  average  time  to  block  a  phishing  site  once  it  was  introduced  into  the  test  set,  but  only   if  it  was  blocked  during  the  course  of  the  test.  Unblocked  sites  are  not  included,  as  there  is  no  mathematically   empirical  way  to  score  “never.”     Note  that  phishing  sites  have  an  average  life  expectancy  of  only  23  hours.     Hours   0   1   2   3   4   5   6   7   Firefox  15   2.35   Safari  5   5.38   Chrome  21   5.64   Internet  Explorer  10   6.11     Figure  3  -­‐  Average  Time  to  Block  (shorter  time  is  better)   The  mean  time  to  block  a  site  (if  it  is  blocked  at  all)  is  4.87  hours.  Firefox  15  was  significantly  faster  at  adding   protection  in  the  earliest  hours  of  a  phishing  attack  than  any  of  the  other  browsers.    Safari,  Chrome  and  Internet   Explorer  10  were  fairly  close  to  each  other  in  response  time.     Real-­‐time  Blocking  of  Phishing  URLs  Over  Time   The  metrics  for  blocking  individual  URLs  represent  just  one  perspective.  When  it  comes  to  daily  usage  scenarios,   users  are  visiting  a  wide  range  of  sites  that  may  change  quickly.  At  any  given  time,  the  available  set  of  phishing   URLs  is  evolving,  and  continuing  to  block  these  sites  is  a  key  criterion  for  effectiveness.  NSS  Labs  tested  a  set  of  live   URLs  every  six  hours.  The  graph  below  shows  protection  at  each  of  the  37  incremental  tests  of  over  a  period  of  10   days  and  each  score  represents  protection  at  a  given  point  in  time.  The  mean  protection  rate  over  time  for  all   browsers  was  46%  in  2009,  and  now  approaches  92%.     ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     7        
  • 8. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     100%   90%   80%   70%   Safari  5   Block  Rate   60%   Chrome  21   50%   Internet  Explorer  10   40%   30%   Firefox  15   20%   10%   0%     Figure  4  -­‐  Phishing  Protection  Over  Time     Note  that  the  protection  percentage  will  deviate  from  the  unique  URL  results  for  several  reasons.  First,  this  data   includes  multiple  tests  of  a  URL,  so  if  it  is  blocked  early  on,  it  will  improve  the  score.  If  it  continues  to  be  missed,   however,  it  will  detract  from  the  score.    Results  of  individual  URL  tests  were  compounded  over  time.     SafeBrowsing  Analysis   Chrome   21,   Firefox  15   and   Safari   5   all  use   the   Google  SafeBrowsing  API.  In  2009,   NSS  Labs’   testing  revealed   wide-­‐ranging  results  in  the   effectiveness  of  phishing  URL  blocking.   I n   2 009,   t he   w orst   b rowser   h ad   a   2 %   b lock   rate   a nd   t he   b est   8 3%.   I n   2 012,   t he   g aps   h ave   b een   e ffectively   c losed   a nd   p rotection   l evels   a re   extremely   c lose.   100%   90%   80%   70%   Safari  5   Catch  Rate   60%   50%   Chrome  21   40%   Firefox  15   30%   20%   10%   0%     Figure  5  -­‐  Phishing  Protection  Over  Time  –  SafeBrowsing  Products   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     8        
  • 9. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Conclusion   Web  browsers  are  in  a  unique  position  to  combat  phishing  and  other  criminal  activities  by  warning  potential   victims  that  they  are  about  to  stray  onto  a  malicious  website.  Since  phishing  sites  have  an  average  lifespan  of  only   23  hours  it  is  essential  that  the  site  is  discovered,  validated,  classified,  and  added  to  the  reputation  system  as   quickly  as  possible.    This  explains  the  correlation  between  average-­‐time-­‐to-­‐block  and  catch-­‐rate.    A  good   reputation  system  must  be  both  accurate  and  fast  in  order  to  realize  high  catch  rates.    Browser  developers  clearly   understand  this  relationship  and  now  block  substantially  more  phishing  sites  in  the  first  24  hours  of  detection  than   they  did  after  5  days  in  2009.     Early  detection  of  phishing  sites  is  very  important,  but  should  not  be  given  undue  weight.  The  majority  of  standard   phishing  attacks  (not  spearphishing)  are  not  relevant  to  the  recipients.  For  example,  if  an  HSBC  customer  receives  a   Bank  of  America  phish  the  earliest  possible  detection  does  not  afford  greater  protection  across  the  board.       Google  Chrome’s  overall  block  rate  of  94%  was  2.25%  above  the  average,  which,  with  a  2%  margin  of  error,  means   that  there  is  very  little  difference  between  the  overall  ability  of  the  tested  browsers  to  block  phishing  URLs.       Looking  back  to  2009  when  the  best  browser  blocked  83%  and  the  worst  a  mere  2%,  it  is  obvious  that  all  of  the   tested  vendors  have  made  significant  strides  in  their  abilities  to  block  phishing  attacks.    Going  forward,  the   challenge  will  be  to  bring  down  the  response  time,  especially  for  targeted  brands  with  the  largest  consumer  bases.       The  dangers  associated  with  socially  engineered  malware  and  drive-­‐by  downloads  are  significant  enough  that  the   security  capabilities  of  a  browser  protection  against  these  threats  should  be  considered  a  more  critical  component   of  the  selection  criteria.  The  NSS  Labs  Browser  Security  Comparative  Analysis:  Socially  Engineered  Malware   provides  essential  information  with  respect  to  the  ability  of  browsers  to  block  socially  engineered  malware  attacks.     ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     9        
  • 10. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Appendix  A:  Test  Environment   NSS  Labs  has  created  a  complex  test  environment  and  methodology  to  assess  the  protective  capabilities  of   Internet  browsers  under  the  most  real-­‐world  conditions  possible,  while  also  maintaining  control  and  verification  of   the  procedures.  For  this  browser  security  test,  NSS  Labs  created  a  unique  “Live  Testing™”  harness  in  order  to   duplicate  user  experiences  under  real  world  conditions.  158,635  individual  tests  (URL  lookups)  were  performed   over  a  period  of  10  days  (37  discrete  test  runs).         ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     10        
  • 11. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Client  Host  Description   All  tested  browser  software  was  installed  on  identical  virtual  machines,  with  the  following  specifications:   • Microsoft  Windows  8   •        4GB  RAM   •        60GB  HD   Browser   machines   were   tested   prior   to   and   during   the   test   to   ensure   proper   functioning.   Browsers   were   given   full   access  to  the  Internet  so  they  could  visit  the  actual  live  sites.   The  Tested  Browsers   The  browsers  under  test  were  obtained  independently  by  NSS  Labs.  Generally  available  software  releases  were   used  in  all  cases,  except  for  Internet  Explorer  10.  Each  product  was  updated  to  the  most  current  version  available   at  the  time  testing  began.    The  following  is  a  current  list  of  the  web  browsers  that  were  tested:   •        Apple  Safari  5   •        Google  Chrome  21   •        Microsoft  Internet  Explorer  10   •        Mozilla  Firefox  15   Once  testing  began,  the  product  version  was  frozen  in  order  to  preserve  the  integrity  of  the  test.    This  test  relied   upon  Internet  access  for  the  reputation  systems  and  access  to  live  content.     Network  Description   The  browsers  were  tested  for  their  ability  to  protect  the  client  in  “connected”  use  cases.  Thus,  the  tests  consider   and  analyze  the  effectiveness  of  browser  protection  in  NSS  Labs’  real-­‐world,  Live  Testing  harness.   The  host  system  has  one  network  interface  card  (NIC)  and  is  connected  to  the  network  via  a  1Gb  switch  port.  For   the  purposes  of  this  test,  NSS  Labs  utilized  up  to  32  desktop  systems  each  running  a  web  browser  –  eight  each  per   web  browser  (four  browser  types).  Results  were  recorded  into  a  MySQL  database.         ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     11        
  • 12. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Appendix  B:  General  Test  Procedures   The  purpose  of  the  test  is  to  determine  how  well  the  tested  web  browsers  protect  users  from  phishing  threats  on   the  Internet  today.  A  key  aspect  is  the  timing.  Given  the  rapid  rate  and  aggressiveness  with  which  criminals   propagate  and  manipulate  phishing  URLs,  a  key  objective  is  to  ensure  that  the  “freshest”  sites  possible  are   included  in  the  test.     NSS  Labs  has  developed  a  unique  proprietary  “Live  Testing™”  harness  and  methodology.  On  an  ongoing  basis,  NSS   Labs  collects  web-­‐based  threats  from  a  variety  of  sources,  including  partners  and  its  own  servers.  Potential  threats   are  vetted  algorithmically  before  being  inserted  into  the  test  queue.  Threats  are  being  inserted  and  vetted   continually  24x7.  Note:  unique  to  this  procedure  is  that  NSS  Labs  validates  the  samples  before  and  after  the  test.   Actual  testing  of  the  threats  occurs  every  two  hours  and  starts  with  validation  of  the  site’s  existence  and   conformance  to  the  test  definition.     All  tests  are  executed  in  a  highly  controlled  manner,  and  results  are  meticulously  recorded  and  archived  at  each   interval  of  the  test.   Test  Duration   This  NSS  Labs’  browser  test  is  performed  continuously  (24x7)  for  10  days.  Throughout  the  duration  of  the  test,  new   URLs  are  added  as  they  are  discovered.   Test  Frequency   Over  the  course  of  the  test,  each  URL  is  run  through  the  test  harness  every  six  hours.  Regardless  of  success  or   failure,  the  “victim  machine”  in  the  test  harness  will  attempt  to  browse  to  the  phishing  site  for  the  duration  of  the   test.     Collect New Suspicious Malicous Sites from Sources Pre-Filter, Validate, Results Collected & Prune & Archive Archived Sites Test Clients Visit Sites & Record Distribute to Test Clients Block/Allow   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     12        
  • 13. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Samples  Sets  For  Phishing  URLs   Freshness  of  phishing  sites  is  a  key  attribute  of  this  type  of  test.  In  order  to  utilize  the  freshest  most  representative   URLs,  NSS  Labs  receives  a  broad  range  of  samples  from  a  multiple  sources.   Sources   NSS  Labs  operates  its  own  network  of  spam  traps  and  honeypots.  These  email  accounts  with  high-­‐  volume  traffic   yield  thousands  of  unique  emails  and  URLs  per  day.  NSS  Labs  maintains  a  growing  archive  of  phishing  and   malicious  URLs  and  other  malware.  This  archive  contains  multiple  gigabytes  of  confirmed  samples.  Although  only   phishing  URLs  are  used  in  this  test,  some  phishing  URLs  may  also  contain  malware  and  exploits.  In  addition,  NSS   Labs  maintains  relationships  with  other  independent  security  researchers,  networks,  and  security  companies  that   provide  access  to  URLs  and  malicious  content.  Sample  sets  contain  phishing  URLs  distributed  via  spam,  social   networks,  and  other  websites.  Every  effort  is  made  to  consider  submissions  that  reflect  a  real-­‐world  distribution  of   phishing,  categorically,  geographically,  and  by  platform.       In  addition,  NSS  maintains  a  collection  of  “clean  URLs”  that  includes  such  sites  as  Yahoo,  Amazon,  Microsoft,   Google,  NSS  Labs,  major  banks,  etc.  Periodically,  clean  URLs  are  run  through  the  system  to  verify  browsers  are  not   over-­‐blocking.   Catalog  URLs   New  sites  are  added  to  the  URL  consideration  set  as  soon  as  possible  following  initial  discovery.  The  date  and  time   each  sample  is  introduced  is  noted.  Most  sources  are  automatically  and  immediately  inserted,  while  some   methods  require  manual  handling  and  can  be  processed  in  under  30  minutes.  All  items  in  the  consideration  set  are   cataloged  with  a  unique  NSS  Labs  ID,  regardless  of  their  validity.  This  enables  NSS  Labs  engineers  to  track   effectiveness  of  sample  sources.   Confirm  Sample  Presence  of  URLs   Time  is  of  the  essence,  since  the  objective  is  to  test  the  effectiveness  against  the  ‘freshest’  possible  phishing  sites.   Given  the  nature  of  the  feeds  and  the  rate  of  change,  it  is  not  possible  to  validate  each  site  in  depth  before  the   test,  since  the  site  could  quickly  disappear.  However,  each  of  the  test  items  is  given  an  initial  review  to  verify  it   meets  the  basic  criteria  and  is  accessible  on  the  live  Internet.   In  order  to  be  included  in  the  execution  set,  URLs  must  be  live  during  the  test  iteration.  At  the  beginning  of  each   test  iteration,  the  availability  of  the  URL  is  confirmed  by  ensuring  that  the  site  can  be  reached  and  is  active  (e.g.  a   non-­‐404  web  page  is  returned.)   This  validation  occurs  within  minutes  of  receiving  the  samples.    Note:  These  classifications  are  further  validated   after  the  test,  and  URLs  are  reclassified  and/or  removed  accordingly.   Archive  Active  URL  Content   The  active  URL  content  is  downloaded  and  saved  to  an  archive  server  with  a  unique  NSS  ID  number.  This  enables   NSS  Labs  to  preserve  the  URL  content  for  control  and  validation  purposes.   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     13        
  • 14. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Visit  Each  URL   A  customized  client  automation  utility  requests  each  of  the  URLs  deemed  “present”  via  each  of  the  web  browsers   in  the  test.  The  test  harness  records  whether  or  not  the  phishing  site  is  successfully  accessed,  and  if  the  attempt  to   visit  the  site  triggers  a  warning  from  the  browser’s  phishing  protection.     Scoring  &  Recoding  the  Results   The  resulting  response  is  recorded  as  either  “allowed”  or  “blocked  and  warned.”   • Success:  NSS  Labs  defines  “success”  based  upon  a  web  browser  successfully  preventing  access  to  a   phishing  URL.   • Failure:  NSS  Labs  defines  a  “failure”  based  upon  a  web  browser  failing  to  block  and  issue  a  warning.   Pruning   Throughout  the  test,  lab  engineers  review  and  prune  out  non-­‐conforming  URLs  and  content  from  the  test   execution  set.  For  example,  a  URL  that  was  classified  initially  as  phishing  and  that  has  subsequently  been  replaced   by  the  web  host  with  a  generic  splash  page  will  be  removed  from  the  test.   If  a  URL  sample  becomes  unavailable  during  the  course  of  the  test,  the  sample  is  removed  from  the  test  collection   for  that  iteration.  NSS  Labs  continually  verifies  each  sample’s  presence  (availability  to  access)  and  adds/removes   each  sample  from  the  test  set  accordingly.  Should  a  phishing  sample  be  unavailable  for  a  test  iteration  and  then   become  available  again  for  a  subsequent  iteration,  it  will  be  added  back  into  the  test  collection.  Unavailable   samples  are  not  included  in  calculations  of  success  or  failure  by  a  web  browser.   Post-­‐Test  Validation     Post-­‐test  validation  enables  NSS  Labs  to  reclassify  and  even  remove  samples  which  were  either  not  malicious  or   not  available  before  the  test  started.  NSS  Labs  performs  both  automated  and  manual  validation  of  suspected   phishing  sites.    At  the  end  of  this  process,  there  were  2,291  URLs  that  were  live  and  valid  at  the  time  of  testing  and   are  now  part  of  this  report.  The  targeted  brands  are  in  the  table  below.     ABN-­‐AMRO   ABSA   AhliUnitedBank   Alibaba   Alipay   Allegro   AlliedDirect   Amazon   AmBankGroup   AOL   ASB   BancoAVVillas   BancoAzteca   BancoBOD   BancoDeEspana   BancoDelaNacion   BancoDeVenezuela   BancoFalabella   Bancopichincha   BankOfBrazil   BankOfchina   BankWest   Barclays   Battle.Log   Battle.net   BienvenuedansAccesD   BMO   BOA   Bradesco   BT   Cadastro   CapitalBank   CapitecBank   CartaSi   CenturyLink   Chase   ChinaBank   ChinaConstructionBank   CIBC   Cielo   CIMB   Co-­‐Operativebank   CommonwealthBank   DBA   DiamondBank   Ebay   Email   Facebook   FirstOnline   GlobalMail   GlobalSources   Gmail   ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     14        
  • 15. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Halifax   HelpDesk   HiperCard   HomeBank   HongLeong   Hotmail   HSBC   ICBC   ING   InternalRevenueService   IRS   Itau   Kiwi   LaBanquePostale   LibertyReserve   Linkedin   Lloyds   MailBox   MasterCard   MayBank   MBNA   MicrosoftAccount   NAB   NatWest   Nets   Nordea   Outlook   PaEbay   Paypal   PNC   Popular   Posteitaliane   postepay   QNB   QuickQuid   RAKBank   RBC   Regions   ReMax   RuneScape   Santander   SFR   Sicredi   Skype   Smiles   St.george   Steam   Suntrust   TAM   TDCanadaTrust   TradeMe   TSB   TSBBank   USAA   Vadofone   Verizon   Very   VISA   Vodafone   WebMail   Wellsfargo   Westpac   WindowSecurity   WindowsSecurity   Yahoo             ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     15        
  • 16. NSS  Labs   Browser  Security  Comparative  Analysis  –  Phishing  Protection     Contact  Information   NSS  Labs,  Inc.   6207  Bee  Caves  Road,  Suite  350   Austin,  TX  78746  USA   +1  (512)  961-­‐5300   info@nsslabs.com   www.nsslabs.com       This  and  other  related  documents  available  at:  www.nsslabs.com.  To  receive  a  licensed  copy  or  report  misuse,   please  contact  NSS  Labs  at  +1  (512)  961-­‐5300  or  sales@nsslabs.com.     ©  2012  NSS  Labs,  Inc.  All  rights  reserved.  No  part  of  this  publication  may  be  reproduced,  photocopied,  stored  on  a  retrieval     system,  or  transmitted  without  the  express  written  consent  of  the  authors.       Please  note  that  access  to  or  use  of  this  report  is  conditioned  on  the  following:     1.    The  information  in  this  report  is  subject  to  change  by  NSS  Labs  without  notice.     2.    The  information  in  this  report  is  believed  by  NSS  Labs  to  be  accurate  and  reliable  at  the  time  of  publication,  but  is  not   guaranteed.  All  use  of  and  reliance  on  this  report  are  at  the  reader’s  sole  risk.  NSS  Labs  is  not  liable  or  responsible  for  any     damages,  losses,  or  expenses  arising  from  any  error  or  omission  in  this  report.     3.    NO  WARRANTIES,  EXPRESS  OR  IMPLIED  ARE  GIVEN  BY  NSS  LABS.  ALL  IMPLIED  WARRANTIES,  INCLUDING  IMPLIED     WARRANTIES  OF  MERCHANTABILITY,  FITNESS  FOR  A  PARTICULAR  PURPOSE,  AND  NON-­‐INFRINGEMENT  ARE  DISCLAIMED  AND   EXCLUDED  BY  NSS  LABS.  IN  NO  EVENT  SHALL  NSS  LABS  BE  LIABLE  FOR  ANY  CONSEQUENTIAL,  INCIDENTAL  OR  INDIRECT     DAMAGES,  OR  FOR  ANY  LOSS  OF  PROFIT,  REVENUE,  DATA,  COMPUTER  PROGRAMS,  OR  OTHER  ASSETS,  EVEN  IF  ADVISED  OF  THE   POSSIBILITY  THEREOF.     4.    This  report  does  not  constitute  an  endorsement,  recommendation,  or  guarantee  of  any  of  the  products  (hardware  or     software)  tested  or  the  hardware  and  software  used  in  testing  the  products.  The  testing  does  not  guarantee  that  there  are  no     errors  or  defects  in  the  products  or  that  the  products  will  meet  the  reader’s  expectations,  requirements,  needs,  or   specifications,  or  that  they  will  operate  without  interruption.       5.    This  report  does  not  imply  any  endorsement,  sponsorship,  affiliation,  or  verification  by  or  with  any  organizations  mentioned     in  this  report.       6.    All  trademarks,  service  marks,  and  trade  names  used  in  this  report  are  the  trademarks,  service  marks,  and  trade  names  of   their  respective  owners.         ©  2012  NSS  Labs,  Inc.  All  rights  reserved.     16