Browser Security CAR 2013 - Phishing Protection

8kCWSLk SLCUkI1 CCMAkA1IVL ANALSIS
h|sh|ng rotect|on

2013 - kandy Abrams, Cr|ando 8arrera, Iayendra athak

1esLed vendors
Apple, Coogle, MlcrosofL, Mozllla, Cpera

Cvervlew
1he mosL common and effecLlve securlLy LhreaLs faclng users Loday are soclally englneered malware and phlshlng
aLLacks. As such, Lhey have been Lhe focus durlng conLlnued research and LesLlng by nSS Labs of Lhe securlLy
effecLlveness of browsers. Whlle drlve-by downloads and cllck[acklng are also effecLlve aLLacks LhaL have achleved
noLable publlclLy, Lhey represenL a smaller percenLage of Loday's LhreaLs. urlve-by downloads are commonly Lhe
resulL of successful phlshlng aLLacks, and cllck[acklng aLLacks ofLen lead Lo phlshlng web pages.
uurlng March 2013, nSS performed a comprehenslve LesL of web browser phlshlng proLecLlon agalnsL Lhe nSS
lblsbloq ltotectloo 1est MetboJoloqy v2.0. 1hls reporL ls based upon emplrlcally valldaLed evldence gaLhered by
nSS durlng 12 days of conLlnuous LesLlng. 1esLlng was performed every 6 hours for a LoLal of 43 dlscreLe LesL runs,
addlng fresh new phlshlng u8Ls wlLh each lLeraLlon. Lach producL was updaLed Lo Lhe mosL currenL verslon
avallable aL Lhe Llme LhaL LesLlng began and each producL was glven access Lo Lhe llve lnLerneL.
noLe: 1hls LesL was performed alongslde a slmllar LesL of soclally englneered malware (see 2012 8towset 5ecotlty
compototlve Aoolysls. 5oclolly oqloeeteJ Molwote (cAk).)
1he average phlshlng u8L caLch raLe for browsers over Lhe enLlre 12-day LesL perlod ranged from 96 percenL for
llrefox (verslon 19) Lo 83 percenL for lnLerneL Lxplorer (lL) (verslon 10). Compared Lo Lhe 2012 8towset 5ecotlty
compototlve Aoolysls lblsbloq ltotectloo, llrefox and Safarl have lmproved by 6 percenL and 4 percenL
respecLlvely. Chrome's proLecLlon dropped by 2 percenL and lnLerneL Lxplorer's fell by 9 percenL. Cpera was noL
lncluded ln Lhe 2012 CA8. SlgnlflcanL flucLuaLlons do occur and comparlsons beLween pasL LesLs and Lhls LesL
hlghllghL why a hlsLorlcal analysls of LesLs ls lmporLanL ln assesslng Lhe long-Lerm quallLy of securlLy producLs.

nSS Labs 8rowser SecurlLy ComparaLlve Analysls - hlshlng roLecLlon

201J N55 lobs, loc. All tlqbts tesetveJ. 2

I|gure 1 - Mean 8|ock kate
Chrome, llrefox and Safarl all use Coogle's Safe 8rowslng Al, and all scored wlLhln 4 percenL of each oLher.
revlously, Lhese producLs also had a 4 percenL spread, however, Chrome and llrefox swapped relaLlve poslLlons ln
effecLlveness ln Lhls round of LesLlng. lnLerneL Lxplorer uses MlcrosofL's SmarLScreen Lechnology for boLh malware
and phlshlng proLecLlon. Cpera uses a comblnaLlon of blackllsLs from neLcrafL
1
and hlsh1ank,
2
as well as a
malware blackllsL from 18uS1e.
3
Cpera's approach was compeLlLlve wlLh Coogle's 5ofe btowsloq All, wlLh Cpera
scorlng [usL 3 percenL below Chrome. 1he relaLlvely poor showlng by lnLerneL Lxplorer was a surprlse glven resulLs
ln prevlous LesLs. 1hls may prove of concern should fuLure LesLlng demonsLraLe a Lrend ln decreased proLecLlon.
1he 13 percenL spread ln proLecLlon scores ls slgnlflcanL conslderlng Lhe spread was [usL 4 percenL across all
producLs ln Lhe lasL LesL. WlLh an approxlmaLe margln of error of 2 percenL, MlcrosofL's low score ls slgnlflcanL
when compared Lo Lhe Lop Lhree performers ln Lhls LesL.
1he ablllLy Lo warn poLenLlal vlcLlms LhaL Lhey are abouL Lo sLray onLo a mallclous webslLe puLs Web browsers ln a
unlque poslLlon Lo combaL phlshlng and oLher crlmlnal acLlvlLles. Slnce phlshlng slLes have an average llfespan of
only 26 hours, lL ls essenLlal LhaL Lhe slLe ls dlscovered, valldaLed, classlfled, and added Lo Lhe repuLaLlon sysLem as
qulckly as posslble. 1hls explalns Lhe correlaLlon beLween average-Llme-Lo-block and caLch-raLe. A good repuLaLlon
sysLem musL be boLh accuraLe and fasL ln order Lo reallze hlgh caLch raLes. 8rowser developers clearly undersLand
Lhls relaLlonshlp, and subsLanLlally more phlshlng slLes are blocked ln Lhe flrsL 24 hours of deLecLlon Lhan have ever
been blocked before. Whlle Lhe average upLlme for phlshlng slLes rose from 23 hours ln Lhe flrsL half of 2012 Lo 26
hours ln Lhe second half of 2012, Lhe medlan upLlme cllmbed from 3 hours and 43 mlnuLes Lo 10 hours and 19
mlnuLes. 1he lmproved zero hour proLecLlon across Lhe board ls slgnlflcanL ln proLecLlng agalnsL Lhese LhreaLs.
Larly deLecLlon of phlshlng slLes ls very lmporLanL, buL should noL be glven undue welghL. 1he ma[orlLy of sLandard
phlshlng aLLacks (noL spearphlshlng) are noL relevanL Lo Lhe reclplenLs. lor example, lf an PS8C cusLomer recelves a
8ank of Amerlca phlsh, Lhe earllesL posslble deLecLlon does noL afford greaLer proLecLlon across Lhe board.

1
hLLp://www.neLcrafL.com/
2
hLLp://www.phlshLank.com/
3
hLLp://www.LrusLe.com/
83
89
92
93
96
0 10 20 30 40 30 60 70 80 90 100
lnLerneL Lxplorer 10
Cpera 12
Chrome 23
Safarl 3
llrefox 19

Whlle llrefox and Safarl ouLperformed Lhe browsers under LesL, phlshlng proLecLlon ls only one measure of
browser securlLy. Chrome's superlor proLecLlon agalnsL soclally englneered malware makes a sLrong case for
Chrome over llrefox and Safarl. 1he superlor performance of lnLerneL Lxplorer over Chrome ln soclally englneered
malware proLecLlon compensaLes for Lhe lower Lhan expecLed phlshlng proLecLlon observed ln Lhls LesL. 1he
dangers assoclaLed wlLh soclally englneered malware and drlve-by downloads are slgnlflcanL enough LhaL Lhe
securlLy capablllLles of a browser proLecLlon agalnsL Lhese LhreaLs should be consldered a more crlLlcal componenL
of Lhe selecLlon crlLerla. 1he nSS 201J 8towset 5ecotlty compototlve Aoolysls. 5oclolly oqloeeteJ Molwote
provldes essenLlal lnformaLlon wlLh respecL Lo Lhe ablllLy of browsers Lo block soclally englneered malware aLLacks.
ln Lhe prevlous browser phlshlng proLecLlon comparaLlve lL was noLed LhaL Colng forward, Lhe challenge wlll be Lo
brlng down Lhe response Llme" and Lhls LesL shows slgnlflcanL lmprovemenL ln LhaL area. 1he browser vendors are
sLeadlly lmprovlng Lhelr producLs, and Lhe onus wlll be on lndusLry coallLlons Lo keep flnd ways Lo keep Lhe average
phlshlng slLe upLlme down.

nSS Labs llndlngs
Cverall response Llmes have lmproved dramaLlcally across Lhe board.
hlshlng proLecLlon ls only one securlLy aLLrlbuLe of a browser. Soclally englneered malware blocklng
capablllLles musL be facLored lnLo an assessmenL of overall browser securlLy.
1he Llme requlred Lo add proLecLlon for new phlshlng slLes ls an lmporLanL facLor, and zero hour proLecLlon
raLes can vary by as much as 20 percenL.
1he browsers uslng Coogle's Safe 8rowslng Al averaged 94 percenL, an lncrease from lasL year's 91.7 percenL
for Lhe same producLs.
1he mean phlshlng block raLe among Lhe LesLed browsers ls 90.1 percenL, a decrease from lasL year's average
of almosL 2 percenL.

nSS Labs 8ecommendaLlons
LnLerprlses should:
use currenL verslons of web browsers Lo lncrease proLecLlon agalnsL phlshlng aLLacks.
Conslder a browser's average Llme Lo block aLLacks when selecLlng a browser.
AugmenL browser proLecLlon wlLh educaLlon Lo proLecL agalnsL Lhe aLLacks LhaL do bypass Lhe browsers.
lnclude ln Lhe browser selecLlon crlLerla Lhe ablllLy Lo block soclally englneered malware.
lncrease securlLy awareness. Cood [udgmenL remalns Lhe besL defense agalnsL soclal englneerlng aLLacks.
!"#$ &'&()$* +,#-. /&$ 0,1234-2 &$ 0&,* 1. 566 7&+$8 #'2-0-'2-'* *-$*#'9 #'.1,:&*#1' $-,;#4-$< 7-&2#'9 ;-'21,$
/-,- #';#*-2 *1 0&,*#4#0&*- .3(() &* '1 41$*= &'2 566 ,-4-#;-2 '1 ;-'21, .3'2#'9 *1 0,1234- *"#$ ,-01,*<


1ab|e of Contents
1ested Vendors ....................................................................................................................... 1
Cverv|ew ................................................................................................................................ 1
NSS Labs I|nd|ngs .................................................................................................................... 3
NSS Labs kecommendat|ons ................................................................................................... 3
Ana|ys|s .................................................................................................................................. S
1he hlshlng 1hreaL ...................................................................................................................................... 3
Web 8rowser SecurlLy .................................................................................................................................. 6
1esL ComposlLlon - hlshlng u8Ls ............................................................................................................... 6
1oLal number Cf Mallclous u8Ls ln 1he 1esL ............................................................................................... 6
Average number Cf Mallclous u8Ls Added er uay .................................................................................... 6
Mlx Cf u8Ls .................................................................................................................................................. 7
8locklng hlshlng u8Ls ................................................................................................................................. 7
Average 1lme 1o 8lock hlshlng u8Ls .......................................................................................................... 7
Average 8esponse 1lme 1o 8lock hlshlng .................................................................................................. 8
8eal-1lme 8locklng Cf hlshlng u8Ls Cver 1lme .......................................................................................... 9
Safe8rowslng Analysls .................................................................................................................................. 9
Appendlx A: 1esL LnvlronmenL ................................................................................................................... 10
clleot nost uesctlptloo ............................................................................................................................ 10
1be 1esteJ 8towsets ............................................................................................................................... 10
1est Methodo|ogy ................................................................................................................. 11
kead|ng L|st .......................................................................................................................... 12
Contact Informat|on .............................................................................................................. 13

1ab|e of I|gures
llqote 1 - Meoo 8lock kote ........................................................................................................................... 2
llqote 2 - lblsbloq ukl kespoose nlstoqtom ............................................................................................... 7
llqote J - Avetoqe 1lme 1o 8lock (5bottet 1lme ls 8ettet) ........................................................................... 8
llqote 4 - lblsbloq ltotectloo Ovet 1lme ..................................................................................................... 9
llqote 5 - lblsbloq ltotectloo Ovet 1lme - 5ofe8towsloq ltoJocts ............................................................. 9


Analysls
Soclal englneerlng has long been a popular Lool for confldence LrlcksLers and oLher crlmlnals seeklng Lo decelve
people for personal galn. hlshlng ls Lhe naLural appllcaLlon of modern Lechnology Lo soclal englneerlng by Lhe
crlmlnals LhaL perpeLraLe Lhls aLLack sLraLegy. ln Lhls reporL, nSS sLudled Lhe leadlng web browsers' ablllLy Lo
proLecL agalnsL phlshlng. A companlon reporL reveals Lhe flndlngs of Lhe proLecLlon capablllLles of web browsers
agalnsL soclally englneered malware (see 201J 8towset 5ecotlty compototlve Aoolysls. 5oclolly oqloeeteJ
Molwote).
1he h|sh|ng 1hreat
"hlshlng" aLLacks are execuLed ln one of Lwo ways. LlLher an aLLacker aLLempLs Lo persuade a vlcLlm Lo provlde
personal lnformaLlon (such as credlL card deLalls, logln lnformaLlon for emall or soclal medla accounLs, or oLher
personal lnformaLlon LhaL can be used for ldenLlLy LhefL and oLher lnformaLlon-based aLLacks), or an aLLacker
aLLempLs Lo lure users lnLo lnsLalllng a mallclous appllcaLlon or lnLo navlgaLlng Lo a webslLe where mallclous
sofLware wlll be lnsLalled Lhrough Lhe explolLaLlon of vulnerable sofLware. 8oLh Lypes of phlshlng aLLacks can be
dellvered Lhrough emall, lnsLanL messages, SMS messages, and llnks on soclal neLworklng slLes.
hlshlng aLLacks have Lhe poLenLlal Lo compromlse senslLlve personal and corporaLe lnformaLlon and as such Lhey
pose a slgnlflcanL rlsk Lo lndlvlduals and organlzaLlons. ln 2012, a monLhly average of 26,673 unlque emall phlshlng
campalgns were reporLed and 32,342 unlque phlshlng webslLes deLecLed.
4
1he average number of unlque phlshlng
slLes deLecLed ln 2011 was well under 40,000 per monLh. 1he average upLlme for a phlshlng aLLack has been
sLeadlly falllng from a hlgh of 73 hours ln Lhe second half of 2010 Lo a record low of 23 hours and 10 mlnuLes ln Lhe
flrsL half of 2012.
3
1he second half of 2012 saw a sllghL lncrease ln upLlme for phlshlng aLLacks.
6
1he speed aL
whlch Lhese LhreaLs are roLaLed" Lo new locaLlons ls sLaggerlng, and lL poses a slgnlflcanL challenge Lo Lhose
aLLempLlng Lo defend agalnsL such aLLacks.
ln response Lo Lhls Lrend, securlLy vendors have developed repuLaLlon sysLems LhaL classlfy mallclous and phlshlng
u8Ls vla ln Lhe cloud servlces. As early as 2009, nSS predlcLed Lhe necesslLy of web repuLaLlons sysLem ln
combaLLlng Lhese LhreaL ln a Web browser group LesL, sLaLlng:
>?-03*&*#1' $)$*-:$ &,- (#*-,&(() *"- '-@* >+#9 *"#'9A #' 41:03*-, $-43,#*) &'2 1..-, &' &22#*#1'&( (&)-, 1.
0,1*-4*#1' *1 4(#-'* -'201#'* :&4"#'-$= /"#4" "&;- -..-4*#;-() +-41:- *"- :1+#(- 41,01,&*- 0-,#:-*-,< B1,
"1:- 3$-,$ *"#$ /&$ &(/&)$ *"- 4&$-= &'2 '1/ *"-) *11 4&' +-'-.#* .,1: #' *"- 4(132 $-,;#4-$= 3$3&(() /#*"13*
-;-' C'1/#'9 #*<A

4
hLLp://www.anLlphlshlng.org/resources/apwg-reporLs/ (aggregaLed from quarLerly reporLs)
3
hLLp://www.anLlphlshlng.org/reporLs/AWC_ClobalhlshlngSurvey_1P2012.pdf
6
hLLp://docs.apwg.org/reporLs/AWC_ClobalhlshlngSurvey_2P2012.pdf

Web 8rowser Secur|ty
1he evoluLlon of Lhe browser ls comparable Lo Lhe evoluLlon of anLl-vlrus sofLware. Where anLl-vlrus sofLware flrsL
deLecLed only self-repllcaLlng LhreaLs, Lhen 1ro[ans, and now deLecLs a myrlad of LhreaLs, browsers lnlLlally
managed annoyances llke pop-ups and cookles and Lhen were requlred Lo confronL more serlous securlLy lssues.
hlshlng webslLes are among Lhe Lop LhreaLs agalnsL whlch Lhe browser musL proLecL. 1hls reporL examlnes Lhe
ablllLles of flve dlfferenL web browsers Lo proLecL users from llve phlshlng aLLacks.
1he foundaLlon of browser phlshlng proLecLlon ls cloud-based repuLaLlon-based sysLems LhaL search Lhe lnLerneL
for mallclous webslLes and caLegorlze conLenL accordlngly, elLher by addlng Lhe slLe Lo a blackllsL or whlLellsL, or by
asslgnlng Lhe slLe a score (dependlng on Lhe vendor's approach). 1he classlflcaLlon may be performed Lhrough
manual or auLomaLlc meLhods, or by uslng a comblnaLlon of Lhe Lwo approaches. 1he second funcLlonal
componenL resldes wlLhln Lhe web browser, lL requesLs repuLaLlon lnformaLlon from Lhe cloud-based sysLems
abouL speclflc u8Ls and Lhen enforces warnlng and blocklng funcLlons.
When resulLs lndlcaLe LhaL a slLe ls bad," Lhe web browser redlrecLs Lhe user Lo a message warnlng Lhe user LhaL
Lhe u8L ls mallclous. Some programs also lnclude educaLlonal conLenL. Conversely, when a webslLe ls deLermlned
Lo be good," Lhe web browser Lakes no acLlon and Lhe user remalns unaware LhaL Lhe browser performed a
securlLy check.
1est Compos|t|on - h|sh|ng UkLs
uaLa ln Lhls reporL spans a LesLlng perlod of 12 days from March 11 Lhrough March 22, 2013. All LesLlng was
performed aL Lhe nSS LesLlng faclllLy ln AusLln, 1x. uurlng Lhe LesL, nSS englneers rouLlnely monlLored connecLlvlLy
Lo ensure LhaL Lhe browsers could access Lhe llve lnLerneL slLes belng LesLed, as well as Lhelr repuLaLlon servlces ln
Lhe cloud.
1he emphasls was on freshness, Lhus a larger number of slLes were evaluaLed Lhan were ulLlmaLely kepL as parL of
Lhe resulL seL, slnce new u8Ls were consLanLly belng added Lo Lhe LesL and dead slLes were belng removed.
1ota| Number Cf Ma||c|ous UkLs In 1he 1est
1hroughouL Lhls sLudy, 168, 462 resulLs were collecLed from 43 dlscreLe LesLs conducLed wlLhouL lnLerrupLlon over
360 hours (every 6 hours for 12 days). nSS englneers removed samples LhaL dld noL pass Lhe valldaLlon crlLerla,
lncludlng Lhose LalnLed by explolLs (noL parL of Lhls LesL.) ulLlmaLely, 3008 unlque u8Ls were lncluded ln Lhe flnal
seL of phlshlng slLes, provldlng a margln of error of 1.83 percenL wlLh a 93 percenL confldence level.
Average Number Cf Ma||c|ous UkLs Added er Day
Cn average, 231 new valldaLed u8Ls were added Lo Lhe LesL seL per day, numbers varled on some days as crlmlnal
acLlvlLy levels flucLuaLed.

M|x Cf UkLs
1he mlxLure of u8Ls used ln Lhe LesL was represenLaLlve of currenL LhreaLs on Lhe lnLerneL. Care was Laken noL Lo
overwelghL any one domaln Lo represenL more Lhan 10 percenL of Lhe LesL seL, slLes were pruned once Lhls llmlL
was reached.
8|ock|ng h|sh|ng UkLs
nSS assessed Lhe browsers' ablllLy Lo block mallclous u8Ls as qulckly as Lhey were dlscovered on Lhe lnLerneL.
Lnglneers repeaLed Lhese LesLs every slx hours Lo deLermlne how long lL Look a vendor Lo add proLecLlon, lf Lhey
dld aL all.
Average 1|me 1o 8|ock h|sh|ng UkLs
llgure 2 lllusLraLes Lhe Llme LhaL was requlred for browsers Lo block a LhreaL once lL was lnLroduced lnLo Lhe LesL
cycle. CumulaLlve proLecLlon raLes are llsLed aL Lhe Llme of lnLroducLlon, Lhe zero hour," Lhrough Lhe end of Lhe
LesL. llnal proLecLlon scores for Lhe u8L LesL duraLlon are summarlzed under Lhe 1oLal" column. 1he lnlLlal
proLecLlon from phlshlng slLes ranged from 73.3 percenL (lL 10) Lo 93.4 percenL (Safarl).

I|gure 2 - h|sh|ng UkL kesponse n|stogram
1he zero hour proLecLlon raLes showed slgnlflcanL lmprovemenL slnce Lhe lasL round of LesLlng, wlLh producLs
lmprovlng Lhls crlLlcal deLecLlon by an average of 19 percenL. 8y Lhe end of day one, all producLs ln Lhls LesL had
0-hr 1d 2d 3d 4d 5d 6d 7d Total
Firefox 93.3% 96.0% 96.3% 96.5% 96.5% 96.5% 96.6% 96.6% 96.6%
Chrome 81.5% 92.5% 92.8% 92.9% 92.9% 92.9% 93.0% 93.0% 93.1%
Opera 79.4% 90.4% 91.9% 92.2% 92.2% 92.3% 92.4% 92.4% 92.5%
Internet Explorer 10 73.3% 88.2% 88.8% 88.9% 89.1% 89.2% 89.3% 89.3% 89.3%
Safari 93.4% 95.5% 95.8% 95.9% 95.9% 95.9% 96.0% 96.0% 96.0%
70%
75%
80%
85%
90%
95%
100%
C
o
v
e
r
a
g
e


performed beLLer Lhan any producL had done ln Lhe prevlous LesL. WlLh Lhe average upLlme for phlshlng slLes
hoverlng close Lo 24 hours, Lhese meLrlcs are exLremely lmporLanL.
llrefox and Safarl conLlnued Lo lead Lhe oLher browsers ln phlshlng proLecLlon overall and ln Lhe early hours of
aLLacks. Cpera was noL lncluded ln Lhe prevlous LesL, however, Cpera performed well ln Lhls LesL and beLLer Lhan
any of Lhe browsers ln Lhe prevlous LesL aL zero hour and day 1 proLecLlon. lL10 was relaLlvely weak aL zero hour,
compeLlLlve aL day one proLecLlon, buL ulLlmaLely Lralled Lhe oLher browsers ln Lhls LesL.
Average kesponse 1|me 1o 8|ock h|sh|ng
llgure 3 reveals Lhe average lengLh of Llme LhaL a user musL walL for a requesLed phlshlng u8L Lo be added Lo a
block llsL. llgure 3 deplcLs Lhe browser's average Llme Lo block a phlshlng slLe once lL was lnLroduced lnLo Lhe LesL
seL, buL only lf Lhe phlshlng slLe was blocked durlng Lhe course of Lhe LesL. unblocked slLes are noL lncluded slnce
Lhere ls no maLhemaLlcally emplrlcal way Lo score never."
noLe LhaL phlshlng slLes ln Lhe second half of 2012 had an average llfe expecLancy of only 26 hours.

I|gure 3 - Average 1|me 1o 8|ock (Shorter 1|me Is 8etter)
1he mean Llme Lo block a slLe (lf lL ls blocked aL all) ls 1.6 hours. llrefox and Safarl were slgnlflcanLly fasLer Lhan any
of Lhe oLher browsers aL addlng proLecLlon ln Lhe earllesL hours of a phlshlng aLLack. Chrome, lL10, and Cpera
were nearly Lwlce as fasL aL blocklng new phlshlng u8LS Lhan Lhe average block Llme durlng Lhe CcLober 2012 LesL.

0.50
0.70
1.68
2.47
2.55
0.0 0.5 1.0 1.5 2.0 2.5 3.0
Safari 5
Firefox 19
Chrome 25
Opera 12
Internet Explorer 10
Hours

kea|-1|me 8|ock|ng Cf h|sh|ng UkLs Cver 1|me
1he meLrlcs for blocklng lndlvldual u8Ls represenL [usL one perspecLlve. When lL comes Lo dally usage scenarlos,
users are vlslLlng a wlde range of slLes LhaL may change qulckly. AL any glven Llme, Lhe avallable seL of phlshlng
u8Ls ls evolvlng, and a conLlnued ablllLy Lo block Lhese slLes ls a key crlLerlon for effecLlveness. nSS LesLed a seL of
llve u8Ls every slx hours. llgure 4 shows proLecLlon aL each of Lhe 43 lncremenLal LesLs over a perlod of 12 days,
and each score represenLs proLecLlon aL a glven polnL ln Llme.

I|gure 4 - h|sh|ng rotect|on Cver 1|me
noLe LhaL Lhe proLecLlon percenLage wlll devlaLe from Lhe unlque u8L resulLs for several reasons. llrsL, Lhls daLa
lncludes mulLlple LesLs of a u8L, so lf lL ls blocked early ln Lhe LesLlng cycle, lL wlll lmprove Lhe score. lf Lhe u8L
conLlnues Lo be mlssed, however, lL wlll deLracL from Lhe score. 8esulLs of lndlvldual u8L LesLs were compounded
over Llme.
Safe8rows|ng Ana|ys|s
Chrome 23, llrefox 19, and Safarl 3 all use Lhe Coogle Safe8rowslng Al. 1he mean deLecLlon raLes for Lhese
browsers are very close, however, Chrome lags behlnd llrefox and Cpera ln early proLecLlon and Lhen exhlblLs
slgnlflcanLly more erraLlc behavlor over Llme, as seen ln llgure 3.

I|gure S - h|sh|ng rotect|on Cver 1|me - Safe8rows|ng roducts
30
60
70
80
90
100
C
a
t
c
h

k
a
t
e

Safarl 3
Chrome 23
Cpera 12
lnLerneL Lxplorer 10
llrefox 19
30
60
70
80
90
100
C
a
t
c
h

k
a
t
e

Safarl 3
llrefox 19
Chrome 23

Append|x A: 1est Lnv|ronment
nSS has creaLed a complex LesL envlronmenL and meLhodology Lo assess Lhe proLecLlve capablllLles of lnLerneL
browsers under Lhe mosL real-world condlLlons posslble, whlle also malnLalnlng conLrol and verlflcaLlon of Lhe
procedures. lor Lhls browser securlLy LesL, nSS creaLed a unlque Llve 1esLlng" harness ln order Lo dupllcaLe user
experlences under real world condlLlons. 168,462 lndlvldual LesLs (u8L lookups) were performed over a perlod of
12 days (43 dlscreLe LesL runs).
C||ent nost Descr|pt|on
All LesLed browser sofLware was lnsLalled on ldenLlcal vlrLual machlnes wlLh Lhe followlng speclflcaLlons:
MlcrosofL Wlndows 8 LnLerprlse
4C8 8AM
60C8 Pu
8rowser machlnes were LesLed prlor Lo and durlng Lhe LesL Lo ensure proper funcLlonlng. 8rowsers were glven full
access Lo Lhe lnLerneL so Lhey could vlslL Lhe acLual llve slLes.
1he 1ested 8rowsers
1he browsers under LesL were obLalned lndependenLly by nSS. Cenerally avallable sofLware releases were used ln
all cases, excepL for lL 10. Lach producL was updaLed Lo Lhe mosL currenL verslon avallable aL Lhe Llme LesLlng
began. 1he followlng ls a currenL llsL of Lhe web browsers LhaL were LesLed:
Apple Safarl 3.1.7(7334.37.2)
Coogle Chrome 23.0.1364.172m
MlcrosofL lnLerneL Lxplorer 10.0.9200.16484
Mozllla llrefox 19.0.2
Cpera 12.14 bulld 1738
Cnce LesLlng began, Lhe producL verslon was frozen ln order Lo preserve Lhe lnLegrlLy of Lhe LesL. 1hls LesL relled
upon lnLerneL access for Lhe repuLaLlon sysLems and access Lo llve conLenL. Cenerally, Lhere ls a conflgurable
separaLlon beLween sofLware updaLes and daLabase or slgnaLure updaLes - Lo draw analogles from Lhe anLl-vlrus,
lS, and general sofLware pracLlces.


1esL MeLhodology
lblsbloq ltotectloo 1est MetboJoloqy v2.0" nSS Labs, uecember 2012
(hLLps://www.nsslabs.com/reporLs/phlshlng-proLecLlon-LesL-meLhodology-v20)


8eadlng LlsL
201J 8towset 5ecotlty compototlve Aoolysls. 5oclolly oqloeeteJ Molwote nSS Labs, May 2013
(hLLps://www.nsslabs.com/reporLs/2013-browser-securlLy-comparaLlve-analysls-soclally-englneered-malware)
2012 8towset 5ecotlty compototlve Aoolysls lblsbloq ltotectloo nSS Labs, november 2012
(hLLps://www.nsslabs.com/reporLs/2012-browser-securlLy-comparaLlve-analysls-phlshlng-proLecLlon
2009 OJ web 8towset Ctoop 1est. lblsbloq nSS Labs, AugusL 2009 (hLLps://www.nsslabs.com/reporLs/2009-q3-
web-browser-group-LesL-phlshlng)
2012 8towset 5ecotlty compototlve Aoolysls 5oclolly oqloeeteJ Molwote nSS Labs, CcLober 2012
hLLps://www.nsslabs.com/reporLs/2012-browser-securlLy-comparaLlve-analysls-soclally-englneered-malware


2013 nSS Labs, lnc. All rlghLs reserved. no parL of Lhls publlcaLlon may be reproduced, phoLocopled, sLored on a reLrleval
sysLem, or LransmlLLed wlLhouL Lhe express wrlLLen consenL of Lhe auLhors.
lease noLe LhaL access Lo or use of Lhls reporL ls condlLloned on Lhe followlng:
1. 1he lnformaLlon ln Lhls reporL ls sub[ecL Lo change by nSS Labs wlLhouL noLlce.
2. 1he lnformaLlon ln Lhls reporL ls belleved by nSS Labs Lo be accuraLe and rellable aL Lhe Llme of publlcaLlon, buL ls noL
guaranLeed. All use of and rellance on Lhls reporL are aL Lhe reader's sole rlsk. nSS Labs ls noL llable or responslble for any
damages, losses, or expenses arlslng from any error or omlsslon ln Lhls reporL.
3. nC WA88An1lLS, Lx8LSS C8 lMLlLu A8L ClvLn 8? nSS LA8S. ALL lMLlLu WA88An1lLS, lnCLuulnC lMLlLu
WA88An1lLS Cl ML8CPAn1A8lLl1?, ll1nLSS lC8 A A81lCuLA8 u8CSL, Anu nCn-lnl8lnCLMLn1 A8L ulSCLAlMLu Anu
LxCLuuLu 8? nSS LA8S. ln nC LvLn1 SPALL nSS LA8S 8L LlA8LL lC8 An? CCnSLCuLn1lAL, lnCluLn1AL C8 lnul8LC1
uAMACLS, C8 lC8 An? LCSS Cl 8Cll1, 8LvLnuL, uA1A, CCMu1L8 8CC8AMS, C8 C1PL8 ASSL1S, LvLn ll AuvlSLu Cl 1PL
CSSl8lLl1? 1PL8LCl.
4. 1hls reporL does noL consLlLuLe an endorsemenL, recommendaLlon, or guaranLee of any of Lhe producLs (hardware or
sofLware) LesLed or Lhe hardware and sofLware used ln LesLlng Lhe producLs. 1he LesLlng does noL guaranLee LhaL Lhere are no
errors or defecLs ln Lhe producLs or LhaL Lhe producLs wlll meeL Lhe reader's expecLaLlons, requlremenLs, needs, or
speclflcaLlons, or LhaL Lhey wlll operaLe wlLhouL lnLerrupLlon.
3. 1hls reporL does noL lmply any endorsemenL, sponsorshlp, afflllaLlon, or verlflcaLlon by or wlLh any organlzaLlons menLloned
ln Lhls reporL.
6. All Lrademarks, servlce marks, and Lrade names used ln Lhls reporL are Lhe Lrademarks, servlce marks, and Lrade names of
Lhelr respecLlve owners.
ConLacL lnformaLlon
nSS Labs, lnc.
206 Wlld 8asln 8oad
8ulldlng A, SulLe 200
AusLln, 1x 78746 uSA
+1 (312) 961-3300
lnfo[nsslabs.com
www.nsslabs.com

1hls and oLher relaLed documenLs avallable aL: www.nss|abs.com. 1o recelve a llcensed copy or reporL mlsuse,
please conLacL nSS Labs aL +1 (312) 961-3300 or sales[nsslabs.com.

Browser Security CAR 2013 - Phishing Protection

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Browser Security CAR 2013 - Phishing Protection

Enviado por

Direitos autorais:

Formatos disponíveis

8kCWSLk SLCUkI1 CCMAkA1IVL ANALSIS

Você também pode gostar