Udostępnij za pośrednictwem


Real-World Protection With IE8’s SmartScreen Filter™

Back in March, I posted a note to the IEBlog when the pre-release version of IE8’s SmartScreen Filter had delivered its 10 millionth malware block. Today, I’m happy to report that IE8’s SmartScreen Filter has delivered more than 70 million blocks in the first four months since IE8’s official release, for a cumulative total of 80 million blocks. This data is a strong indication of the value of the protection SmartScreen provides, and of just how widespread socially-engineered malware attacks are on the web today.

While we were proud of the work that went into SmartScreen leading up to IE8’s release, we knew that it was only the beginning of our efforts. Microsoft’s commitment to Trustworthy Browsing didn’t end when we signed off on the final IE8 code-- the reputation services behind SmartScreen represent an ongoing investment that we strive to improve every day.  

Eighty million blocks is an incredible number of attacks thwarted-- each malicious download blocked helps prevent compromise of that user’s computer.  The other key numbers that I announced in March are holding strong, even with a rapidly expanding user base:

  • IE8 is delivering a malware block for approximately 1 out of 40 users every week
  • Approximately 1 of every 200 downloads is blocked as malicious

If you’re not running IE8’s SmartScreen Filter, I believe you are missing a key piece of protection to help ensure your safety on the Internet. IE8 users can ensure that SmartScreen is enabled by clicking on the toolbar's Safety button (or Safety button on the IE command bar if you're in Show Only Icons mode) and examining the SmartScreen Filter submenu. If a “Turn on SmartScreen Filter” item is present, click it to enable protection.

Malware Block Effectiveness

Heading into the launch of IE8, the engineering team commissioned an independent study of SmartScreen Filter by NSS Labs.  Our objective was to gather an accurate and independent baseline measurement of SmartScreen’s protection against socially engineered malware attacks.  That baseline, run against the IE8 Release Candidate, allows us to validate our investments in improved intelligence and technology. Since then, we’ve made major investments in malware intelligence and rapid response systems to provide an ever-increasing level of protection for users.

NSS Labs has just completed a second round of studies on socially engineered malware attacks, and I’m happy to share the results. In this latest test pass, NSS found a 12% improvement in SmartScreen’s protection levels. Here’s the data from NSS Labs on the malware block rate for major browsers:

Table, Mean Block Rate: Socially Engineered Malware

Microsoft’s reputation services team has other significant investments staged to launch in the next quarter, so I expect even better results in the near future.

Phishing Block Effectiveness

We’ve spent quite a bit of time talking about the socially engineered malware threat because it is currently the biggest problem users face.  However, phishing remains a prevalent and important threat to users as well.  We’re continuously making improvements to our data sources and intelligence systems that deliver phishing protection.  This continuous investment keeps IE in the market-leading position it established with the release of the Phishing Filter in IE7. Since then, Internet Explorer 7 and 8 have blocked over 125 million phishing attacks.

The newest NSS study included a test pass for phishing blocks. NSS Labs reported the following block rate for major browsers:

Table, Mean Block Rate for Phishing

You can view the full NSS study at https://nsslabs.com/browser-security.

I hope that the internal data I’ve shared today and the results of the NSS testing are a clear indicator of our commitment to Trustworthy Browsing, and our ongoing execution against that promise.

Thanks,
-Eric Lawrence

Comments

  • Anonymous
    January 01, 2003
    Google is hard at work with Chrome 3.0 and Chrome 4.0. http://googlechromereleases.blogspot.com/2009/08/dev-channel-update_17.html Mozilla is working on Firefox(Namoroka) 3.6 and 3.7 pre-alpha. Microsoft is busy FUDing and EEE(Embrace, Extend, Extinguish) with sponsored lies together with NSS and Amy Barzdukas can't count if she has to come up with "interesting math".

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    good information,good post. <a href="http://www.domainbargaindeal.com/">domain names for sale</a>

  • Anonymous
    January 01, 2003
    I observed the graph and its true... The IE is leading on its way.. As what I am using right now..

  • Anonymous
    January 01, 2003
    That smartfilter has done nothing good for me.

  • Anonymous
    August 13, 2009
    Kudos to IE 8 Team! Awesome job. :) I I am exclusively using IE8 on my Win 7 machine. One thing I would like to suggest is that since the Time To Live for Socially Engineered Malware is very low, it  would be prudent to improve the Average Response Time To Block Malware in IE.

  • Anonymous
    August 13, 2009
    Please don't take screenshots when you have FuzzyType[TM] enabled in Windows or IE. Just viewing the pictures hurts my eyes. More importantly do NOT scale images in HTML. We all know that it ruins images.

  • Anonymous
    August 13, 2009
    @dont, ClearType you mean? I love it, and I use it even in Windows XP (which by the way I detest, I prefer Windows Vista or Windows 7 :D), and it's great to see it by default in Office 2007 and IE7 & IE8 ;) Anyway, really great job IE team! It's nice to see this results, but for some reasons I like Firefox as well, and I'll keep both of them in my machine ;)

  • Anonymous
    August 13, 2009
    The comment has been removed

  • Anonymous
    August 13, 2009
    @Punk: No, that's not what the competitive shows at all. Read the report. They're not comparing their 205M blocks to the competitor's number of blocks. That study doesn't try to determine which users try to download what-- it objectively compares, for a given set of attacks, which browsers block those attacks and which do not.

  • Anonymous
    August 13, 2009
    What is "socially engineered malware"?

  • Anonymous
    August 13, 2009
    The comment has been removed

  • Anonymous
    August 13, 2009
    @paf you visit a dangerous site hostsing a malware => SmartScreen filter will block it for you.

  • Anonymous
    August 13, 2009
    So "socially engineered malware" is basically phishing, which all browsers protect against? Why use a different term? That's just silly.

  • Anonymous
    August 13, 2009
    The comment has been removed

  • Anonymous
    August 14, 2009
    No, socially engineered malware is not phishing, although they are both "social engineering" attacks that rely on tricking the user. Phishing email: "Hi, I'm your bank. Please type your secret info into this page." Socially-Engineered malware site: "Hi. This is a cool game/screensaver/program. Download and install it. We promise you'll like it." As the first chart in the report shows, IE8 is very effective at blocking socially-engineered malware. Other browsers are much less effective at blocking malware than they are at blocking phishing sites.

  • Anonymous
    August 14, 2009
    Dear Sir, IE 7/8 on Vista/Windows 2008 will dead when opening below page: http://www.jazan.org/vb/showthread.php?t=146570 http://www.aldair.net/forum/showthread.php?t=81162 but it works with IE 7/8 on Windows Xp, Firfox and Google Chrome It seems that IE on Vista can not process large block of text in web page. If I save the pages and remove some text then open it in IE, it will works. How to get IE works with above pages? thanks, William

  • Anonymous
    August 14, 2009
    The comment has been removed

  • Anonymous
    August 14, 2009
    @Oliver: No need to be an MS Fanboy here.  We all have issues with Microsoft's lack of transparency and this is just one more case. Did Firefox invent tabs? no. but they did make the first browser to compete directly against IE with a great addon infrastructure, and tabs, and security, and ease of use... and stole a big chunk of market share from IE.  Better yet then now have a browser that not only IS much better than IE, but is actually preferred over IE by almost all that try it out. My Mom doesn't understand much about the InterWeb but she knows what a JavaScript error is.  She doesn't have a clue what JScript is - and thats good - because it doesn't matter. When we talk about JavaScript, we all know what we are talking about. Calling it JScript just confuses people unless you are specifically talking about how IE doesn't support things properly.

  • Anonymous
    August 14, 2009
    Microsoft paid NSS to do this study, you can't take it for whats it worth, obviously NSS will pad up the results so it looks good for MS. In the real world, try surfing with IE and see if you don't get nailed by various malware. As long as ActiveX is in IE, it's easy pickings.

  • Anonymous
    August 14, 2009
    Paid: Go troll elsewhere. You don't understand what you're talking about.

  • Anonymous
    August 14, 2009
    @William: Your page works fine for me in IE8. Do you have an addon which crawls the page (e.g. Skype) installed?  If so, that might explain the hang on your computer.  Please see http://www.enhanceie.com/ie/troubleshoot.asp#crash for more troubleshooting info. @Evan: Describing "socially engineered malware" as "socially engineered malware" does not reflect any lack of transparency. As noted previously, this is different than phishing and thus is rightly distinguished from phishing.

  • Anonymous
    August 14, 2009
    @Evan : I'm not a MS fanboy, I just don't like when people invent stuff just because "it's cool to bash Microsoft". You're very right, this blog and others Microsoft's blogs show Microsoft's lack of transparency... You can't say Firefox is a good browser : it's slow, it's full of memory leaks (well 3.6 may be better, we'll see when it's get final). Even the Mozilla guys admit it and they have a lot of stupid ideas to make their browser "feel faster" (not "faster", just "feeling faster"...). They even want to preload stuff when the OS load, so they'll say "Firefox loads very fast", and later they'll bash "look how slow Windows is"... And it's coming directly from Mozilla wiki : https://wiki.mozilla.org/Perceived_Performance My parents don't care about javascript errors, they just don't see them. I don't understand why normal users should care about this errors. And IE doesn't support javascript/jscript properly ? Yes, as if others browsers didn't have their own problems too (ex : JSON.stringify() : Firefox doesn't properly encode characters while IE encodes everything as required).

  • Anonymous
    August 14, 2009
    Fred, IE fanboi much? You obviously don't even know what you're talking about.

  • Anonymous
    August 14, 2009
    Internet Explorer 8 is working very fine on my new computer. IE8 is the number one browser for me.

  • Anonymous
    August 14, 2009
    Look at this text from the study, a failure is not an INSTALLED malware but a DOWNLOADED malware. My browser is not an AntiVirus, and it's better like this. 5.5.1 SCORING & RECORDING THE RESULTS The resulting response is recorded as either “Allowed” or “Blocked and Warned.” • Success: NSS Labs defines “success” based upon a web browser successfully preventing malware from being downloaded, and correctly issuing a warning. • Failure: NSS Labs defines a “failure” based upon a web browser failing to prevent the malware from being downloaded and failing to issue a warning.

  • Anonymous
    August 14, 2009
    The NSS Labs report is exposed right here: http://www.thetechherald.com/article.php/200912/3268/Can-you-trust-the-NSS-Labs-report-touting-the-benefits-of-IE8 Lying much, Microsoft?

  • Anonymous
    August 14, 2009
    The comment has been removed

  • Anonymous
    August 14, 2009
    So yes. Another dishonest NSS Labs report. Remember how they were busted last time? Their claims were blown out of the water. For example, they claimed that Opera updated itself, BUT OPERA 9 DOES NOT HAVE AUTOMATIC UPDATES, that's only in version 10! NSS Labs were caught red-handed manipulating statistics and lying. Obviously Microsoft is going to continue to pay NSS Labs to lie for them. Pathetic.

  • Anonymous
    August 14, 2009
    @Olivier Wow, shill much?

You can't say Firefox is a good browser :

it's slow, it's full of memory leaks (well

3.6 may be better, we'll see when it's get

final).

Firefox is faster than IE at everything.

They even want to preload stuff when the OS

load, so they'll say "Firefox loads very

fast", and later they'll bash "look how slow

Windows is"...

Wait, so you are saying that they want to do the same thing IE does, namely preloading with Windows? Why are you whining that Mozilla wants to do it when Microsoft is doing it already with IE? Pathetic.

My parents don't care about javascript

errors, they just don't see them. I don't

understand why normal users should care

about this errors.

Who said they should?

  • Anonymous
    August 14, 2009
    @Snapx2: Rules for comments are here: http://blogs.msdn.com/ie/archive/2004/07/22/191629.aspx @Wuuuuuuut: I'm not sure what "My browser is not an AntiVirus, and it's better like this" means? Viruses and malware are different things. The point of a browser-based anti-malware feature is to prevent the user from downloading malware, which is obviously one of the best ways to prevent installation of malware. The TechHerald site complains that the testing only accounts for the protections provided by the browser, and not by plugins that a small percentage of users may choose to find and install. The fact that the NSS Labs test design was to test the browser and not other products was in no way unclear or ambiguous in the reporting results. The results show that, by default, IE8 users have the best protection with "no assembly required."

  • Anonymous
    August 14, 2009
    The comment has been removed

  • Anonymous
    August 14, 2009
    The comment has been removed

  • Anonymous
    August 14, 2009
    Also valuable information for companies who by definition do not want their employees to surf to possible malware attack sites.

  • Anonymous
    August 14, 2009
    @Wuuuut: I haven't read the article your link is pointing to, but I can tell you by first hand experience that EricLaw is right: a layered protection is the best way to prevent infection. Go to any serious security forum and many people will agree with me. As I said in my previous post, I've been testing a lot of malware lately (I can't share the links for security reasons, google for info if you're interested) and sometimes the malware is so new (or when it's a rogue, adware, etc.) that no antivirus can detect it. That's when a layered defense comes handy. In my own tests, IE's Smartscreen managed to block quite a lot of malicious downloads, whereas, Firefox and other browsers only warned me about the malicious websites but didn't block the actual downloads; so if I had executed the downloaded files, my pc would have got infected.

  • Anonymous
    August 14, 2009
    @heh : nope, the only slowness in IE8, is when you have lots of "dangerous" websites configured by Spybot. IE7 was fast. Firefox takes a long time to start and sometimes it slow down its rendering without apparent reasons (and it's not a network problem because I use Firefox only on my local server). Since when IE is preloaded at Windows startup ? Regarding your last question, I was answering Evan... so why do you ask ?

  • Anonymous
    August 14, 2009
    @phil @eric on the blog linked to by Wuuuut, it is revealed that you have the same IP,which means you may be the same person under two names. @hAl As was repeatedly pointed out, this evaluation only tests blocked websites. It does NOT show the total amount of protection from all different methods of infection, specificaly browser exploits. IE8 might be better at blocking downloads, but it isn't like that at everything.

  • Anonymous
    August 14, 2009
    I trust this report, and I'm an happy user with IE8. From Ars Technica: Rick Moy, president of NSS Labs, sent us a follow-up e-mail to tell us that it was Microsoft's online security engineering team (not marketing) that hired NSS Labs to do recurring benchmark testing so they could improve their services. Only once Microsoft's security engineering team saw the results did it send the details over to the marketing department. In terms of sponsorship of the reports, "this stuff is expensive to do right, and we need to monetize it somehow," Moy told Ars. "We invited Google, Mozilla, Apple, Opera to participate, but they didn’t even bother to respond, except for Opera, which stated they “don’t really focus on malware." http://arstechnica.com/microsoft/news/2009/08/microsoft-sponsors-two-nss-reports-ie8-is-the-most-secure.ars

  • Anonymous
    August 14, 2009
    @EricLaw [MSFT] "The point of a browser-based anti-malware feature is to prevent the user from downloading malware" So, anti-phishing. And it just so "happens" that the liars at NSS Labs who have been caught lying for Microsoft in the past are supporting Microsoft again...

  • Anonymous
    August 14, 2009
    @Kai "Apple made the Sunspider javascript benchmark, so the same logic can be applied in this case, yet many people use it to assess a browser's javascript performance." Indeed. SunSpider is as dishonest and disgusting as the dishonest NSS Labs report.

  • Anonymous
    August 14, 2009
    @hAl "Your link goes to a blogger who thinks that test with 500 unique kind of malware attacks are not statistically usefull to show browser security." Never mind the fact that the chosen examples are advantageous to Microsoft. No, Microsoft never paid off anyone at all! Disgusting.

  • Anonymous
    August 14, 2009
    "I trust this report, and I'm an happy user with IE8." You are a disgusting Microsoft shill. NSS Labs have been exposed as dishonest liars a long time ago.

  • Anonymous
    August 14, 2009
    Wow this blog is really getting more and more infantile. The fact that Microsoft is trying to do something to protect users does not seem like a bad thing to me. In order to judge effectiveness companies have reports commissioned. Before everyone calls me an MS fan boy, I have been more often critical on this blog. It just seems people wait for a new post to come out and then try to slam it.

  • Anonymous
    August 14, 2009
    @waki "Indeed. SunSpider is as dishonest and disgusting as the dishonest NSS Labs report." Yet few people question the relevance of the Sunspider benchmark's results. On the other hand, loads of people quickly said that this report was biased by pointing out that the NSS report was sponsored by Microsoft. @Rapid Capid: Microsoft is not paying me to write anything (but I wish they did ;)). "In my tests, IE didn't catch sh*t." OK, that's very possible, it depends on the tests you run. But I wasn't telling lies. I found a frequently updated malware list on Google with links and descriptions. And I can tell you that after testing quite a lot of samples with Virustotal, I found out that AVs failed to detect a lot of rogues (fake AVs) and adware. Firefox is good at blocking malicious websites but mostly it doesn't block the direct downloads. That's why having some kind of filter that blocks malicious downloads (i.e. Smartscreen) is useful. "Yeah, more Microsoft shilling. Pathetic." Lol. May I call you radom [Google, Apple - insert MS competitor] engineer?

  • Anonymous
    August 14, 2009
    The comment has been removed

  • Anonymous
    August 14, 2009
    why for gosh sakes can't this web team work towards the digital photographer and allow ie8/vista windows7 to be color managed? the break in icc v2 to v4 is a start but it goes beyond that with todays wide gamut monitors which along with a standard sRGB gamut monitor still don't show our photos properly via this browser...being a fan of ms products and ie in particular it makes it sickening to know the only way around it is to use firefox? come on ie team stop patting your selfs on the bac k and get with it already.

  • Anonymous
    August 14, 2009
    The comment has been removed

  • Anonymous
    August 14, 2009
    IE8 with Protected Mode on Vista/7 is the safest and most satisfying way to surf the internet. I won't touch Firefox with a ten-foot pole until they support Protected Mode and improve their horrible UI.

  • Anonymous
    August 14, 2009
    The comment has been removed

  • Anonymous
    August 14, 2009
    The comment has been removed

  • Anonymous
    August 15, 2009
    The comment has been removed

  • Anonymous
    August 15, 2009
    The comment has been removed

  • Anonymous
    August 15, 2009
    @ Friday, August 14, 2009 3:09 PM by fari Friday, August 14, 2009 3:10 PM by waki Friday, August 14, 2009 3:11 PM by fipa Friday, August 14, 2009 3:13 PM by Rapid Capid Friday, August 14, 2009 3:14 PM by liar liar Friday, August 14, 2009 3:16 PM by LIARS Friday, August 14, 2009 3:18 PM by NSS Labs Wow, you must really be a sad person to come to MS blogs and use 7 (or more) aliases to diss IE. Mayby you should go to the cola newsgroup and join the rest the sad gits there.

  • Anonymous
    August 15, 2009
    @Mitch 74 As I also read the study I saw they added sites to the testing automatically (from a net work of honeypots and spam traps) without validating them pre-test which is likely to cause testing of irellevant url (not containing malware) which were subsequently removed removed in post test validation.

  • Anonymous
    August 15, 2009
    The comment has been removed

  • Anonymous
    August 15, 2009
    Folks, just a reminder that the rules for comments are here: http://blogs.msdn.com/ie/archive/2004/07/22/191629.aspx Two things specifically prohibited are offensive language and misrepresenting your identity. Thanks!

  • Anonymous
    August 15, 2009
    Mitch 74: You're welcome to express your own opinions, but please do not make inaccurate claims about what the "MSIE team" believes. Thanks.

  • Anonymous
    August 15, 2009
    kage, the comments on the blog post you point to are five months old.

  • Anonymous
    August 15, 2009
    @Josh Firefox has both "Extensions" and "Plug-ins". The non-open sourced stuff you're talking about are plug-ins. Plug-ins are not available from the Firefox add-on site, and they therefore don't go over the same testing and review as extensions. Also, the vulnerability in question is from a malware that drops into Firefox's folder by other means. It doesn't mean that it comes from an extension that was on Firefox's add-on site. The review claim is on the submission page I think, yes. It surely is on the tutorials page though. See https://developer.mozilla.org/en/Submitting_an_add-on_to_AMO I can't comment on how well the reviewers are doing (you may be right that they could miss a malware when they see it), but extensions are actually pretty sand-boxed, and for the stuff that's still sensitive, yet allowed (e.g. file writing)... the reviewers seem to be doing fine.

  • Anonymous
    August 15, 2009
    @ boen_robot You are correct in the distinction between extension and plugin and it was sloppy of me to not illustrate that my last paragraph was a logical break from the preceeding.  My point, not well made, was to segue into why malware blocking was important, and that a browser's own track record for patching vulnerabilities was not sufficient protection, however I can clearly see how the two thoughts would seem connected. However, you are incorrect in the assertion that the "vulnerability in question is from malware that drops into firefox's folder by other means".  Per the linked article, the vulnerable EXTENSION was hosted on the mozilla site:   "Earlier this year, a more severe incident took place when the Vietnamese Language Pack hosted at Mozilla’s official list was infected with malware.".   Just because Mozilla hosts a file, that in no way is testimony to the safety of using the file and it would be dangerous for people to assume as such.  I suspect highly popular extensions are very well vetted - in the community in general there is a lot of vetting of something like noscript or firebug - but for a lot of the lesser used extensions (like, say, a vietnamese language pack) it isn't much more safe than any other random file on the internet.

  • Anonymous
    August 15, 2009
    The comment has been removed

  • Anonymous
    August 15, 2009
    The comment has been removed

  • Anonymous
    August 15, 2009
    The comment has been removed

  • Anonymous
    August 15, 2009
    Firefox has such an ugly UI compared to IE8 that it seems they are 50 years behind.

  • Anonymous
    August 16, 2009
    @Derek - Are you serious? Firefox has an ugly UI? compared to IE8? You must be joking! The Firefox UI is CONSISTENT.  IE8 is far from that in every aspect. The command bar doesn't follow the windows cascading menu standard since it flows to the left, not the right. Then menu dropdowns in IE8 do not contain icons except for the favorites. There is no history menu item The address bar is absolutely pathetic compared to Firefox.  Where's the favicons? you know.. the thing that IE created, made popular was adopted by every other browser and then IE decides to throw usability out the window and drop support for them? Dropping them was the worst UI design decision ever. The toolbars in IE are hard to move around - the search bar doesn't stretch, the tabs are ugly and the add/remove command tools dialog is straight out of 1995. The use of 3 or 4 different X icons for stop/delete actions in the IE UI is massively inconsistent. The lists go on and on.  IE8 is the worse case of inconsistent UI i've seen in any program of the last 5 years. If I was a UI developer working at Microsoft I would certainly not put the IE8 UI on my resume.

  • Anonymous
    August 16, 2009
    @not derek* Have you actually tried IE8 RTM? You can move the command bar on a another row if you really want it from the left. Personally, I like it better on the right. A lot of the dropdowns, or at least the dropdowns from the command bar do have icons. Icons are missing on the menu bar though, yes. There is a "History" menu item. From the favorites panel (the one activated by a button), or from the menu bar at "View" > "Explorer Toolbars" (or something similar... I use a localized IE8 build, so I'm just "reverse translating") > "History". It's a pity that favicons are missing from typing in the address bar, yes, though personally, I don't miss them that much. Other than that, I find the IE8 address bar just as good (if not better) than FF3.5's. What's so hard about moving the toolbars around? Yes, there are some limitations with what you can do with them (and the reason for this is "support desk"-ability, so to speak), but the things you can do, you can do easily. And the search bar IS stretchable. Not movable, yes, but it IS stretchable. Whether the tabs are ugly or not is subjective (I find them prettier than Firefox's). And the add/remove command tools dialog is indeed old, yes. Perhaps "support desk"-ability again, or simply a lack of time to touch up on it. The different X icons I guess are exactly in order to differentiate between stop, delete and other types of actions, so that the icon could instantly tell you what are you doing. Speaking of which, where do you see the 4th X icon? I see three (Stop, deletion at the address bar, Work Offline), but I dont' see a 4th.

  • Commenters on this blog keep amazing me with their ingenuity about nicknames, which is really funny when you consider the "Title" field is still there if you feel expressive.

  • Anonymous
    August 16, 2009
    It's really not clear what you've measured here. Maybe you could actually patch the known security holes instead of making up some new stuff that creates a pretty graph.

  • Anonymous
    August 16, 2009
    The comment has been removed

  • Anonymous
    August 16, 2009
    Had Accelerators been developed by any other browser other than IE, it would have been the greatest innovation since web.

  • Anonymous
    August 16, 2009
    Had Accelerators been developed by any other browser other than IE, it would have been termed as the greatest innovation since web.

  • Anonymous
    August 16, 2009
    Until today I didn't want to use IE8, because I wanted to see what sort of problems people would get into. But until now no big problems where reported and after seeing these figures I'm going to install IE8.

  • Anonymous
    August 16, 2009
    @Mike Nice straw men: ""The fact that Microsoft is trying to do something to protect users does not seem like a bad thing to me." This is GOOD. Yes. "In order to judge effectiveness companies have reports commissioned." This is BAD. Not reports in themselves, but paying people to create dishonest and misleading reports like this one. http://www.thetechherald.com/article.php/200912/3268/Can-you-trust-the-NSS-Labs-report-touting-the-benefits-of-IE8

  • Anonymous
    August 16, 2009
    @Josh: "the fact that IE is above the competion in this regard" Blatant lie. A dishonest paid-for report is NOT a fact. The previous report was exposed here: http://www.thetechherald.com/article.php/200912/3268/Can-you-trust-the-NSS-Labs-report-touting-the-benefits-of-IE8

  • Anonymous
    August 16, 2009
    "Kai" wrote "Yet few people question the relevance of the Sunspider benchmark's results." So that makes it OK to swallow Microsoft's advertising without thinking?

  • Anonymous
    August 16, 2009
    The comment has been removed

  • Anonymous
    August 17, 2009
    Again, Microsoft achieves greatness! I upgraded to IE8 on all my computers the day it came out and I couldn't be happier. I thought the accelerators and web slices were great, but knowing that IE8 tops the malware protection charts makes it that much better.

  • Anonymous
    August 17, 2009
    The comment has been removed

  • Anonymous
    August 17, 2009
    The comment has been removed

  • Anonymous
    August 17, 2009
    @techbiz: What do you mean by "blocked"?  What specifically happens? What is the exact text of any error messages you see?

  • Anonymous
    August 17, 2009
    @EricLaw:  The page opens with a blank space where the code embeds the player.  Beneath the tabs, the security icon appears with the statement: "To help protect your security, Internet Explorer has restricted this webpage from running scripts or ActiveX controls that could access your computer.  Click here for options..." Selecting "Allow blocked content..." from the drop-down menu causes the player to appear properly embedded in the page. FYI.  I have four pages on my site that contain different embedded videos, and all pages behave the same.  Going into the browser settings and allowing ActiveX causes the pages to properly launch, but doing that on MY browser is of little comfort.  I have no control over the settings of all those people out there who LAUNCH my webpage and are scared away believing my page just attempted to breach their security.  My webpage is being blackballed because Mircosoft chooses to block its own media player from launching on its own browser.

  • Anonymous
    August 17, 2009
    @Techbiz: That doesn't happen on the URL you provided, and will not happen with default IE settings (except when viewing copies of these pages on your local computer).  If you see this behavior on the public Internet site, click Tools / Internet Options / Security / Reset all zones to default settings.

  • Anonymous
    August 17, 2009
    @EricLaw Hi Eric, I did as what you said:

  1. Upgrade to Vista Service Pack 2
  2. clicking START | RUN and typing: iexplore.exe -extoff, also close Skype, MSN etc.
  3. Open the url in IE 8 : http://www.jazan.org/vb/showthread.php?t=146570 IE still dead! Note: I use Vista not XP, there is no problem with XP. You said you can open the URL, did you use XP+IE8? Thanks! William
  • Anonymous
    August 17, 2009
    The comment has been removed

  • Anonymous
    August 17, 2009
    The comment has been removed

  • Anonymous
    August 17, 2009
    Hi. Was the report sponsored by Microsoft or not? It is not clear in the report itself, I just want to be sure.

  • Anonymous
    August 18, 2009
    With the emergence of social media I think there has been a whole new type of threat created to internet users. The funny thing is we are only on the nose end of things.

  • Anonymous
    August 18, 2009
    How about less blogging about the stuff you've done in IE8 and get on with IE9? Firefox has released 3 and 3.5 since IE8 has been in beta till now. I don't see MS making the same effort to keep up.

  • Anonymous
    August 18, 2009
    @ErikLaw: You obviously missed the entire point.  As the webmaster for vbatech.com, I cannot be sitting next to everyone on the internet, advising them how to change IE settings so that an embedded Microsoft Media Player will run when they launch my webpage.

  • Anonymous
    August 18, 2009
    @techbiz: I think you misunderstand. Users with default settings don't see a "To help protect your security" prompt. However, if a user has reconfigured their browser to show that prompt, why do you think IE would allow your website to override that reconfiguration?

  • Anonymous
    August 18, 2009
    The comment has been removed

  • Anonymous
    August 19, 2009
    Is there a VPC image available with IE6 on XP SP2? I have an app that has a display issue that appears in IE6 on XP SP2, but it displays normally on SP3 (only SP3 is available at http://www.microsoft.com/Downloads/details.aspx?FamilyID=21eabb90-958f-4b64-b5f1-73d0a413c8ef&displaylang=en ).

  • Anonymous
    August 19, 2009
    @Will Peavy - What is the display issue? there shouldn't be any rendering differences between those to versions. As for having to support IE6 on WinXP SP2 I truly feel sorry for you.  I wouldn't wish that pain on anyone not even my worst enemy.

  • Anonymous
    August 19, 2009
    @Mitch, no one said "techbiz" was dreaming. I explicitly stated that users visiting the URL provided would not see that prompt, as it only appears when "when viewing copies of these pages on your local computer."   The "Mark of the Web" is the mechanism used to push a page from the LMZL zone to the Internet Zone, and it's been available for just over 5 years now. Learn more over on MSDN.

  • Anonymous
    August 19, 2009
    Sorry for the off-topic comment, but I was hoping to bring to the attention of the IE team this easy and concise repro case for a stack-overflow bug that occurs in the IE8 native JSON parser, but not in json2.js, or in the native parsers for Firefox or Chrome. http://stackoverflow.com/questions/1288962/ie8-native-json-parse-bug-causes-stack-overflow

  • Anonymous
    August 19, 2009
    @EricLaw: yes, you did say so; but then, please understand that not all developers are aware of IE's 'zones' and what goes in each of them; even worse, in that case the local file system is not part of the zones that can be set up in Internet Properties - so, there is a lack of visual clues. For example, developers that work in Firefox + Firebug to then merely test under IE have a good chance of not knowing anything about that; for us (I might consider switching the day IE is available on UNIX platforms again), if it works in Firefox, then in Opera, then in Chrome, then in Safari, and goes boom in IE, well, it's an IE "bug". Please note that I understand the reason behind 'zones', I also understand that this is not a bug, but geez, is it confusing! In short, asking for a developer to go and read MSDN looking for an answer to 'why is the WMP control blocked when I load this dumb-rse static HTML file that I wrote in Notepad and saved to desktop?' would require: 1- knowing about Zones in IE (quite common, but still not a given) 2- knowing that the local file system is not the same as localhost (it would be a reasonable assumption)... 3- ...but part of a completely blocked zone which does not appear in the Internet settings panel (a bit more involved). A visual clue (such as a pop-up balloon on the status bar where the current zone is displayed) describing the zone's properties and current security settings ('the Internet: all documents that belong to a subnet different from your own; [v}+' or 'Intranet: all documents on our computer's subnet; [v}-' or even 'local file system: all scripts and applets are always disabled; [X}') would be really helpful.

  • Anonymous
    August 19, 2009
    @Joel: Thanks for the report; the scripting team is looking into the JSON issue.

  • Anonymous
    August 19, 2009
    @EricLaw / @Mitch 74 - I'd like to add my 2 cents to this conversation too. There needs to be an addon for IE that shows what mode/zone/etc. a page is in when viewing it WITHOUT opening the dev toolbar. Ideally it would enable changes at the same time. Its been said many times many ways.... developing in IE is a major pain and thus why everyone develops in Firefox, Chrome or Safari.

  • Anonymous
    August 19, 2009
    @EricLaw See my above comment, Any solution to avoid IE dead on http://www.jazan.org/vb/showthread.php?t=146570 etc? We need use IE to browse these pages everyday. Thanks! William

  • Anonymous
    August 19, 2009
    The comment has been removed

  • Anonymous
    August 19, 2009
    @Ericlaw The hanging page effect on javan.org reproduces 100% in IE8 op a Vista Home basic (NL) laptop and it also does if I go there with the "-extoff" switch. Nothing visibly loads (the tab stays empty or a previous page stays in view) I will send you a fiddler2 sessions file and a sysinternals procmon file as well.

  • Anonymous
    August 19, 2009
    @EricLaw - the "solid" set of tools a keystroke [F12] away doesn't cut it. When I view a local page in Firefox, Chrome or Safari I see it EXACTLY as I would on a production server (without needing to touch a thing) [ZERO steps] Note that this is something a developer checks 50-100 times a day. Loading the same file in IE8 - Woah! You are loading a page riddled with unsecure ActiveX Warning Bar! [Step 1] move the mouse up to the bar because there is no keyboard shortcut. [Step 2] click the bar. [Step 3] move the mouse to the ignore option (again no keyboard shortcut). [Step 4] click the ignore option. [Step 5] A new security window popped up move mouse over to it or press Tab to set focus on Yes button. [Step 6] click Yes button or press Enter. OK, so 6 steps later I can actually view and interact with the page... almost Since IE8 has 3 rendering modes - which one am I in? The broken page icon has been removed from this view so I can't just visually look and see what mode I'm in. Now like most developers I just need to verify what mode I'm in.  The rest of the IE dev tools I don't care about - if I want useful dev tools I'll go back to Firefox/Firebug or Chrome. Since all I care about is the mode and there is no option in IE to display it I wrote a bookmarklet that displays a quick overlay for me indicating the mode. (I'll rant another time about how insanely hard it is to add bookmarklets in IE) But for the sake of this discussion, lets say that the user presses [F12] to get the dev tools up, and again to make it go away. Alright, time for some quick math. 50-100 page checks a day 6 + 2 steps per page load ============================ 400-800 steps per day to test pages in IE8 versus [0] (ABSOLUTELY NONE) in Firefox or Chrome or Safari etc. That is simply NOT ACCEPTABLE for a developer that needs to Get Things Done! Lets not forget that that is only IE8! There are 3 other IE browsers that need to be checked! 1.) IE8 running in IE7 Compatability mode 2.) IE7 3.) IE6 The mode checking steps aren't required for these 3 but the other 6 steps to dismiss the ActiveX attack warning bar are. so, more math: 50-100 page checks a day 6 steps per page load 3 browsers to test ============================ 300-600 * 3 = 900-1800 So in summary, to properly test JUST THE SIMPLE LOADING of 50-100 pages a day in Firefox, Chrome or Safari takes: [Zero Steps] ============================= To properly test JUST THE SIMPLE LOADING of 50-100 pages a day in IE (6,7,8) takes: [1,300 to 2,600 Steps]!!!!! ============================= 0:2,600 is quite the ratio! I haven't even done any interaction, inspection, debugging yet and already IE has proven to be a nightmare to test against. There are several reasons why developers do not develop in IE.  This is just one of them.   A Severe Barrier to Entry. I can't wait until IE9 throws new obstacles in the way. I think 4 rendering modes would be just awesome. How about 3 different JavaScript engines instead of the ~pseudo 2 we have now in IE8. Can you lock up the toolbars some more too there's still a little bit of flexibility in there. Please also add another second to the load time for new Tabs - mine are not slow enough yet. - Ugh! I get so angry just thinking about how much developing in IE just !@#$%^ me off.

  • Anonymous
    August 20, 2009
    Wow, Mark, it sounds like either you're not really a professional developer, or you haven't spent any amount of time trying to make life easier on yourself. If you don't develop against a local webserver (really???), you can turn off the Lockdown for the Local Zone using the checkbox in IE's Advanced Options. No more info bar. (Oh, and the hotkey for the info bar is ALT+N, by the way.) enhanceie's bookmarklet was published over a year ago, so I'm not sure why you needed to write your own. But more troubling is the idea that you don't simply have the dev tools showing all of the time. If it's a screenspace issue and you're really stuck on a single monitor, I'd suggest that maybe you should go work for someone that will provide you with a developer-class computer.

  • Anonymous
    August 20, 2009
    The comment has been removed

  • Anonymous
    August 20, 2009
    Nelson, thanks for identifying yourself as a prima donna developer. It makes it easy to distinguish your rants from the concerns of actual working developers, who just want to get their jobs done and are much happier with the IE8 dev tools. (btw, rant about compatibility mode doesn't make any sense. If you want to turn compatibility mode for the intranet, just uncheck the checkbox. If you do want compatibility mode, then quit pretending like you build standards-compliant sites)

  • Anonymous
    August 20, 2009
    The comment has been removed

  • Anonymous
    August 20, 2009
    Microsoft, Internet Explorer and security all go together like rice and beans.  This study proves what we've always known:  No browser is more secure than Internet Explorer and no company is more committed to online security than Microsoft.  Congrats to all involved.  Microsoft's reputation would not be what it is without you.

  • Anonymous
    August 20, 2009
    @Brad - OMG! you are the one acting like a prima donna developer! have you even read your replies? @I luv IE - are you applying for a job at microsoft or something? That is the most obvious MS-fan-boy comment I've ever seen! Not only is it completely wrong it is hilarious that you think anyone will read it as anything but a joke.

  • Anonymous
    August 20, 2009
    The comment has been removed

  • Anonymous
    August 20, 2009
    @Nelson, "I'm a professional web developer (12years now) and you couldn't pay me to develop in IE I would turn down 250k USD/yr if I had to develop in IE." I guess you don't need to feed your family then, considering over 50% of internet users are using IE. @Juan, "@Brad - OMG! you are the one acting like a prima donna developer! have you even read your replies?" Clearly, the prima donna developer is the one who wouldn't develop for IE (that the majority of people uses) for 250k USD/yr. I wouldn't call someone a real working web developer if he/she doesn't check his/her websites in IE. Actually you'll hardly find a work if you don't make sure your sites work for IE, even the Mozilla, Apple and Opera websites make it sure they work in IE.

  • Anonymous
    August 20, 2009
    C# is the best programming language ever. PHP su*** big time.

  • Anonymous
    August 20, 2009
    The comment has been removed

  • Anonymous
    August 21, 2009
    Mitch: "bringing down Windows Explorer when IE crashes is Not Good" -- Agreed, but I haven't seen that happen since Windows 98. If you do, you must have a buggy plugin, because Explorer doesn't even host the browser anymore. A buggy plugin would also nicely explain why you crash on load as well.

  • Anonymous
    August 21, 2009
    So if IE is now safe, could the team next work on the Perf? I would like to suggest a soliciting post where people could send comments about particularly slow pages. In particular I find scrolling with zoom set to 115% range from bad to nigh unusable with short pauses depending on the page contents. In small way this can even be seen in some MS's own marketing sites which run noticeably better with Opera. Adding some perf & system detail recording&reporting button option into current IE, way before it's too late take in major changes to IE9 code might also be helpful as it's so much harder to get the perf data into some manually submitted report after the fact.

  • Anonymous
    August 21, 2009
    No plugin, not even Java nor .Net: this machine is almost as bare as you can get. It's an up to date Windows XP sp3 with IE 8 and all latest fixes installed, and a light antivirus (AVG Free). All drivers are those provided by Microsoft (old test machine) in SP3. Themes, network sharing and a few other unused services were disabled. It crashed last month.

  • Anonymous
    August 21, 2009
    @Mitch74: Did you manually disable the AVG browser add-on? When you look in Manage Add-ons, are ALL add-ons marked as disabled? If you encounter a crash, I can analyze it further if you send me the Watson ID # from your system event log, or send me a .dmp file (generated by WinDBG). @drd: Performance of IE (and popular add-ons) remains an area of strong interest for the IE team.

  • Anonymous
    August 21, 2009
    I have tried the new IE8 and I must say, that the IE8 is much more better than IE7.

  • Anonymous
    August 21, 2009
    @EricLaw: I'll try and crash IE again, no problem ^^

  • Anonymous
    August 23, 2009
    @ I luv IE yeah you're right! IE rocks...

  • Anonymous
    August 23, 2009
    I develop in Firefox - period. As for testing in IE - of course I have to since many users haven't upgraded to Firefox or Chrome yet. However the idea of developing in IE?! OMG you've got to be kidding me! Never would I dream of doing that. Wev Developer since Netscape 2.0 (so yeah, I think I know a thing or two about the best tools out there.) Jill

  • Anonymous
    August 23, 2009
    I allways use Firefox. Because ther is much esyer to handel. A simple ie, and i will use it.

  • Anonymous
    August 23, 2009
    The comment has been removed

  • Anonymous
    August 23, 2009
    OK I read the comments yesterday and there was a comment near the end that had 2 links on how to use a Google toolkit to get SVG to work in IE. Since MSFT has failed to deliver native SVG support in IE7 and IE8 and has made no promise to deliver it in IE9 why on earth was the comment removed? Is MSFT seriously concerned that Google's toolkit will cause them some sort of competition?  I doubt there is an issue here as Google is not forcing users to ditch IE but rather embrace IE users and improve their experience by adding support for features that the IE Team left out. I didn't realize that "SVG" was a dirty word on this blog.  Oops! I guess I'm going to have this comment filtered out because I mentioned the "SVG" word. Doh! did it again!

  • Anonymous
    August 23, 2009
    Now that IE is ready for basic users. When do you plan to support standards for normal users and developers ?

  • Anonymous
    August 24, 2009
    I am thinking of leaving the webdevelopment business because of the levels of frustration I run into developing for your browser.

  • Anonymous
    August 24, 2009
    The comment has been removed

  • Anonymous
    August 24, 2009
    @EricLaw Have you found out anything on the hang of IE8 on the javan.org page as reported before ?

  • Anonymous
    August 24, 2009
    @whats up: Comments which violate the comment policy (http://blogs.msdn.com/ie/archive/2004/07/22/191629.aspx) are removed. You're free to discuss SVG all you like, so long as your comments do not violate policy.

  • Anonymous
    August 24, 2009
    @hAL: running without addons, done. No change. I got a remarkable speed boost by using a card with 2D acceleration: IE is now as fast with accelerated 2D (UI, page scrolling, page content scrolling) as Firefox 3.5 was when running under VESA. But then, Firefox 3.5 with accelerated 2D became sleek and fluid. Ah man... Missed again. Considering that Firefox's UI is drawn through the same gecko engine that is used to render web pages (meaning, the whole UI is made using interpreted languages, and these aren't even using the JIT optimizations that are in use for pages) whie IE 8 is C++ compiled into machine code, there's quite a strangeness happening here: interpreted code is supposed to be much more CPU-intensive and, thus, slow on slower machines than native machine code.

  • Anonymous
    August 24, 2009
    The comment has been removed

  • Anonymous
    August 24, 2009
    The comment has been removed

  • Anonymous
    August 24, 2009
    @rey: Technically, file extensions really have no meaning in URIs; you cannot reliably look at a given URI and determine what it will return.  For instance, a .PHP page can return a PDF, a EXE, a HTML page, or an image. There is no bug where IE will run a downloaded executable "without telling you." If you click a link that leads to an executable file download, SmartScreen will evaluate it and you will receive the standard "Do you want to download this file" security prompt, indicating that you are downloading an executable file.

  • Anonymous
    August 24, 2009
    The comment has been removed

  • Anonymous
    August 25, 2009
    The comment has been removed

  • Anonymous
    August 25, 2009
    @Daniel: SmartScreen is optimized to require very little network traffic; it uses small XML requests and responses (<1k per check). When the SmartScreen webservice isn't reachable, notification is provided in the status bar/download dialog. Communication with the URL Reputation Service is done via HTTPS, and hence infected machines on the network will be unable to emulate the legitimate responses from the server.

  • Anonymous
    August 25, 2009
    The comment has been removed

  • Anonymous
    August 25, 2009
    @Rey, Drumm: one solution, don't use Adobe Reader. Foxit Reader does have a plugin, and is much lighter. And it really seems not to have an exploit waiting every dozen lines of code either, like Reader. It, at least, is updated and fixed much faster.

  • Anonymous
    August 25, 2009
    "Success: NSS Labs defines “success” based upon a web browser successfully preventing malware from being downloaded, and correctly issuing a warning." IE8 issues a warning to everything, but I don't see how that qualifies as real-life security for unsophisticated users. Does anyone here even know a user that was ever stopped from downloading malware by an "Are you sure?"?

  • Anonymous
    August 26, 2009
    The comment has been removed

  • Anonymous
    August 26, 2009
    The comment has been removed

  • Anonymous
    August 26, 2009
    The comment has been removed

  • Anonymous
    August 26, 2009
    The comment has been removed

  • Anonymous
    August 26, 2009
    The comment has been removed

  • Anonymous
    August 26, 2009
    @Matt - it's who's responsibility?  If it did work, now doesn't after an MS update, who's issue is that exactly?  QA anyone?  Testing?

  • Anonymous
    August 26, 2009
    The comment has been removed

  • Anonymous
    August 26, 2009
    Matt: It's MSs responsibility not to block an entire sub-domain because of some web sites.  There can be genuine sites on there also.

  • Anonymous
    August 26, 2009
    Phil: So you're saying that phishers and malware authors should be allowed to trivially bypass Smartscreen using wildcard-hostnames? I prefer the safer browsing experience where domains that don't prevent hosting of malware are blocked, thanks.

  • Anonymous
    August 26, 2009
    The comment has been removed

  • Anonymous
    August 26, 2009
    The comment has been removed

  • Anonymous
    August 26, 2009
    The comment has been removed

  • Anonymous
    August 26, 2009
    The comment has been removed

  • Anonymous
    August 26, 2009
    @ Jure, "IE8 issues a warning to everything, but I don't see how that qualifies as real-life security for unsophisticated users. Does anyone here even know a user that was ever stopped from downloading malware by an "Are you sure?"?" It's not about the "Are you sure" toolbar that pops up all the time when downloading files, which I do think is very annoying and next to useless. This article is about the SmartScreen filter, which means when you goes to a site hosting some malicious code, the whole page goes red and displays "This page has been reported unsafe", which blocks the user from accessing the web site itself, not just the downloads.

  • Anonymous
    August 26, 2009
    @ Phil, The thing is, web pages from the same sub-domain are generally considered from the same website, and the whole site is blocked when some pages on it are found to host malicious code. That's how ALL current content blocking mechanism functions, including Chrome, Firefox, McAfee SiteAdvisor, Outpost Firewall, etc. etc. So far content blocking is all site-based, not page-based, and I've seen Google Chromium at one time blocking the entire 163.com site (163.com is one of the largest general portal sites in China) just because its software hosting site has an adware download, that sub-domains like mail.163, news.163, etc. etc. are all blocked. Later when it's unblocked, the whole site including the page that has the adware download is unblocked.

  • Anonymous
    August 26, 2009
    @ Phil, The thing is, web pages from the same domain are generally considered as pages from the same website, and the whole site is blocked when some pages on it are found to host malicious code. That's how ALL current anti-malware content blocking mechanism functions, including Chrome, Firefox, McAfee SiteAdvisor, Outpost Firewall, etc. etc. So far anti-malware content blocking is currently all site-based, not page-based, and I've seen Google Chromium at one time blocking the entire 163.com site (163.com is one of the largest general portal sites in China) just because its software hosting site has an adware download, that sub-domains like mail.163, news.163, etc. etc. are all blocked. Later when it's unblocked, the whole site including the page that has the adware download is unblocked.

  • Anonymous
    August 27, 2009
    @ericlaw, mitch74, drumm Well, I'm not sure if was Adobe or Windows itself (not IE per se), but either way I think they have probably both fixed it because I can't reproduce it on a PC with both fully up to date.  Sorry for my pointless question.