Microsoft on Browser Security - an Oxymoron

Microsoft on Browser Security - an Oxymoron

Summary: What a farce. Microsoft has put up a web page which purports to "evaluate your browser security".

SHARE:
TOPICS: Linux
9

What a farce. Microsoft has put up a web page which purports to "evaluate your browser security". In fact what it does it look at what specific browser you are using, and then take a few cheap shots at Firefox and Chrome. For an early morning laugh, I just tried it on Opera and got "We can't give you a score for your browser". Translated, that means "this don't know squat about browser security, this is not a 'security test' it is a browser identification string scan".

There is one thing about it that surprises me, though. It has a counter running which supposedly shows "Total Attacks blocked on the web by a browser using Smart Screen Technology". The counter actually has no connection to anything else, and no input from anywhere else, it is just a counter. But it surprised me, because I didn't think there was anyone at Microsoft who actually knows how to count, much less was capable of writing a program which can do something as terribly sophisticated as displaying a continuously updating counter. I'm sure there were "countless" meetings held to specify, design, implement, test and document that fantastic program!

Well done, Microsoft, you should be immensely proud of your work.

jw

Topic: Linux

J.A. Watson

About J.A. Watson

I started working with what we called "analog computers" in aircraft maintenance with the United States Air Force in 1970. After finishing military service and returning to university, I was introduced to microprocessors and machine language programming on Intel 4040 processors. After that I also worked on, operated and programmed Digital Equipment Corporation PDP-8, PDP-11 (/45 and /70) and VAX minicomputers. I was involved with the first wave of Unix-based microcomputers, in the early '80s. I have been working in software development, operation, installation and support since then.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • I had a look at this FUD yesterday. My results are (all tested on windows xp) :
    Opera 11.01 - We can't give you a score for your browser
    SeaMonkey 2.0.13 - We can't give you a score for your browser
    Konqueror 4.7.0 - We can't give you a score for your browser (are you starting to detect a theme?)
    Safari 5.0.4 - We can't give you a score for your browser
    Lynx - We can't give you a score for your browser
    Firefox 7.0 - 2/4
    Chrome - 2.5/4
    IE7 - 1/4
    IE8 - 3/4

    Apparently, if you test it on IE9 you get a perfect 4/4, but I haven't bothered to download IE9 yet. However, Opera pretending to be IE - 4/4 - Result! My browser passes the Microsoft test - so I'm safe after all.
    openhgs
  • Agreed - it's a total farce.

    Using FF 7.0.1 on Widows XPensive, I get a score of 2 out of 4 with the default user agent.
    When I spoof it gets really interesting:

    IE 8 - 3 out of 4
    IE 7 - 1 out of 4
    IE 6 - 0 out of 4

    What's really comical is that the IE6 and IE 7 scores are shown for a split second and then almost immediately covered by a "what can I do to improve security" Splash Screen.

    Google Chrome on Linux gets 2.5 out of 4. Hilarious!
    The Liquidator
  • > Apparently, if you test it on IE9 you get a perfect 4/4, but I haven't bothered to
    > download IE9 yet.

    No need; Firefox 3.6 with a spoofed IE9 user agent will also give you "4 out of 4" ;-)
    Zogg
  • I don't understand why Microsoft wastes their time, if it's so easily shown as a farce.

    Are there that many company managers so easily fooled, who won't bother sending this info to their IT department for a real evaluation but just take this at face value? If so, that is a very sad state of affairs.
    anonymous
  • I couldn't help but take a look at this as well, mainly for laughs. Does Microsoft actually think people will believe this garbage? I am almost certain that whatever application that is running at the "browser test" site (www.yourbrowsermatters.org) is simply looking at the user agent string to see which browser the client is running, and reports back a pre-set number, that reflects "security" in Microsoft's eyes. Just for kicks I went to the site on my Fedora 14 PC with Firefox 3.6.22, and got a score of 1.5 out of 4. I already know that my browser is way more secure than IE, because I am NOT running on a Windows operating system that is targeted and prone to almost every piece of malware out there today.

    When I started reading the details of this supposed test, it became clear to me that this site is complete rubbish. Basically it's checking to see if the browser is IE, and if not, it puts an X in for the tests. Basically this test should be called "Test to see if you use IE". It doesn't even seem to look and see what operating system I'm using, because some of the tests have a green checkmark and mention that I am running Windows, which I'm clearly not.

    And the counter on the page that is supposedly tracking the total number of attacks blocked with SmartScreen, I would love for Microsoft to explain how they obtain this number, other than it's just a simple script that keeps counting up like an odometer with no backend information.

    Microsoft is clearly worried that IE's market share has dropped from 85%+ to almost 50% and is still dropping at a steady rate.

    This is almost as good as Microsoft's "case studies" several years back comparing Windows Server to Linux. The information was all sponsored by Microsoft, so of course it was skewed to show that Microsoft is so great and wonderful that your business can just buy everything from Microsoft and live in a land of flowers and blue skies. Give me a break, let's see REAL information from REAL users of the software, such as information posted in these blogs. That's where the REAL WORLD information is.
    Chris_Clay
  • @apexwm - You are correct, it looks at the browser ID string and nothing else. That is why it can not give you any evaluation of Opera, Safari, Konqueror or anything else other than IE, Firefox or Chrome. None of those others are perceived by Microsoft as being enough of a threat to be included in this "test" and dissed in the results. What Microsoft doesn't seem to understand is that the biggest part of the "threat" is their own crappy browser.

    For some real fun, go to that web page with any non-IE browser, and see that your "score" is something less than 4 out of 4. (It is impossible to get 4 out of 4 with anything other than IE9, regardless of what browser, version, patch level, configuration, operating system or anything else) Then change the browser ID string to IE 9, and check again - voila! You now get 4 out of 4, so you must be perfectly safe, according to the geniuses at Microsoft! Congratulations, and have a nice day.
    j.a.watson1
  • I just noticed today, when signing out of hotmail, that my Firefox redirected to a bright, red-titled page from MS warning that my browser had a security rating of 2.5.

    It's one thing to push the envelope a bit in advertising, but this is crossing the line. It's a desperation move, which destroys their credibility even further among techies.

    But this really shouldn't surprise us any. They've pulled this kind of thing in the Browser Wars before. I remember when they even went so far as to rename their browser's "identification string" [ http user agent environmental variable ] to purport itself as being from Mozilla!

    They have some examples here --- http://www.useragentstring.com/_uas_Internet%20Explorer_version_6.0.php

    Utterly shameless. But they got away with it then, too.

    The best thing we can do in response is to educate people about why this is bunk and how they can evaluate their computer's security themselves.
    wolfi-9591c
  • wolfi :

    Thank you for pointing this out. Just like many of the Microsoft apologists in these blogs say, the users must be "incompetent" with out of date browsers! Uh, yeah, right. Anyway, you are exactly right, this is shameless and they wonder why we see Microsoft in a negative light. What is Microsoft hoping to accomplish by this, other than making themselves look desperate? What I find hysterical about this is that non-Internet Explorer browsers, such as Firefox, are actually MORE secure because they are not tied tightly to the Windows operating system like Internet Explorer is. Of course, Microsoft would never admit to this, instead they try to brainwash Windows users with false & misleading advertisements and information, such as the one you posted about.
    Chris_Clay
  • Think about this kind of thing, in relation to a recent blog posting here which posed the question "Should We Trust Microsoft?".
    j.a.watson1