More ammo on browser security for your customer conversations

  • Article

By Ron Grattopp ronaldg 001…..Back in September, I did a post called “The greatest browser security technology you probably never heard of…” which was a security focused post around the idea that socially-engineered (SE) malware is a far more prevalent threat today than the classic vulnerability exploit (aka drive-by attack) and, of course, extolling the virtue of our SmartScreen technology as offering the best protection against this form of malware.  So this post is something of a continuation of that but on a different tack – how important is browser security to you and your customer?  Of course, as usual, my main purpose in my blog is to provide our Microsoft partners with ideas and talking points that they can use in customer conversations around motivating “our” customers to deploy and depend on the Microsoft platform, in this case browser security.  But it’s also another example of the attention and focus that Microsoft puts on security “all up” (as we like to say internally) as a follow on to my “Happy birthday TwC” post (Jan 2012).

Some weeks back, NSS Labs (an “Independent Security Research and Testing” organization) released an updated browser security analysis and report, NSS Labs 2-6-2012 Browser Security Analysis Brief.  Of course copyright prevents me from actually showing you (reproducing) screenshots of their graphics depicting the data, but in their graphic labeled “Socially Engineered Malware Protection over time - North America (December 2, 2011 — January 5, 2012) on page 2, I can tell you that I think you’ll be impressed with the apparent disparity between the capabilities of the various browsers.  I should note that the title of the report is: “Did Google pull a fast one on Firefox and Safari users?” and the majority of the report is centered on something called the “Safe Browsing API v2” which Google owns and is (presumably) shared among the Chrome, Firefox, and Safari browsers – so this is definitely NOT a recommended read <grin> unless you want to of course.  With that in mind, however, I’m going to distill out what I think are the key take-aways from this report for your customer conversations:

  • Look at the charts on page 2, that’s really all you need to know – regardless of the Safe Browsing API v2, based on NSS test data, IE9 is clearly head and shoulders above all of the other browsers in protecting against SE malware (just a continuation of the same findings in the previous report).  In fact, I would suggest that the results show the others are not even in the same ballpark.
  • One of the key NSS Labs “Findings” was that “Internet Explorer 9 remains (italics mine) the most effective at blocking traditional malware downloads (a.k.a. social-engineered malware)” – again, no surprise there since it’s also a re-affirmation of previous findings.
  • And, finally, one of the NSS Labs “Recommends” states that “While NSS does not recommend switching browsers based on the results of these tests alone, if you currently have a free choice of browser then Internet Explorer 9 offers the most comprehensive protection from these particular threats.”

In closing, I know you’re not selling IE, so this isn’t so much about convincing your customers to use IE as it is about helping your customers understand the impact of Microsoft’s ongoing and deep commitment to security as a compelling reason to bet on the Microsoft platform for their IT needs.  That’s  the aspect you want to weave into the customer conversation you might have around any of our solutions and technologies that your customer might be using or investigating.   Case in point, I know many of your customers have questions about the security of the cloud – this, and the TwC, and other proof points should at least help them understand that no one else is going to be as equipped as Microsoft to understand and provide the protection and privacy that businesses need in this new online age.

Cheers, as always,
Ron