NSS Security Test: More Details Emerge

By | August 18, 2009

NSS Security Test: More Details EmergeHere are some more details from Ars Tecnica, which should clarify Microsoft and NSS Labs “sponsorship” deal.

In terms of sponsorship of the reports, “this stuff is expensive to do right, and we need to monetize it somehow,” Moy told Ars. “We invited Google, Mozilla, Apple, Opera to participate, but they didn’t even bother to respond, except for Opera, which stated they “don’t really focus on malware.”

Also, readers have noticed that Firefox 3.5 was not included in those tests, here is a reason (as from .pdf).

We would have liked to have been able to test Firefox 3.5 which was released on June 30, 2009, and attempted to test it alongside the other browsers. However, serious instability where the browser repeatedly crashed (a widely reported issue) along with poor results prevented its inclusion for the sake of fairness.

For NSS Security Test results, see the following page.


About (Author Profile)

Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

Comments (11)

Trackback URL | Comments RSS Feed

  1. Tiago Sá says:

    This is true. EVERY INSTALL OF FIREFOX 3.5 crashes after 2 minutes and the next time you reboot your computer will explode. Also, it will give you aids and impregnate your wife with your best friend’s child. BELIEVE ME!

    Seriously, what a bunch of douches… Testing browsers in unclean OS conditions. Yeah, because if their OSs were clean (aka freshly installed and without crap running on the background), Fx3.5 wouldn’t crash.

    What a bunch of douchebags.

  2. barky says:

    so NSS security tests are largely just microsoft funded propaganda are they? – carefully chosen tests that magnify the plus points of IE8, plus points most internet explorer users won’t even have as they are still using IE6 & 7.

  3. cain says:

    You are so great !

  4. Rafael says:

    Those were malware tests? I thought it was a anti-viroses software thing…

  5. Anon says:

    If the test was faulty, why arn’t the other browsers refuting the results. They did not refute the results in March, and they are not doing it this time. Except for a small blog by an Opera person, who only threw mud, but not data.

    Also why people should care about malware & phishing…. It is a huge problem

    IE’s blog about SmartScreen sheds some interesting light on the amount of phishing and malware on the Internet. http://blogs.msdn.com/ie/archive/2009/08/13/real-world-protection-with-ie8-s-smartscreen-filter.aspx

    • IE8 is delivering a malware block for approximately 1 out of 40 users every week
    • Approximately 1 of every 200 downloads is blocked as malicious
    • In the four months since IE8’s launch, IE8 has delivered 70 million malware blocks
    • IE7 & 8 have delivered 125 million phishing blocks

  6. Dan says:

    NSS is a load of BS, they said when testing opera it auto-updated itself from 9.63 to 9.64.

    Opera didn’t have auto-update then.

  7. Vikram says:

    As far as Firefox 3.5 — It was not stable when first released. And any corruption of the mysqlite DB causes the Phishing and Socially Engineered Malware protection to stop working. Also, 3.5 was a performance release: there was no improvement of security according to Mozilla.

    I have to ask– have you actually read the reports? We make it clear that IE8 & Firefox were statistically tied when it came to Phishing protection.

    Also, despite misinformation to the contrary, these were NOT Microsoft “sponsored” reports. NSS Labs did the work privately and Microsoft liked the results enough that they purchased reprint rights so that the results would be public.

    All of which is besides the point. Scientific testing with reproducable results are valid regardless of who pays. Does the fact that students pay for college mean they automatically get whatever grades they want? Of course not!

    Please read the report before attacking people’s hard work and reputation.

    • NibLer says:

      Scientific testing with reproducable results are valid regardless of who pays.

      Yeah, except there was no peer review, and the results are impossible to verify or falsify. This basically means that the whole thing is pseudoscience.

      When a company which claims to do “science” can’t even get the basic scientific process right, you know they are talking out of their rear end.

      The fact that you lied and claimed that Opera 9.63 updated itself to 9.64 in your previous report just adds to the huge pile of data showing that you were lying, manipulating the tests, and so on. Remember, Opera 9 didn’t have automatic updates!

      Your first report was a piece of garbage, and you did the same again. You pick and choose your data to present Microsoft in the best possible light. You have no credibility what so ever, and numerous people have exposed you for what you are:


  8. Vikram says:

    Now you are just name calling.

    What part of the scientific method did NSS not follow properly? The test methodology cites sources for URLs and malware samples, and the samples / URLs have been made available to the browsers upon request.

    Also, you are not citing an official Opera response, but rather the personal blog of one person who does not speak for Opera (according to Opera). The Opera folks have been very professional and courteous.

    Also, your other sources are not primary. They are other “journalists” or bloggers. Some of whom have retracted or amended their criticism of NSS Labs’ prior browser report.

    • Thoe says:

      Name calling? That was just telling you how unscientific your “research” is. When you make these claims about how excellent and independent your “research” is, people need to know that you are basically paid by Microsoft to make them look good, and that your methods are neither repeatable, verifiable, nor falsifiable. Nothing but pseudoscience.

      People need to know about the fact that you consciously played around with the statistics in order to make IE look good.

      As for the personal Opera blog, yes, it’s a personal blog. And here’s what one of your guys said:

      The opera blog comments are all interesting misinterpretations by the author and we’re responding to that.

      And what was the response? A bunch of misinformation, such as repeating the claim that Opera 9.63 updated itself to 9.64 despite the fact that Opera 9 has no automatic update mechanism. Indeed, the last comment in the Opera blog exposes you as the liars and self-contradictory cheats that you are.