Select Page

WEB BROWSER SECURITY (WBS)

WEB BROWSER SECURITY (WBS)

TECHNOLOGY DESCRIPTION

The web browser is the primary vector by which malware is introduced to computers. To protect against malware, leading browser vendors provide cloud-based reputation services that scour the Internet for malicious websites and then categorize content accordingly, either by adding it to blacklists or whitelists, or by assigning it a score. A web browser requests reputation information about a specific URL, and if results indicate that the website is “bad,” the browser redirects the user to a warning message explaining that the URL is malicious. If a website is determined to be “good,” the browser takes no action and the user remains unaware that a security check was just performed.

Among the most prominent and impactful security threats facing users today are socially engineered malware (SEM) and phishing attacks. As such, they have been the focus of NSS Labs’ testing of the security effectiveness of browsers. While drive-by downloads and clickjacking are also effective attacks that have achieved much publicity, they continue to represent a smaller percentage of today’s threats

Phishing attacks pose significant risk to individuals and organizations alike by threatening to compromise or acquire sensitive personal and corporate information. These attacks gain the trust of users by masquerading as reputable entities to steal login credentials or sensitive account information.

Socially engineered malware (SEM) uses a dynamic combination of social media, hijacked email accounts, false notification of computer problems, and other deceptions to encourage users to download malware.

WHAT WE TESTED

NSS Labs’ Web Browser Security (WBS) Group Test evaluates market-leading web browsers for their efficacy of protection against malware that utilizes social engineering and phishing attack capabilities. Testing focused on block rates, consistency of protection, and early protection against new threats. The test provides Comparative Reports to help enterprises make informed decisions to evolve and rationalize their cyber risk programs.