Académique Documents
Professionnel Documents
Culture Documents
BRIEF
Overview
This
analyst
brief
aggregates
results
from
NSS
Labs
tests
conducted
between
2009
and
2013
in
a
comparison
of
phishing
and
socially
engineered
malware
(SEM)
protection
by
the
leading
browsers.
Figure
1
reveals
trends
in
protection
levels
of
the
four
leading
browsers,
comparing
combined
test
results
from
2009
to
the
recent
2012
and
2013
scores.
100%
Average
Phish
2013
90%
80%
2012
2012
70%
2013
Malware
60%
40%
IE
Average
Malware
Safari
2009
30%
20%
Firefox
2009
50%
Chrome
Average Phish
2009
2009
Average
Malware
2013
10%
2012
0%
0%
20%
40%
60%
Phishing
80%
100%
Figure 1 Leading Browser Malware and Phishing Block Rates (2009, 2012, 2013)
NSS Labs
In
the
NSS
tests,
the
browsers
are
rated
on
performance
in
four
categories:
Internet
Explorer
(IE)
shows
a
consistently
superior
ability
to
block
SEM,
while
providing
competitive
phishing
protection;
it
leads
the
tested
browsers
in
combined
protections
for
these
categories.
Googles
Download
Protection
technology
has
improved
significantly
over
time,
placing
it
behind
IE
but
well
ahead
of
Firefox
and
Safari.
Both
Firefox
and
Safari
lead
the
other
browsers
in
phishing
protection
but
provide
negligible
protection
against
SEM
attacks.
This
analyst
brief
includes
data
from
previously
published
NSS
phishing
tests
conducted
in
2009,
2012,
and
2013,
as
well
as
SEM
tests
published
every
year
from
2009
to
2013.
In
2010,
two
SEM
tests
were
published.
Figure
2
shows
the
overall
performance
of
the
browsers
for
the
2013
browser
phishing
and
SEM
tests.
89%
IE
Chrome
76%
Safari
53%
Firefox
52%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Figure
2
treats
all
protection
metrics
in
2013
equally.
Later
in
this
analyst
brief,
Figure
15
will
add
weighting
based
on
the
relative
protection
importance
of
the
tested
parameters
in
order
to
provide
a
more
realistic
ranking
of
the
browsers
in
2013.
Figure
14
provides
an
aggregation
of
all
of
the
tests
from
2009
to
2013,
with
emphasis
placed
on
freshness
and
relative
importance
of
the
test
metrics.
NSS Labs
The
browser
is
the
first
line
of
defense
against
multiple
web-based
threats;
however,
with
a
maximum
historical
protection
rate
of
just
80
percent,
the
browser
should
not
be
the
only
line
of
defense.
Products
that
do
not
provide
the
bulk
of
their
protection
in
the
earliest
hours
of
an
attack
are
not
meeting
the
security
requirements
of
todays
threatscape.
Microsofts
Internet
Explorer
continues
to
provide
the
best
combination
of
malware
and
phishing
protection.
The
application
reputation
technologies
used
by
browsers
from
both
Microsoft
and
Google
provide
a
significantly
safer
browsing
experience
than
do
the
browsers
from
Apple
and
Mozilla.
User
education
is
often
better
protection
against
social
engineering
attacks
than
browser
technologies.
NSS Labs
Table
of
Contents
Overview
................................................................................................................................
1
NSS
Labs
Findings
....................................................................................................................
3
NSS
Labs
Recommendations
...................................................................................................
3
Analysis
..................................................................................................................................
6
Phishing
Trends
and
Threats
........................................................................................................................
6
NSS
Empirical
Results:
Phishing
Protection
..................................................................................................
7
NSS
Empirical
Results:
Socially
Engineered
Malware
Protection
.................................................................
9
Combined
Protection
Effectiveness
...........................................................................................................
11
Aggregate
Values
....................................................................................................................................
11
Weight
A
Minute
.....................................................................................................................................
11
Evaluating
the
Data
................................................................................................................................
11
The
Great
Equalizer
....................................................................................................................................
14
Appendix
A:
Raw
Data
..........................................................................................................
15
Appendix
B:
Weighting
Formulas
..........................................................................................
17
Protection
Multipliers:
...............................................................................................................................
17
Year
Multipliers:
.........................................................................................................................................
17
Reading
List
..........................................................................................................................
19
Contact
Information
..............................................................................................................
20
NSS Labs
Table
of
Figures
Figure
1
Leading
Browser
Malware
and
Phishing
Block
Rates
(2009,
2012,
2013)
....................................................
1
Figure
2
2013
Combined
Phishing
And
Malware
Block
Rates
....................................................................................
2
Figure
3
Unique
Phishing
Attacks
..............................................................................................................................
6
Figure
4
APWG
Phishing
Uptime
Statistics
................................................................................................................
7
Figure
5
Mean
Block
Rate
for
Phishing
......................................................................................................................
7
Figure
6
Zero-Hour
Phishing
Block
Rate
.....................................................................................................................
8
Figure
7
Time
to
Block
Phishing
Attacks
Relative
to
Uptime
Trends
(Hours)
.............................................................
9
Figure
8
Mean
Block
Rate
for
Socially
Engineered
Malware
.....................................................................................
9
Figure
9
Zero-Hour
Socially
Engineered
Malware
Block
Rate
..................................................................................
10
Figure
10
Content
Agnostic
Malware
Protection
Breakout
.....................................................................................
10
Figure
11
Combined
Test
Results
(Not
Weighted)
...................................................................................................
12
Figure
12
Time
Weighted
.........................................................................................................................................
12
Figure
13
Protection
Weighted
................................................................................................................................
13
Figure
14
Time
and
Protection
Weighted
Scores
.....................................................................................................
13
Figure
15
2013
Weighted
Scores
.............................................................................................................................
13
Figure
16
Mean
Block
Rate
for
Phishing
..................................................................................................................
15
Figure
17
Zero-Hour
Block
Rate
...............................................................................................................................
15
Figure
18
Mean
Block
Rate
for
SEM
.........................................................................................................................
15
Figure
19
Zero-Hour
Block
Rate
for
SEM
.................................................................................................................
16
Figure
20
Time
Weighting
........................................................................................................................................
17
Figure
21
Protection
Type
Weighting
......................................................................................................................
17
Figure
22
Type
and
Year
Weighting
.........................................................................................................................
17
NSS Labs
Analysis
Socially
engineered
malware
and
phishing
attacks
are
two
of
the
most
significant
threats
against
which
web
browsers
must
defend.
NSS
has
for
several
years
tested
the
leading
browsers
for
their
ability
to
protect
against
these
attacks;
however,
each
test
has
been
presented
as
a
stand-alone
snapshot
in
time.
While
these
real-world
snapshot
tests
yield
useful
information,
a
correlated
report
is
equally
valuable
in
order
to
assess
trends
and
establish
vendor
track
records.
This
analyst
brief
examines
the
historical
performance
of
browsers
against
phishing
and
against
socially
engineered
malware
attacks.
The
browsers
are
evaluated
against
each
other
and
against
the
phishing
threatscape.
If
the
best
performing
product
affords
little
protection,
then
the
worst
performing
product
is
not
significantly
different.
Fortunately,
there
are
browsers
that
are
addressing
the
challenges
and
that
are
able
to
provide
significant
protection
for
users.
700,000
600,000
500,000
400,000
300,000
200,000
100,000
0
2009
2010
Unique
Phishing
Emails
Reported
2011
2012
Unique
Phishing
Web
Sites
Discovered
http://www.apwg.org/resources/apwg-reports/
http://www.apwg.org/resources/apwg-reports/whitepapers
NSS Labs
One
of
the
critical
metrics
surrounding
a
browsers
effectiveness
in
combatting
phishing
attacks
is
how
quickly
it
adds
protection
once
an
attack
is
live.
Figure
4
illustrates
the
general
decline
in
the
lifetimes
of
phishing
sites.
In
2012,
the
average
phishing
site
was
live
for
just
under
25
hours,
and
the
median
lifetime
was
approximately
12
hours.
Products
that
do
not
provide
the
bulk
of
their
protection
in
the
earliest
hours
of
an
attack
are
not
meeting
the
security
requirements
of
todays
threatscape.
80
60
40
20
0
1H2009
2H2009
1h2010
2h2010
Average
Uphme
(Hours)
1h2011
2h2011
1h2012
Median
Uphme
(Hours)
2h2012
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
Chrome
Firefox
IE
Safari
Average
2009
2012
2013
In
2009,
only
IE
and
Firefox
provided
competitive
block
rates
for
phishing,
with
results
in
2012
narrowing
the
differences
to
a
four-point
spread
between
browsers.
In
2013,
Firefox
and
Safari
posted
modest
improvements
in
their
scores,
while
Chrome
dropped
by
2
percent.
IE
has
a
trend
of
solid
performance,
but
the
browsers
phishing
block
rate
declined
from
92
percent
in
the
2012
Browser
Security
Comparative
Analysis
Report
(CAR)
on
Phishing
Protection
to
83
percent
in
the
2013
CAR
on
Phishing
Protection.
NSS Labs
The
lower
results
in
the
2013
test
should
be
evaluated
against
future
tests
to
determine
if
the
decline
in
IEs
mean
block
rate
in
the
2013
test
indicates
a
problematic
trend.
The
time
required
to
add
new
phishing
sites
is
an
important
metric
when
determining
the
relevance
of
the
mean
block
rate
to
consumer
protection.
For
example,
a
browser
that
blocks
more
phishing
sites
in
the
first
12
hours
will
provide
better
protection
than
a
less
responsive
browser
that
achieves
a
better
block
rate
in
the
long
run.
Historically,
NSS
testing
has
found
that
the
browsers
with
the
best
early
detection
continue
to
lead
until
the
end
of
the
test;
however,
this
may
not
always
be
the
case.
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
Chrome
Firefox
IE
Safari
Average
2009
2012
2013
During
the
2013
test,
all
browsers
showed
improvement
over
their
historical
zero-hour
block
rates,
as
depicted
in
Figure
6.
A
metric
that
has
a
high
correlation
to
the
zero-hour
block
rate
is
the
average
time
required
to
add
protection
for
new
phishing
sites.
Figure
7
shows
the
APWG
average
phishing
site
uptime
statistics
and
the
mean
phishing
site
uptime
statistics
overlaid
with
the
results
of
the
tested
browser
performance
for
average
time
to
add
protection
for
new
phishing
sites.
(The
APWG
statistics
for
the
first
half
of
2013
were
not
available
at
the
time
of
writing.)
Note
that
the
browser
phishing
protection
tests
were
performed
only
in
2009,
2012,
and
2013,
so
performance
in
2010
and
2012
is
graphed
in
a
linear
fashion
and
may
not
reflect
actual
performance
in
those
two
years.
Safari
is
the
only
browser
to
have
had
a
worse
response
time
to
phishing
attacks
than
either
the
mean
or
the
average
uptime
for
phishing
sites
since
NSS
began
testing
browsers.
But
Apple
has
dramatically
improved
its
performance,
and
Safari
posted
the
fastest
response
times
in
the
most
recent
test
report.
The
median
uptime
for
phishing
attacks
is
significantly
lower
than
the
average
response
time
and
is
the
more
important
metric.
All
of
the
browsers
are
adding
protection
very
quickly,
with
IE
requiring
2.6
hours
and
Safari
averaging
30
minutes.
Firefox,
however,
has
demonstrated
the
most
consistent
protection
for
phishing
over
time.
NSS Labs
70
60
Chrome
50
Firefox
40
IE
30
Safari
20
10
0
2009
2010
2011
2012
2013
100%
80%
u
60%
Google
Buys
VirusTotal
40%
20%
0%
2009
Q1
2010
Chrome
Q3 2010
2011
Firefox
IE
2012
2013
Safari
NSS
conducted
six
browser
malware
protection
tests
between
2009
and
2013,
and
IE
significantly
outperformed
the
competition
in
all
six
texts.
Only
recently
has
Chrome
become
a
viable
option
that
provides
significant
malware
protection
for
users.
While
Chrome,
Firefox,
and
Safari
all
use
Googles
Safe
Browsing
API,
Chrome
alone
incorporates
Googles
Content
Agnostic
Malware
Protection
technology
(CAMP).
Prior
to
2012,
all
three
of
the
browsers
using
Googles
Safe
Browsing
API
performed
comparably.
NSS Labs
When
Google
acquired
VirusTotal,
it
was
widely
assumed
that
the
service
would
be
used
to
improve
Chromes
malware
blocking
abilities.
The
2013
results
do
show
an
improvement
in
Chromes
mean
block
rate,
but
also
a
significant
drop
in
zero-hour
protection.
If
Google
continues
to
improve
Chromes
SEM
protection,
it
may
be
difficult
to
differentiate
the
contribution
of
the
VirusTotal
acquisition
from
ongoing
investment
in
Googles
Download
Protection
technology.
As
with
phishing
attacks,
response
time
is
critical
when
providing
protection
against
malware
attacks.
Figure
9
shows
browser
performance
graphed
at
zero
hour
against
SEM
attacks.
IE
significantly
outperforms
the
competition
in
all
six
tests.
Both
Firefox
and
Safari
have
declined
in
SEM
protection
since
2010.
100%
80%
60%
u
40%
Google
buys
VirusTotal
20%
0%
2009
Q1 2010
Q3 2010
Chrome
2011
Firefox
2012
IE
2013
Safari
Googles
Download
Protection
technology
and
Microsofts
App
Rep
technologies
are
the
reason
that
Chrome
and
IE
are
able
to
block
such
high
percentages
of
SEM.
Neither
Chrome
nor
IE
relies
on
the
certain
knowledge
that
a
file
is
bad;
rather,
they
block
files
that
do
not
meet
reputational
criteria.
88.5%
2012
IE
2012
Chrome
4.5%
65.8%
2013
IE
2013
Chrome
10.6%
83.2%
10.0%
0%
10%
16.8%
73.2%
20%
URL Reputahon
30%
40%
50%
Applicahon Reputahon
60%
70%
80%
90%
100%
Download
Protechon
Figure
10
displays
the
combination
of
SEM-blocking
technologies
used
by
Chrome
and
IE.
Both
URL
and
CAMP
protection
methodologies
can
suffer
from
false
positives;
however,
the
more
important
consideration
is
the
protection
that
URL
reputation
adds
over
CAMP.
10
NSS Labs
When
a
web
page
contains
both
exploits
and
SEM,
URL
reputation
will
protect
the
user
from
exploits,
in
addition
to
SEM.
Where
CAMP
is
the
only
protection
mechanism,
the
user
can
still
fall
victim
to
exploits.
Consequently,
IEs
strong
use
of
URL
reputation
compared
to
Chromes
use
renders
IEs
SEM
protection
significantly
more
valuable.
11
NSS Labs
Figure
11
is
not
weighted,
and
it
shows
Firefox
as
out
performing
Chrome
in
the
combined
tests.
In
2009,
Firefox
outperformed
Chrome
by
26
percent
across
the
four
metrics.
In
2012
and
2013,
Chrome
eclipsed
Firefox
by
26
percent
and
25
percent
respectively.
Clearly,
an
accurate
ranking
of
the
browser
requires
more
recent
scores
to
carry
more
weight
than
older
results.
IE
79%
Firefox
49%
Chrome
46%
Safari
37%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Leaving
protection
scores
unmodified
and
assigning
older
tests
progressively
less
weight,
Figure
12
shows
Chrome
in
second
place
with
a
significant
lead
over
Firefox
and
Safari.
IE
83%
Chrome
66%
Firefox
56%
Safari
54%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Figure
13
does
not
weight
for
time;
however,
the
different
types
of
protection
are
weighted
based
on
relative
importance.
The
resulting
graph
does
not
adequately
reflect
performance
improvements
in
Chrome
with
respect
to
SEM
protection
in
2012
and
2013.
Weighting
values
can
be
found
in
Appendix
B.
12
NSS Labs
IE
80%
Chrome
39%
Firefox
36%
Safari
27%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
IE
85%
Chrome
58%
Firefox
40%
Safari
39%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Figure
14
incorporates
weighting
that
places
a
higher
value
on
newer
tests
and
a
higher
value
on
more
important
protection
categories.
92%
IE
71%
Chrome
Safari
37%
Firefox
35%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Both
Figure
14
and
Figure
15
display
a
wider
performance
margin
between
IE
and
Chrome,
as
well
as
between
Chrome
and
the
other
browsers
than
does
Figure
2.
Figure
15
does
not
consider
trends
or
track
records.
If
current
protection
value,
track
records,
and
trends
are
considerations,
then
Figure
14
provides
a
more
comprehensive
picture
than
does
Figure
15.
13
NSS Labs
14
NSS Labs
2009
26%
80%
83%
2%
2012
94%
90%
92%
91%
2013
92%
96%
83%
95%
The
mean
block
rate
for
phishing
reflects
overall
phishing
detection
for
the
duration
of
each
test.
Browser
Chrome
Firefox
IE
Safari
2009
16.00%
48.00%
52.00%
2.00%
2012
53.20%
79.20%
55.90%
76.90%
2013
81.50%
93.30%
73.30%
93.40%
The
zero-hour
block
rate
is
a
critical
metric.
The
value
of
a
higher
mean
block
rate
can
be
marginalized
by
ineffective
zero-hour
performance.
Due
to
the
diminishing
uptimes
of
phishing
sites,
a
browser
with
a
lower
mean
block
rate
and
better
zero-hour
response
times
may
provide
more
effective
protection
for
most
users
than
will
a
browser
with
a
better
overall
block
rate
but
poorer
zero-hour
performance.
Browser
Chrome
Firefox
IE
Safari
2009
16%
30%
69%
24%
Q1
2010
17%
29%
85%
29%
Q3
2010
3%
19%
99%
11%
2011
13%
8%
99%
8%
2012
70%
4%
99%
4%
2013
83%
10%
100%
10%
The
mean
block
rate
for
SEM
reflects
the
SEM
performance
for
the
duration
of
each
test.
Throughout
a
test,
various
browsers
can
fluctuate
significantly
in
their
instantaneous
block
rate.
Histograms
in
NSS
CARs
provide
additional
detail.
15
NSS Labs
Browser
Chrome
Firefox
IE
Safari
2009
25%
28%
41%
13%
Q1
2010
15%
28%
58%
27%
Q3
2010
4%
18%
89%
10%
2011
10%
7%
99%
6%
2012
67%
6%
86%
5%
2013
49%
8%
98%
12%
The
zero-hour
block-rate
is
the
percentage
of
malware
each
browser
was
already
blocking
when
the
hosting
site
was
first
discovered.
Browsers
with
higher
zero-hour
protection
generally
provide
better
protection
than
browsers
with
delayed
protection
times.
16
NSS Labs
Protection
Multipliers:
Mean
Block
Rate
for
Phishing
=
Score
*
.3
Zero
Hour
Phishing
Block
Rate
=
Score
*
.5
Mean
SEM
Block
Rate
=
Score
*
.8
Zero
Hour
SEM
Block
Rate
=
Score
*
1
Year
Multipliers:
2009
=
Score
*
.1
2010
=
Score
*
.2
2011
=
Score
*
.4
2012
=
Score
*
.8
2013
=
Score
*
1
Figure
20
displays
scores
weighted
for
date
and
not
protection
type.
Figure
21
displays
scores
weighted
for
protection
type
but
not
for
the
dates
of
the
test.
Figure
22
displays
the
combined
protection
type
and
date
weighting.
Protection
Mean
Block
Rate
-
Phish
Zero-Hour
Block
Rate
-
Phish
Mean
Block
Rate
-
SEM
Zero-Hour
Block
Rate
-
SEM
2009
10%
10%
10%
10%
2010
X
X
20%
20%
2011
X
X
40%
40%
2012
80%
80%
80%
80%
2013
100%
100%
100%
100%
2011
X
X
80%
100%
2012
30%
50%
80%
100%
2013
30%
50%
80%
100%
2012
24%
40%
64%
80%
2013
30%
50%
80%
100%
Protection
Mean
Block
Rate
-
Phish
Zero-Hour
Block
Rate
-
Phish
Mean
Block
Rate
-
SEM
Zero-Hour
Block
Rate
-
SEM
2009
30%
50%
80%
100%
2010
X
X
80%
100%
Protection
Mean
Block
Rate
-
Phish
Zero-Hour
Block
Rate
-
Phish
Mean
Block
Rate
-
SEM
Zero-Hour
Block
Rate
-
SEM
2009
3%
5%
8%
10%
2010
X
X
16%
20%
2011
X
X
32%
40%
17
NSS Labs
The
maximum
time
and
protection
type
weighted
scores
attainable
for
four
protection
types
are
as
follows:
Mean
Block
Rate
-
Phish:
((100*.03)+(100*.24)+(100*.3))/3=.19
or
19%.
Zero
Hour
Block
Rate
-
Phish:
((100*.05)+(100*.4)+(100*.5)/3=.3167
or
31.67%.
Mean
Block
Rate
-
SEM:
((100*.08)+(100*.16)+(100*.16)+(100*.32)+(100*.64)+(100*.8))/6=.36
or
36%.
Zero
Hour
Block
Rate
-
SEM:
((100*.1)+(100*.2)+(100*.2)+(100*.4)+(100*.8)+(100*.1))/6=.45
or
45%.
The
maximum
combined
total
score
is
therefore:
(.19+31.67+.36+.45)/4=.3292
or
32.92%.
To
normalize
to
a
100
percent
scale,
the
total
weighted
scores
are
divided
by.3292.
For
Chrome,
the
total
weighted
performance
for
all
of
the
tests
would
be
calculated
as
follows:
(((((((0.26*0.03)+(0.94*0.24)+(0.92*0.3))/3)+(((0.16*0.05)+(0.53*0.4)+(0.82*0.5))/3)+(((0.16*0.08)+(0.17*0.16)+(0.
03*0.16)+(0.13*0.32)+(0.7*0.64)+(0.83*0.8))/6)+(((0.25*0.1)+(0.15*0.2)+(0.04*0.2)+(0.1*0.4)+(0.67*0.8)+(0.49))/
6))/4)))/.3292
Chrome
-
Mean
Block
Rate
-
Phish:
((.26*.03)+(.94*.24)+(.92*.3))/3=17%
Chrome
-
Zero
Hour
Block
Rate
-
Phish:
((.16*.05)+(.53*.4)+(.82*.5)/3=21%
Chrome
-
Mean
Block
Rate
-
SEM:
((.16*.08)+(.17*.16)+(.3*.16)+(.13*.32)+(.7*.64)+(.83*.8))/6=20%
Chrome
-
Zero
Hour
Block
Rate
-
SEM:
((.25*.1)+(.15*.2)
+(.04*.2)+(.1*.4)+(.67*.8)+(.49*1))/6=.19%
Chrome
-
((17%+21%+20%+19%)/4)/.3292=58%
18
NSS Labs
Reading
List
2013
Browser
Security
Comparative
Analysis
Report:
Phishing
Protection.
NSS
Labs
https://www.nsslabs.com/reports/2013-browser-security-comparative-analysis-phishing-protection
2012
Browser
Security
Comparative
Analysis
Report:
Phishing
Protection.
NSS
Labs
https://www.nsslabs.com/reports/2012-browser-security-comparative-analysis-phishing-protection
User
Education
Effectiveness
Can
Be
Measured.
NSS
Labs
https://www.nsslabs.com/reports/user-education-effectiveness-can-be-measured
2013
Browser
Security
Comparative
Analysis:
Privacy.
NSS
Labs
https://www.nsslabs.com/reports/browser-security-comparative-analysis-privacy
19
NSS Labs
Contact
Information
NSS
Labs,
Inc.
206
Wild
Basin
Rd
Building
A,
Suite
200
Austin,
TX
78746
USA
+1
(512)
961-5300
info@nsslabs.com
www.nsslabs.com
This
analyst
brief
was
produced
as
part
of
NSS
Labs
independent
testing
information
services.
Leading
products
were
tested
at
no
cost
to
the
vendor,
and
NSS
Labs
received
no
vendor
funding
to
produce
this
analyst
brief.
2013
NSS
Labs,
Inc.
All
rights
reserved.
No
part
of
this
publication
may
be
reproduced,
photocopied,
stored
on
a
retrieval
system,
or
transmitted
without
the
express
written
consent
of
the
authors.
Please note that access to or use of this report is conditioned on the following:
The
information
in
this
report
is
subject
to
change
by
NSS
Labs
without
notice.
1.
The
information
in
this
report
is
believed
by
NSS
Labs
to
be
accurate
and
reliable
at
the
time
of
publication,
but
is
not
2.
guaranteed.
All
use
of
and
reliance
on
this
report
are
at
the
readers
sole
risk.
NSS
Labs
is
not
liable
or
responsible
for
any
damages,
losses,
or
expenses
arising
from
any
error
or
omission
in
this
report.
3.
NO
WARRANTIES,
EXPRESS
OR
IMPLIED
ARE
GIVEN
BY
NSS
LABS.
ALL
IMPLIED
WARRANTIES,
INCLUDING
IMPLIED
WARRANTIES
OF
MERCHANTABILITY,
FITNESS
FOR
A
PARTICULAR
PURPOSE,
AND
NON-INFRINGEMENT
ARE
DISCLAIMED
AND
EXCLUDED
BY
NSS
LABS.
IN
NO
EVENT
SHALL
NSS
LABS
BE
LIABLE
FOR
ANY
CONSEQUENTIAL,
INCIDENTAL
OR
INDIRECT
DAMAGES,
OR
FOR
ANY
LOSS
OF
PROFIT,
REVENUE,
DATA,
COMPUTER
PROGRAMS,
OR
OTHER
ASSETS,
EVEN
IF
ADVISED
OF
THE
POSSIBILITY
THEREOF.
4.
This
report
does
not
constitute
an
endorsement,
recommendation,
or
guarantee
of
any
of
the
products
(hardware
or
software)
tested
or
the
hardware
and
software
used
in
testing
the
products.
The
testing
does
not
guarantee
that
there
are
no
errors
or
defects
in
the
products
or
that
the
products
will
meet
the
readers
expectations,
requirements,
needs,
or
specifications,
or
that
they
will
operate
without
interruption.
5.
This
report
does
not
imply
any
endorsement,
sponsorship,
affiliation,
or
verification
by
or
with
any
organizations
mentioned
in
this
report.
6.
All
trademarks,
service
marks,
and
trade
names
used
in
this
report
are
the
trademarks,
service
marks,
and
trade
names
of
their
respective
owners.
20