Microsoft IE9 Blocks Malware Best
Report finds that IE9's ability to block malicious URLs, malware, and phishing attacks far surpasses that of Chrome, Safari, Firefox, or Opera.
Those findings come from independent security testing organization NSS Labs, which tested five browsers on their ability to block what it dubs as "socially engineered malware," meaning malware that succeeds not necessarily through technical sophistication, but rather by tricking end users into visiting malicious sites, clicking malicious links, or downloading malware. NSS Labs said that no vendors funded the report.
More Security Insights
- Get Actionable Insight with Security Intelligence for Mainframe Environments
- How Attackers Identify and Exploit Software and Network Vulnerabilities
White PapersMore >>
For the test, NSS Labs subjected the browsers to a sustained onslaught of malware and related threat vectors, including sending the browsers to more than 5,000 new, suspicious sites, and watching how long it took the browsers to block sites that NSS Labs ultimately judged to harbor malware. Ultimately, that totaled 1,188 of the suspicious URLs visited, and interestingly, a browser's mean time to block a site, when it did block a malicious site, was about 10 hours.
According to the study, IE9 performed best, catching "an exceptional 99.2% of live threats: 96% with the SmartScreen URL reputation and an additional 3.2% with Application Reputation." Those results far surpassed the performance of Google Chrome 12, which stopped 13.2% of live threats, compared with just 3% in 2010. According to NSS Labs, "this improvement tracks to an enhancement in SafeBrowsing," which warns users when they may be downloading a malicious file.
Meanwhile, both Apple Safari 5 and Mozilla Firefox 4 stopped 7.6% of live threats. Firefox's malware-stopping ability, however, declined from 2010, when it had blocked 19% of live threats. But Firefox's 2011 performance still surpassed that of Opera, which blocked just 6.1% of live threats.
What accounts for IE9's strong showing? The NSS Labs report singles out SmartScreen, which is technology used by IE to block phishing attacks (as of IE7), malware attacks (as of IE8), and known-malicious URLs (as of IE9). In addition, with IE9, Microsoft also added SmartScreen Application Reputation, which helps block downloadable malware that's disguised as a legitimate application. According to Microsoft, 7% of all IE downloads are malware.
"The significance of Microsoft's new application reputation technology cannot be overstated," according to the NSS Labs report. "Application Reputation is the first attempt by any vendor to create a definitive list of every application on the Internet. This new capability helps users discern malware, and potentially unsafe software from actual good software." Furthermore, it said, Microsoft has been keeping the list dynamically updated, which helps block new outbreaks.
The NSS Labs report's findings on Microsoft's malware-stopping efficacy squares with research released earlier this year by Microsoft, which showed that that IE9 users were choosing to delete or not run malware 95% of the time that they encountered it while browsing.
Browsers' ability to stop malware that spreads via social engineering is important, because no antivirus or anti-malware software stops all malware, all the time. For example, according to statistics cited by NSS Labs in its report, EU statistics office Eurostat found that even though the majority of European users have antivirus tools running on their PCs, about one third were still infected by malware. Thus, building anti-malware capabilities into browsers adds an extra layer of defense.
Furthermore, such malware attacks are not only quite prevalent, but also effective. Indeed, research released by Bruce Hughes, senior researcher at AVG Technologies, has found that people are four times more likely to see their PC infected by a social engineering attack, rather than a zero-day exploit. "Most people are worried about dangerous exploits sneaking into their computer systems through zero-day exploits but will joyfully click on links found in search engine results, email, or social networking sites," according to Hughes.
At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.