IE 9 Best Defense Against Social Malware, Says Study
Microsoft Internet Explorer 9 once again topped the list of browsers providing the greatest protection against socially engineered threats. That's the gist of the August 2011 third-quarter report from Carlsbad, Calif.-based NSS Labs. The report is based on worldwide test data collected on socially engineered malware in the second quarter of this year.
The performance of leading browsers against threats in which users get tricked into downloading malware was compared. Those browsers included IE 9 (with and without a new "application reputation" feature), Google Chrome 12, Apple Safari 5, Mozilla Firefox 4 and Opera 11.
As with previous NSS Labs reports, there was no contest, with IE 9 providing 99.2 percent protection against socially engineered threats. That result included Microsoft's new application reputation feature. Without that feature, IE 9 still maintained the lead, with 96 percent protection, according to the study.
In contrast, other browsers trailed greatly. Chrome 12 blocked 13.2 percent of socially engineered attacks. Firefox 4 and Safari 5 blocked 7.6 percent of those attacks each. Opera came in last by blocking just 6.1 percent of the attacks.
Compared with NSS Lab's Q3 2010 report, IE 9 showed a 0.2 percent protection improvement in this Q3 2011 report. Chrome 12 showed the best improvement, at 10.2 percent year over year. Safari and Firefox each slipped, year over year, showing 3.4 percent and 11.4 percent declines in protection, respectively. Opera's protection improved by 6.1 percent when compared year over year in NSS Labs' reports.
Microsoft's IE 9 uses a SmartScreen URL reputation service that accesses a cloud-based database to warn users about threats. Chrome, Firefox and Safari use Google's "safe browsing" reputation data feed in a similar way to block malware threats. Nonetheless, the report found that Google Chrome scored somewhat better than Firefox and Safari in protecting against malicious links.
Microsoft has acknowledged in the past that it has provided funding for NSS Labs studies on this topic, even though the reports themselves did not acknowledge that funding. This August 2011 Q3 report appears to be different, with NSS Labs indicating no sponsorship funding.
"This report was produced as part of NSS Labs' independent testing information services," the report states (p. 11). "Leading vendors were invited to participate fully at no cost, and NSS Labs received no vendor funding to produce this report."
NSS Labs' report, "Web Browser Security: Socially-Engineered Malware Protection -- Comparative Test Results Global, August 2011" can be downloaded for free here. The testing organization also produced two regional reports for Europe and the Asia-Pacific.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.