Internet Explorer Malware Protections Ahead of Rivals, NSS Labs Contends

A new NSS Labs report puts Internet Explorer way ahead of rival browsers from Google, Apple, Mozilla and Opera in the fight against malware.

The report, which was commissioned by Microsoft, is the fourth analysis by NSS Labs aimed at testing the ability of Web browsers to block "socially engineered malware" attacks. The findings are based on 11 days of testing in September that pitted Internet Explorer (IE) 8 and 9, Safari 5.0.1, Firefox 3.6.10, and Chrome 6.0.472.63 against malicious sites.

According to NSS, IE8 and IE9 caught 89 and 92 percent of the malicious sites in the tests within the first day, respectively. This compared to 19 percent by Firefox 3.6, 12 percent by Safari 5 and 4 percent by Chrome 6. Opera fared the worst, detecting zero percent of the live threats, according to the test.

NSS Labs defines a socially engineered malware URL as a link that "directly leads to a download that delivers a malicious payload whose content type would lead to execution, or more generally a Website known to host malware links."

According to Rick Moy, president of NSS Labs, the key to Microsoft's success is its use of reputation in the SmartScreen URL filters in IE8 and IE9, as well as the application reputation technology in IE9.

"Reputation technology is definitely important, and it can help close the gap [with] cyber-criminals," Moy said.

When it came to the amount of time it takes to add a malicious site to the list of blocked sites, IE also led the way with a roughly 4-hour layover for both versions. Firefox was next with slightly more than 6 hours, while Chrome and Safari took approximately 18 and 37 hours, respectively.

Jeb Haber, principal program manager lead for Microsoft's Internet Explorer security team, said that since IE8 shipped, Microsoft has delivered 1.2 billion malware warnings. In IE9, which is still in beta, the company looked at application reputation as a way to add more protection against malicious downloads.

The end result was integration between IE9's Download Manager and SmartScreen filter. The technology checks both reputation data and whether an executable comes from a trusted source to flag malicious programs.

"Malware is evolving very, very quickly, and we wanted to approach it from … a different sort of perspective," Haber said. "So [application reputation] is about two primary goals—one removing warnings that are unnecessary … and then obviously to reduce infections [and] to provide a risk-based warning."

Google Chrome is now on Version 8. A Google spokesperson called the test limited in its sole focus on socially engineered malware attacks as opposed to other issues like vulnerabilities in plug-ins or the browsers themselves.

"Additionally, the testing methodology isn't available in a way that can be independently verified," the spokesperson contended. "Google Chrome was built with security in mind from the beginning and emphasizes protection of users from drive-by downloads and plug-in vulnerabilities—for example, we recently introduced a new security sandbox for Flash Player."

The report can be viewed here.