Internet Explorer Shines in NSS Labs Browser Security Test

An analysis of Google Chrome, Apple Safari, Mozilla Firefox and Internet Explorer showed IE performed the best when it comes to fighting click fraud and malicious downloads.

A new report by NSS Labs puts Microsoft Internet Explorer ahead of the pack when it comes to fighting click fraud.

Click fraud affects pay-per-click advertising when a person, automated script or program fraudulently registers a click on an ad in order to generate money from the scammer. Earlier this year, the Flashback botnet used thousands of computers to launch a click fraud scheme that Symantec estimated earned some $14,000 in a three-week period.

According to NSS Labs, the average lifespan of a click fraud URL was 32 hours, with more than 50 percent expiring within 54 hours. In its tests, the company compared Internet Explorer 9 (IE 9), Google Chrome 15-19, Mozilla Firefox 7-13 and Apple Safari 5 during a 175-day period. According to the report, Internet Explorer caught 96.6 percent of click fraud, compared with 1.6 percent by Google Chrome, 0.8 percent by Mozilla Firefox and 0.7 percent by Apple Safari.

With the growth of online advertising revenue, the profitability of click fraud, and the overall inability of leading browsers to protect users, there will be a major growth in click fraud in 2013, NSS Labs predicted.

“Given Chrome’s prominence and increasing market share, we predict ongoing increases in click fraud unless Google takes serious steps to improve its click fraud protection,” Dr. Stefan Frei, research director at NSS Labs, said in a statement.

When it comes to overall malware protection, Internet Explorer led the way as well, with a 94 percent block rate. This compares with 27.6 percent for Google Chrome, 5 percent for Firefox and 4.7 percent for Safari.

"Over 3,000,000 test cases were used in the data sampling captured via NSS Labs' unique live testing harness," according to the report. "An initial sample set of 227,841 unique and suspicious URLs entered the system; 84,396 were found active and malicious and met the criteria for entry into the test. In total 3,038,324 test runs were performed by the four browsers against these unique 84,396 URLs–resulting in over 750,000 [test] cases per browser."

Besides Chrome, Firefox and Safari also use Google's Safe Browsing API for URL blocking. IE 9 on the other hand uses Microsoft's SmartScreen technology. SmartScreen also works with Download Managers to block malicious downloads, the report notes. According to NSS Labs, the Safe Browsing API v2 includes functionality that has been integrated into Chrome, but not into Firefox and Safari. This functionality provides reputation services for executable files, or as Google describes them "malicious downloads," the report notes.

"Of the three browsers using Google’s Safe Browsing API, Chrome is the only one to also utilize Google’s malicious download technology," the report notes.

"The URL blocking performance of these three Safe Browsing browsers was consistent at around 5 percent," the analysis continues. "Google's malicious download protection proved to be almost five times more effective than URL blocking alone."