Internet Explorer trounces rivals in blocking socially engineered malware

Google Chrome, Apple Safari, Firefox, and Opera score low marks in third-party testing

Microsoft Internet Explorer suffers a reputation for being insecure, but a recent test by NSS Labs reveals that the browser, especially the recently released Version 9, is the best candidate for protecting users from socially engineered malware.

In fact, both IE 8 and 9 put rival browsers Apple Safari, Google Chrome, Mozilla Firefox, and Opera to shame: Whereas IE 8 blocked 90 percent of socially engineered malware and IE 9 stopped 99 percent, the next best performer was Firefox 3.6, which detected just 19 percent. (The report is available for download from NSS Labs (PDF).)

Socially engineered malware represents an ever-increasing threat on the Web: End-users are duped into clicked seemingly safe links that lead them to execute damaging malware or send them to Web sites that host malware links. The browser is often the last line of defense against such attacks. Trend Micro reports that 53 percent of malware is now delivered via Internet downloads, compared to the 12 percent delivered through email.

NSS attributed Microsoft's success to the use of its SmartScreen URL filtering technology, present in IE 8 and 9, which continually checks the sites users visit against a dynamic list of reported phishing and malware sites. IE 9 outscored IE 8 because the newer browser also includes a SmartScreen application reputation service, which warns users against running or saving potentially dangerous software.

According to NSS Labs, Chrome, Firefox, and Safari all use Google's Safe Browsing data feed to protect against socially engineered malware. However, the browsers all fared differently in the test. Firefox 3.6 blocked 19 percent of the malware; Safari 5 blocked 11 percent; and Chrome 6 blocked 3 percent.

NSS Labs attributed the differences to the fact that "each browser or intermediary server may implement the API differently, calling it at different times with different parameters and determining blocks differently. Further, as an open source project, Mozilla's implementation uses a different database structure and access method from the other two proprietary browsers."

Also, according to NSS Labs, Google made available a new version of its Safe Browsing API earlier this year, designed to use bandwidth more efficiently. "Given the results, it is clear that the new implementation of the Safe Browsing service is not blocking malware URLs as successfully as before," according to the report.

By way of comparison, NSS Labs performed a similar test earlier this year of the then-most current versions of the aforementioned browsers. In those tests, too, Microsoft dominated the competition: IE 8 blocked 85 percent of socially engineered malware, Safari 4 and Firefox 3.5 tied at 29 percent, Chrome 4 stopped 17 percent, and Opera 10 caught less than one percent.

Notably, NSS Labs was contracted to perform this test by Microsoft as an internal benchmark; "It has subsequently been approved for public release," according to NSS Labs, presumably because Microsoft found that it had fared so well.

Google raised several issues about the NSS Labs tests in the following statement: "These sponsored tests are limited in their sole focus on socially engineered malware, while excluding vulnerabilities in plug-ins or browsers themselves. Additionally, the testing methodology isn't available in a way that can be independently verified. Google Chrome was built with security in mind from the beginning and emphasizes protection of users from drive-by downloads and plug-in vulnerabilities -- for example, we recently introduced a new security sandbox for Flash Player."

Google's point that the test focused on socially engineered malware is certainly relevant; the point is that the test doesn't mean IE is the most secure browser out there, period. According to InfoWorld security expert Roger Grimes, "any fully patched browser can be used relatively safely. You can change browsers, but your risk is the same with all of them -- nearly zero -- if your browser, OS, and all add-ons and plug-ins are fully patched."

As to the assertion that the testing methodology isn't available in a way that can be independently verified, NSS Labs does outline its testing procedures quite thoroughly in its report, noting that it used a total of 636 pre-screened URLs to conduct its tests (starting from a pool of 8,000 potential links). The company reports that the margin of error in its test was 3.88 percent.

This article, "Internet Explorer trounces rivals in blocking socially engineered malware," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.

Copyright © 2010 IDG Communications, Inc.