IE 8 Beats Competition in Microsoft-sponsored Security Tests
- 15 August, 2009 06:59
- Comments 1
Internet Explorer 8 blocked about four out of every five sites that attempt to trick visitors into downloading malicious software in browser security tests performed by NSS Labs.
In the Microsoft-sponsored tests, Firefox 3 came in at a distant second with 27 percent. Safari 4 scored 21 percent, Chrome 2 blocked 7 percent, and the Opera 10 beta was barely there with a 1 percent block rate. The tests did not include sites that use hidden exploits and drive-by-download attacks to attempt to install malware without your ever having a chance to recognize an attack.
According to the report, NSS Labs tested against a list of 2,171 socially engineered malware URLs, which it defines as "a web page link that directly leads to a 'download' that delivers a malicious payload whose content type would lead to execution," over the course of 12 days in July. The tests focused on sites that try to trick you into doing the dirty work of installing the malware, such as sites that disguise malware as a video codec or player.
Blocking these sites is a good thing for any browser, but so is blocking exploit sites. Hidden attack code on exploit sites will search for software flaws in an ActiveX control or browser plugin, for example. If such a flaw exists, the attack code can install malware without having to trick you into downloading anything.
NSS Labs also tested against phishing sites, with much closer results. IE 8 blocked 83 percent of the information-stealing sites, and Firefox 3 blocked 80 percent. Opera 10 beta stopped the pages 54 percent of the time, Chrome 2 blocked 26 percent, and Safari 4 intervened for only 2 percent.
While these results may be fully legit and highlight a real advantage for IE, eyebrows go up whenever a company being tested is also footing the bill. NSS Labs could quell such skepticism by saying where it got its list of malicious URLs, and why it left out exploit sites. The company's report doesn't include this info, and NSS Labs hasn't yet returned calls.
Come socialise with us! Facebook | LinkedIn
- Bookmark this page
- Share this article
- Got more on this story? Email ARN
- Follow ARN on twitter
- Comparative Browser Security Testing - Phishing & Socially Engineered Malware - nsslabs.com
- Erin Andrews Video Attacks Target Macs and PCs - PC World
- Zero-day ActiveX Hole in Windows XP Under Attack - PC World
- Essential Security Fixes for Adobe Flash, Reader, Acrobat and AIR - PC World
- Browser Security - Phishing Test Report - nsslabs.com
- Red Light In the Control Centre Saves Hours of Chaos
- Premier Media Group Fast Study
- Aberdeen Group: Building Business Resilience Through Active Archive
- In Search of the Long-Term Archiving Solution —Tape Delivers Significant TCO Advantage over Disk
- In Search of the Long-Term Archiving Solution —Tape Continues to Be a Major Player
-
Preview: HTC One S
-
Facebook scammers host Trojan horse extensions on the Chrome Web Store
-
Webroot: Growth in security
-
Sice quits Acronis, joins Staples
-
Sice quits Acronis, joins Staples
Get exclusive access to ARN's news, research and invitation only events. 
Comments
Anonymous
Where is the data from the other browsers
If the test was faulty, why aren't the other browsers refuting the results. They did not refute the results in March, and they are not doing it this time. Except for a small blog by an Opera person, who only threw mud, but not data.
Also why people should care about malware & phishing.... It is a huge problem
IE’s blog about SmartScreen sheds some interesting light on the amount of phishing and malware on the Internet. http://blogs.msdn.com/ie/archive/2009/08/13/real-world-protection-with-ie8-s-smartscreen-filter.aspx
• IE8 is delivering a malware block for approximately 1 out of 40 users every week
• Approximately 1 of every 200 downloads is blocked as malicious
• In the four months since IE8’s launch, IE8 has delivered 70 million malware blocks
• IE7 & 8 have delivered 125 million phishing blocks
Post new comment