Internet Explorer Blocks More Malware Than Firefox, Chrome, Safari
NSS Labs browser tests show Google SafeBrowsing API weak link in catching click fraud malware
It hasn't been the best month for Internet Explorer given the recent zero-day attack, but the Microsoft browser got some good news today with a new test that shows it's by far better at stopping malware than Google Chrome, Mozilla Firefox, and Apple Safari.
NSS Labs today released the results of tests it conducted on the major browsers to determine how they defend against malware associated with bank fraud, password-stealing, phony antivirus, and click fraud. IE fared best, blocking 95 percent of all malware-related activity, followed by Chrome, which blocked 33 percent, and Firefox and Safari, which blocked less than 6 percent.
More Security Insights
- Forrester Study: The Total Economic Impact of VMware View
- Securing Executives and Highly Sensitive Documents of Corporations Globally
- Innovations in Integration: Achieving Holistic Rapid Detection and Response
- Optimize Your SQL Environment for Performance & Flexibility
Another interesting statistic: Chrome halted only 1.6 percent of click fraud, and IE was also No. 1 in this test, stopping 96.6 percent of click-fraud malware during the tests. Firefox picked up 0.8 percent; and Safari, 0.7 percent.
The browser versions tested were Apple Safari 5, Google Chrome versions 15 through 19, Microsoft Internet Explorer 9, and Mozilla Firefox versions 7 through 13.
"Given Chrome's prominence and increasing market share, we predict ongoing increases in click fraud unless Google takes serious steps to improve its click-fraud protection," says Stefan Frei, research director of NSS Labs.
The study was conducted between Dec. 2, 2011, and May 25, 2012, testing the most up-to-date versions of the browsers on identical virtual machines running Windows 7.
Other findings by NSS Labs: The average life span of a click-fraud URL is 32 hours, and more than half die off within 54 hours. Click fraud mainly affects ad buyers, but users who are infected by click-fraud attacks get infected with other malware.
NSS Labs recommends that users pressure Google to beef up its click-fraud protection features in Chrome and its API, and says to expect a major jump in click fraud in 2013.
The full report is available here for download.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.