Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Microsoft IE9 Blocks Malware Best

Report finds that IE9's ability to block malicious URLs, malware, and phishing attacks far surpasses that of Chrome, Safari, Firefox, or Opera.

Internet Explorer 9 Fast, Powerful, Intuitive
Slideshow: Internet Explorer 9 Fast, Powerful, Intuitive
(click image for larger view and for slideshow)
Microsoft's Internet Explorer 9 stops nearly 100% of all malware that it encounters, far beating the performance of other Web browsers, according to a new study.

Those findings come from independent security testing organization NSS Labs, which tested five browsers on their ability to block what it dubs as "socially engineered malware," meaning malware that succeeds not necessarily through technical sophistication, but rather by tricking end users into visiting malicious sites, clicking malicious links, or downloading malware. NSS Labs said that no vendors funded the report.

For the test, NSS Labs subjected the browsers to a sustained onslaught of malware and related threat vectors, including sending the browsers to more than 5,000 new, suspicious sites, and watching how long it took the browsers to block sites that NSS Labs ultimately judged to harbor malware. Ultimately, that totaled 1,188 of the suspicious URLs visited, and interestingly, a browser's mean time to block a site, when it did block a malicious site, was about 10 hours.

According to the study, IE9 performed best, catching "an exceptional 99.2% of live threats: 96% with the SmartScreen URL reputation and an additional 3.2% with Application Reputation." Those results far surpassed the performance of Google Chrome 12, which stopped 13.2% of live threats, compared with just 3% in 2010. According to NSS Labs, "this improvement tracks to an enhancement in SafeBrowsing," which warns users when they may be downloading a malicious file.

Meanwhile, both Apple Safari 5 and Mozilla Firefox 4 stopped 7.6% of live threats. Firefox's malware-stopping ability, however, declined from 2010, when it had blocked 19% of live threats. But Firefox's 2011 performance still surpassed that of Opera, which blocked just 6.1% of live threats.

What accounts for IE9's strong showing? The NSS Labs report singles out SmartScreen, which is technology used by IE to block phishing attacks (as of IE7), malware attacks (as of IE8), and known-malicious URLs (as of IE9). In addition, with IE9, Microsoft also added SmartScreen Application Reputation, which helps block downloadable malware that's disguised as a legitimate application. According to Microsoft, 7% of all IE downloads are malware.

"The significance of Microsoft's new application reputation technology cannot be overstated," according to the NSS Labs report. "Application Reputation is the first attempt by any vendor to create a definitive list of every application on the Internet. This new capability helps users discern malware, and potentially unsafe software from actual good software." Furthermore, it said, Microsoft has been keeping the list dynamically updated, which helps block new outbreaks.

The NSS Labs report's findings on Microsoft's malware-stopping efficacy squares with research released earlier this year by Microsoft, which showed that that IE9 users were choosing to delete or not run malware 95% of the time that they encountered it while browsing.

Browsers' ability to stop malware that spreads via social engineering is important, because no antivirus or anti-malware software stops all malware, all the time. For example, according to statistics cited by NSS Labs in its report, EU statistics office Eurostat found that even though the majority of European users have antivirus tools running on their PCs, about one third were still infected by malware. Thus, building anti-malware capabilities into browsers adds an extra layer of defense.

Furthermore, such malware attacks are not only quite prevalent, but also effective. Indeed, research released by Bruce Hughes, senior researcher at AVG Technologies, has found that people are four times more likely to see their PC infected by a social engineering attack, rather than a zero-day exploit. "Most people are worried about dangerous exploits sneaking into their computer systems through zero-day exploits but will joyfully click on links found in search engine results, email, or social networking sites," according to Hughes.

At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.