Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Microsoft IE9 Blocks Malware Best

Report finds that IE9's ability to block malicious URLs, malware, and phishing attacks far surpasses that of Chrome, Safari, Firefox, or Opera.

Internet Explorer 9 Fast, Powerful, Intuitive
Slideshow: Internet Explorer 9 Fast, Powerful, Intuitive
(click image for larger view and for slideshow)
Microsoft's Internet Explorer 9 stops nearly 100% of all malware that it encounters, far beating the performance of other Web browsers, according to a new study.

Those findings come from independent security testing organization NSS Labs, which tested five browsers on their ability to block what it dubs as "socially engineered malware," meaning malware that succeeds not necessarily through technical sophistication, but rather by tricking end users into visiting malicious sites, clicking malicious links, or downloading malware. NSS Labs said that no vendors funded the report.

For the test, NSS Labs subjected the browsers to a sustained onslaught of malware and related threat vectors, including sending the browsers to more than 5,000 new, suspicious sites, and watching how long it took the browsers to block sites that NSS Labs ultimately judged to harbor malware. Ultimately, that totaled 1,188 of the suspicious URLs visited, and interestingly, a browser's mean time to block a site, when it did block a malicious site, was about 10 hours.

According to the study, IE9 performed best, catching "an exceptional 99.2% of live threats: 96% with the SmartScreen URL reputation and an additional 3.2% with Application Reputation." Those results far surpassed the performance of Google Chrome 12, which stopped 13.2% of live threats, compared with just 3% in 2010. According to NSS Labs, "this improvement tracks to an enhancement in SafeBrowsing," which warns users when they may be downloading a malicious file.

Meanwhile, both Apple Safari 5 and Mozilla Firefox 4 stopped 7.6% of live threats. Firefox's malware-stopping ability, however, declined from 2010, when it had blocked 19% of live threats. But Firefox's 2011 performance still surpassed that of Opera, which blocked just 6.1% of live threats.

What accounts for IE9's strong showing? The NSS Labs report singles out SmartScreen, which is technology used by IE to block phishing attacks (as of IE7), malware attacks (as of IE8), and known-malicious URLs (as of IE9). In addition, with IE9, Microsoft also added SmartScreen Application Reputation, which helps block downloadable malware that's disguised as a legitimate application. According to Microsoft, 7% of all IE downloads are malware.

"The significance of Microsoft's new application reputation technology cannot be overstated," according to the NSS Labs report. "Application Reputation is the first attempt by any vendor to create a definitive list of every application on the Internet. This new capability helps users discern malware, and potentially unsafe software from actual good software." Furthermore, it said, Microsoft has been keeping the list dynamically updated, which helps block new outbreaks.

The NSS Labs report's findings on Microsoft's malware-stopping efficacy squares with research released earlier this year by Microsoft, which showed that that IE9 users were choosing to delete or not run malware 95% of the time that they encountered it while browsing.

Browsers' ability to stop malware that spreads via social engineering is important, because no antivirus or anti-malware software stops all malware, all the time. For example, according to statistics cited by NSS Labs in its report, EU statistics office Eurostat found that even though the majority of European users have antivirus tools running on their PCs, about one third were still infected by malware. Thus, building anti-malware capabilities into browsers adds an extra layer of defense.

Furthermore, such malware attacks are not only quite prevalent, but also effective. Indeed, research released by Bruce Hughes, senior researcher at AVG Technologies, has found that people are four times more likely to see their PC infected by a social engineering attack, rather than a zero-day exploit. "Most people are worried about dangerous exploits sneaking into their computer systems through zero-day exploits but will joyfully click on links found in search engine results, email, or social networking sites," according to Hughes.

At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is the last time we hire Game of Thrones Security"
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17185
PUBLISHED: 2019-12-09
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-12424
PUBLISHED: 2019-12-09
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-18380
PUBLISHED: 2019-12-09
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.
CVE-2019-19687
PUBLISHED: 2019-12-09
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, whic...
CVE-2019-19682
PUBLISHED: 2019-12-09
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the ...