Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/16/2011
04:59 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Internet Explorer 9 Best At Catching Socially Engineered Malware

Microsoft's newest browser outperforms Chrome, Firefox, Safari, and Opera in lab test for detecting malware-laden links

When it comes to socially engineered malware protection, Microsoft's Internet Explorer 9 wins hands down over other browsers, according to a new report from independent testing organization NSS Labs.

IE9 detected 96 percent of malicious links worldwide via its SmartScreen URL reputation feature, and another 3.2 percent when its Application Reputation feature was enabled. Next was Google Chrome 12, which caught 13.2 percent of the threats; Apple Safari 5, which detected 7.6 percent; Mozilla Firefox 4, which also detected 7.6 percent; and Opera 11, which found 6.1 percent.

Malware from websites is one of the three main threat vectors for browsers; phishing attacks and exploits are the other two. Rick Moy, president and CEO of NSS Labs, says the new test results demonstrate that IE9 is best in stopping malware. "This was a test of malware tricking users," Moy says. "It would not be correct to say that this says IE is the safest browser. It would be correct to say it stops more malware [than other browsers]."

NSS Labs also plans to test all of the browser brands in stopping phishing and exploits, he says.

A Mozilla spokesperson noted that the test is just one measurement of browser security. "Being safe on the Web certainly does mean avoiding downloads from sites you don't trust, but it also includes robust browser defenses against malware and phishing, new technologies to help sites and users secure themselves, and a responsive security team that gets security updates out quickly and reliably," the spokesperson said. "Mozilla is fiercely proud of our long track record of leadership on security and would welcome any truly comprehensive study of the subject."

Microsoft's SmartScreen feature is basically a blacklist of malware-pushing URLs, while Application Reputation is more of a white list/gray list feature that checks for known good and known bad applications, NSS Labs' Moy notes. "Plus it does, 'I haven't seen this before, it might be risky,'" he says.

Jeremiah Grossman, founder and CTO at WhiteHat Security, says it would be difficult for other browser vendors to gather application information like Microsoft does. "I'm not sure the other guys could do what they did," Grossman say.

NSS Labs noted Microsoft's unique position when it comes to amassing a reputation system. "The significance of Microsoft’s new application reputation technology cannot be overstated. Application reputation is the first attempt by any vendor to create a definitive list of every application on the Internet. This new capability helps users discern malware and potentially unsafe software from actual good software," states the NSS Labs report. "The list is dynamically created and maintained, much the same way Google [or Bing] is continuously building and maintaining a library of content for search purposes."

Microsoft also improved its turnaround time for blocking URL malware attacks in the new NSS Labs tests. "Microsoft continues to invest in SmartScreen functionality and takes action to address harmful sites as quickly as possible. Last year, NSS Labs reported that IE9 would block an attack in 3.99 hours. Their most recent report indicates IE9 now recognizes new attacks in 2.85 hours with SmartScreen filter and in under an hour when also using Application Reputation," Microsoft said in a statement.

Meanwhile, Microsoft's aggressive efforts to beef up IE security is no coincidence. "Microsoft has to [do so] because they are going to get kicked out of the enterprise if they don't figure [browser security] out. They are very concerned about losing the enterprise grip they have," especially with Google talking up Chrome in the enterprise, Grossman says. "If they show that this browser is safer than Chrome or Firefox, enterprises are likely to upgrade and stay with Microsoft."

NSS Labs tested the browsers from May 27 through June 10, 2011, using some 1,188 malware-rigged URLs. A full copy of the lab report is available here (PDF) for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18885
PUBLISHED: 2019-11-14
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
CVE-2019-18895
PUBLISHED: 2019-11-14
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.
CVE-2019-18957
PUBLISHED: 2019-11-14
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.
CVE-2019-16863
PUBLISHED: 2019-11-14
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
CVE-2019-18949
PUBLISHED: 2019-11-14
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.