update To provide a safer Web experience, browser makers today include reputation systems to filter out socially-engineered malware and according to a new study released Tuesday, Microsoft's Internet Explorer 9 (IE9) offers the most robust protection.
Conducted by independent network testing and security consultancy firm, NSS Labs, the study revealed IE9 blocked off an "exceptional" 99.2 percent of live threats thrown at it globally, between May 27 and Jun. 10 this year. Comparatively, Google's Chrome 12, which came in second out of five browsers evaluated, managed to ward off 13.2 percent of the malware, while Mozilla's Firefox 4 and Apple's Safari 5 tied at third with 7.6 percent. Opera 11 came in last at 6.1 percent.
Socially-engineered malware is a widespread problem that afflicts about one-third of Internet users worldwide, according to NSS Labs.
To facilitate the research, the security firm created a "live" environment to simulate user experiences under real-world conditions and selected 1,188 malware-ridden URLs for the test.
Adopting reputation system filters
NSS Labs stated that all five browser makers made use of free, browser-based reputation systems--which feature a "strong use of cloud technologies"--to assist in the fight against socially-engineered malware. However, the study showed that not all vendor implementations and daily operations yielded the same result.
For example, Microsoft's development of its SmartScreen filter which has two components, URL Reputation and Application Reputation, paid off. The study revealed that with only URL Reputation turned on for IE9, Redmond's browser achieved a protection rating of 96 percent. With both components turned on, that number went up to 99.2 percent.
"The significance of Microsoft's new Application Reputation technology cannot be overstated," NSS Labs surmised. "Application Reputation is the first attempt by any vendor to create a definitive list of every application on the Internet."
This list of applications is "dynamically created and maintained", the consultancy firm said, adding that armed with this new capability, users can better discern malware and potentially unsafe URLs from reputable ones.
Jonathan Wong, Microsoft's IE project manager, told ZDNet Asia in a phone interview that Internet trends have clearly shown that drive-by downloads are no longer the most prevalent attacks. Socially-engineered malware have taken over, and very often, users who are not tech-savvy fall prey to such tactics when searching for links to download.
"For example, if you want to download a video codec, you do a search and get a list of URLs unfamiliar to you. But no one really knows if it is indeed a genuine link or malware. This [risk] is going to get worse," Wong warned.
To combat that, he said Redmond incorporated Application Reputation which looks at various factors to establish the reputation for the file, such as its hosting location and whether it is signed by reputable software companies.
"Taking together all of these factors, as well as how many times the file has been downloaded around the world, it's able to establish a reputation for each individual file," he explained. "If it doesn't have a threshold, it will warn the user about downloading the file, as it may turn out to be malware and not trustworthy."
On top of that, IE also receives data from the publicly-available "black list" of URLs which are constantly updated by third-party partners in the Smartscreen technology, he said.
According to the NSS Labs study, in the Asia-Pacific region, IE9 was able to block off a whopping 99.8 percent of threats over a 26-day period stretching May 27 and Jun. 16.
Chrome 12 ranked second with a protection rating of 15.4 percent, while Safari 5 came in third at 9 percent, followed by Firefox 4 with 8.9 percent. Opera 10's overall block rate was the lowest at 5.4 percent but this was "an improvement" over a previous global study in which it scored 0 percent, according to NSS Labs.
The consultancy firm highlighted that the scores for Asia-Pacific fared better than global numbers in the study because the monitoring period for the region ran six days longer.
In terms of average response times taken to block a malware, IE9, when tested with the Application Reputation system turned on, took the top spot at 0.71 hour. However, this figure dropped to 4.71 hours with the system turned off.
Firefox 4 and Safari 5 tied at 3.1 hours, while Opera 11 clocked at almost 11 hours and Chrome 12 at 22.64 hours.
NSS Labs created a "live" test environment under real-world conditions and pre-selected 1,092 malware-ridden URLs for the test, with an average of 50 new links added per day. These URLs identified targeted Asia-Pacific users, it said.