Internet Explorer 9 outperforms competing browsers in malware blocking test

Internet Explorer 9 outperforms competing browsers in malware blocking test

Summary: According to a newly released research by NSS Labs, Microsoft's Internet Explorer 9 greatly outperforms competing browsers in malware download test.

SHARE:

According to a newly released research by NSS Labs, Microsoft's Internet Explorer 9 greatly outperforms competing browsers in a test against socially-engineered malware. Based on an active testing against 615 malicious URLs for 19 days, both Internet Explorer 9 and Internet Explorer 8 topped the comparative chart.

Here are the findings:

Windows Internet Explorer 9 - IE9 caught an exceptional 92% of the live threats Windows Internet Explorer 8 - caught 90% of the live threats Apple Safari 5 - caught 13% of the live threats Google Chrome 10 - caught 13% of the live threats Mozilla Firefox 4 - caught 13% of  the  live threats Opera 11 - caught 5% of the live threats

More details:

With SmartScreen enabled and Application Reputation disabled, IE9 achieved a unique URL blocking score of 89% and over-time protection rating of 92%. Enabling Application Reputation on top of SmartScreen increased the unique URL block rate of Internet Explorer 9 by 11% (to 100%) at zero hour as well as the over-time protection by 8% (to 100%). Internet Explorer 9 was by far the best at protecting against socially-engineered malware,even before App Rep’s protection is layered on top of SmartScreen.

Why are NSS Labs' findings not necessarily accurate?

This isn't the first time I've criticized research published by NSS Labs, and definitely not the last. Not only is the research ignoring the existence of client-side vulnerabilities, it's methodology is fundamentally flawed taking into consideration the limited number of URLs the browsers are tested against, combined with lack of testing of the additional protection features offered by the competing browsers and the related security add-ons.

See:

An excerpt:

By excluding client-side vulnerabilities, the study isn’t assessing IE8’s DEP/NX memory protection, as well as omitting  ClickJacking defenses and IE8’s XSS filter, once pointed out as a less sophisticated alternative to the Firefox-friendly NoScript.

Socially engineered malware is not the benchmark for a comprehensive assessment of a browser’s malware block rate. It’s a realistic assessment of the current and emerging threatscape combined with comprehensive testing of all of the browser’s currently available security mechanisms, a testing methodology which I think is not present in the study.

What do you think? Isn't the fact that client-side vulnerabilities are excluded, undermining the benchmarking methodology used? What about the lack of measurement of vulnerable and outdated browser plugins which could lead to a successful exploitation through a web based malware exploitation kit?

Talkback.

Image courtesy of NSS Labs.

Topics: Security, Browser, Malware, Microsoft

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

82 comments
Log in or register to join the discussion
  • I disagree

    Saying that it doesn't test client-side vulnerabilities is sort of beside the point. It's a test of malware blocking. And, at least today, vulnerabilities are a much smaller issue for end users than straight-out malware, and especially for IE9. I think the test is a very reasonable one.

    >>What about the lack of measurement of vulnerable and outdated browser plugins which could lead to a successful exploitation through a web based malware exploitation kit

    But surely these would be blocked, at least in part, by the URL reputation system.
    larry@...
  • fix the title

    the title looks like IE9 is a magnet for malware and then you claim otherwise in your article.
    Linux Geek
    • Haha

      @Linux Geek I was thinking the same thing!
      Bates_
      • RE: Internet Explorer 9 outperforms competing browsers in malware download test

        @Bates_
        I would expect MS to be on top of the browser game on their own OS, but that is just another point of failure...
        Let's test all the browsers on alternative operating systems... o crap, IE is MS only.... another fail!
        Johan Safari
      • RE: Internet Explorer 9 outperforms competing browsers in malware download test

        Johan Safari Another fail? Are you serious? Do people even actually use those other platforms? Well, with the exception of Mac anyway, nobody really cares. Linux? Oh wait, there are still a few kids of their basements using it, but I doubt Microsoft is losing any sleep over them. <img border="0" src="http://www.cnet.com/i/mb/emoticons/happy.gif" alt="happy">
        Tiggster79
    • Wrong fix for title.

      @Linux Geek ... Most computer literate people understand the meaning and significance of the title.

      However a little more detail would be helpful. I would have changed the title to "Internet Explorer 9 outperforms competing browsers in socially engineeered malware download test". Socially engineered malware is the fastest growing segment of malware (12% in 2008, 28% in 2009). In fact 53% of all malware now comes from downloads.
      kyron.gustafson@...
    • RE: Internet Explorer 9 outperforms competing browsers in malware download test

      @Linux Geek
      Did they fix it? It looks fine to me. "Internet Explorer 9 outperforms competing browsers in malware blocking test" is exactly what the article is saying.
      William_P
    • RE: Internet Explorer 9 outperforms competing browsers in malware download test

      @Linux Geek <br><br>It looks like fanatics will only see what they <s>want to</s> can see.<br><br>My condolences.
      WinTard
      • RE: Internet Explorer 9 outperforms competing browsers in malware download test

        @WinTard - Nice and very accurate - this one stings really bad for him and that "Joe.S..." goof-ball.
        ItsTheBottomLine
      • RE: Internet Explorer 9 outperforms competing browsers in malware download test

        @WinTard

        So, you have IE9 downloading malware faster than any other browser?
        YetAnotherBob
    • RE: Internet Explorer 9 outperforms competing browsers in malware download test

      @Linux Geek Too bad the memory leak in it wasn't discussed. By far the worst browser now due to that. It's funny that when it was a pathetic malware magnet, there was no memory leak issues. Good thing they "improved" it! LOL!
      blueskip
  • RE: Internet Explorer 9 outperforms competing browsers in malware download test

    Most malware nowadays is socially engineered. I don't see a problem with singling it out and testing different browsers on it.
    Aerowind
    • RE: Internet Explorer 9 outperforms competing browsers in malware download test

      @Aerowind

      But if the issue is realy social engineering, then would it not seem that user awareness training would be better - and if so, maybe the other browser developers are much more in favor of that approach. MS still seems to harp on the philosophy that "We know more than you do, so we're going to protect you from what we know to be bad stuff, whether you like it or not". I worry that such philosophy lulls users into a false sense of security and laziness. Remember, convenience generaly breeds carelessness!!! MS makes if convenitne to ignore such threats, and then users become careless & depend on someone else for their protection. Not a good scenario in MY book.
      Willnott
      • RE: Internet Explorer 9 outperforms competing browsers in malware download test

        @Willnott So Microsoft gets criticized for not preventing malware attacks, and now that they do, and do so better than their competition, they are being dogged for that? Wow! Some people are even more stupid than they appear. LOL
        Tiggster79
      • No, It's Not That Simple

        @LynxSteve
        Microsoft was criticized for security vulnerabilities, not lack of malware blocking.

        Willnott's criticism is about Microsoft making users feel that they can safely remain ignorant about administering/using their own computer. In this case saying that they can safely download and install anything, and IE will block the bad stuff. That attitude is not beneficial to the user in the long run.

        Of course, this doesn't really mean that blocking sites for known malware threats is a bad idea. It would be nice, however, if users could also be taught to be careful and not depend completely on malware blocking, which can not always work.
        CFWhitman
    • RE: Internet Explorer 9 outperforms competing browsers in malware download test

      @Aerowind The test was done April 2011, IE9 released late March 2011. Coincident?
      anothercanuck
  • RE: Internet Explorer 9 outperforms competing browsers in malware download test

    And that is why I have IE9 loaded on my PCs, well on those which will run it. Makes Google Chrome look very pitiful. Although Firefox didn't do as well as I'd hope, I'll still use it for the extensions.
    LoverockDavidson
    • Who cares about IE9?

      @LoverockDavidson Browsing is increasingly being done from non-PC devices. Now if you can find a way for me to run IE9 on Linux ...
      davidr69
      • RE: Internet Explorer 9 outperforms competing browsers in malware download test

        @davidr69
        Why would you want to run linux? Much less connect it up to the internet and use a web browser on it making yourself even more vulnerable?
        LoverockDavidson
      • RE: run IE9 on Linux

        @davidr69

        All I would have to ask is <b>WHY????</b>
        fatman65535