IE10 beats Chrome, Safari, Firefox at blocking web malware

IE10 beats Chrome, Safari, Firefox at blocking web malware

Summary: The application reputation systems used in Internet Explorer 10 and Chrome offer users far better protection than rivals, according to a study.

SHARE:
TOPICS: Security, Browser
40

Internet Explorer 10 offers better protection against malware hosted on websites than Chrome, Safari, Firefox and Opera, according to a new browser security study.

At 99.96 percent, IE10's malware block rate outperformed Chrome's (versions 25 and 26) block rate of 83.16 percent, according to a study by analyst firm NSS Labs.

The difference between the two browsers however was minor compared to their lead on rivals: Safari 5 blocked 10.15 percent of malware, Firefox 19 blocked 9.92 percent and Opera 12 only blocked 1.87 percent in the study said.

The company tested each browser's ability to block malware from a sample of 754 URLs that were found to be "active and malicious". The company said it removed adware and false positives and tested the URLs against each browser every six hours between 13 March and 9 April this year.

According to NSS, Chrome and IE10 both offered superior defences because of the additional file blockers Microsoft and Google employed in their respective browsers.

2013-05-15 12.13.14 pm
Image: NSS Labs.

Safari and Firefox rely on Google's Safe Browsing API which provides URL filtering. However, Chrome employs a newer version of the API, additional reputation-checking and a file-based malware blocker called Download Protection that are not used in Safari and Firefox, according to NSS.

Chrome's additional file blockers caught 73 percent of malware while the URL reputation system in common with Safari and Firefox blocked around 10 percent, it found.

Microsoft employs its own reputation-based system in IE10 and IE9 called Application Reputation, which determines whether an application is established enough to be trustworthy, and SmartScreen which provides URL filtering. Application Reputation picked up 17 percent of malware while its URL filter picked up 83 percent, according to NSS.

"Both Google's Download Protection and Microsoft's App Rep [Application Reputation] allow users to override browser protecting, however, Google relies on this less reliable protection mechanism nearly four times as often as does Microsoft," Randy Abrams, research director at NSS Labs, said in a statement.

"The net result is that IE10 users are offered superior protection over Chrome users with one quarter the risk of making a bad download decision. Firefox, Safari, and Opera users are afforded little protection at all by their browsers."

Topics: Security, Browser

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

40 comments
Log in or register to join the discussion
  • Ouch

    A post not "anti-microsoft" ? Not sure how many people will read this... you see, people on this site much prefer to read articles with a header like "IE 10 worst browser in history" or "Microsoft, the dream is over" instead of the truth...
    DJK2
    • Na... don't worry

      Everybody who will read the article will think the research was subsidised by Microsoft so it isn’t true.
      gbouchard99@...
      • No sponsoring

        This report was produced as part of NSS Labs’ independent testing information services.
        Leading products were tested at no cost to the vendor, and NSS Labs received no vendor funding to produce this report.
        IE11
        • no vendor funding

          http://arstechnica.com/information-technology/2009/08/microsoft-sponsors-two-nss-reports-ie8-is-the-most-secure/
          Johan Heinstedt
          • That was 2009

            That was 2009.
            No sponsoring now as is clearly stated in the report
            IE11
      • The short history of Microsoft & ZDNET.COM

        “A verbal memo [no email allowed] was passed around the MS campus encouraging MS employee’s to post to ZDNet articles like this one”

        –Michelle Bradley, Microsoft

        ‘The author of the email, posted on ZDNet in a Talkback forum on the Microsoft antitrust trial, claimed her name was Michelle Bradley and that she had “retired” from Microsoft last week.

        ‘”A verbal memo [no email allowed] was passed around the MS campus encouraging MS employee’s to post to ZDNet articles like this one,” the email said.

        ‘”The theme is ‘Microsoft is responsible for all good things in computerdom.’ The government has no right to prevent MS from doing anything. Period. The ‘memo’ suggests we use fictional names and state and to identify ourselves as students,” the author claimed.’

        –Wired Magazine
        Frankie1965
        • what is this BS?

          why would MS specifically target zdnet? it's not like it is the most influential site, no offense zdnet people
          vpupkin
    • Wait for SVJN

      Wait for SVJN, he just working on the article which will explain in detail why this is not true and that the worst is IE10 protection.
      Mr.SV
      • ZDNET.COM and how Microsoft handle it

        Not so long ago we showed Microsoft advertising creeping into editorial sections/structure of ZDNet. there is also an increasing number of former and present Microsoft staff there, acting as “journalists” (syndicated in news feeds) whose bias reeks. Zack Whittaker, former Microsoft UK staff, uses this tech tabloid to spin Microsoft antitrust cases and this month he used this CBS-owned tabloid to spread Microsoft lies about Vista 8 ‘sales’. These are lies. It’s like libel but in reverse, lying for a company rather than against it (hence it’s unlikely that a formal complaint will be raised). The spinner takes the lie as a given, spreads it, and then attempts to shift attention to another topic in his headline.
        Frankie1965
      • And if so, I have some ammo for SVJN

        As "good" as it may claim to be, it did not protect my spouse at all from the "System Care Antrivirus" ransomware!!!! All she did was to click the link in an authentic looking DHL email before I could say "NO DON'T"....
        AND it was a real bear to remove this time, because it now seems to ride on the tail of a number of seemingly innocent toolbars and search engines - it is necessary to remove ALL evidence of every one of those before it disappears. And, no, a "strong anti-virus software" does NOT remove it!!! (At least not in our experience.) Even had to go to regedit and search for the many entries of each toolbar & search engine before it went away.
        Still, it is truly malware, being a program that only seems to prevent other programs from running.
        Willnott
  • URL FILTERING

    evaluating security only on URL filtering is funny at least. BTW, there quite a few security addons for Ff. Did they used noscript? How is IE doing with the unsafe reloads?
    Seems to me a quite crappy evaluation...
    kirovs@...
    • The study is looking at default web browser security

      Firefox with the NoScript add-on offers many security benefits. However, the NoScript add-on for Firefox must be downloaded, installed and properly configured (to get maximum benefit) by the user. Even Chrome and Opera, with their built-in URL whitelisting capability, require that the user properly configure and use this built-in, optional feature.

      I'd be interested to know what percentage of the Firefox user base have downloaded and installed the NoScript add-on. In addition, I'd like to know what % of these users actively manage their frequently-visited, legitimate web sites via NoScript's whitelisting capability.
      Rabid Howler Monkey
      • Exactly

        No point using the "but if you install this it makes it more secure" argument.. That's like saying one car is safer then an other, even though tests prove otherwise and then argument the user first needs to install extra parts not part of the default configuration.
        DJK2
      • Even better security

        NoScript, Addblock Plus, Ghostery. BetterPrivacy to clean out super cookies. WOT to help with site quality.

        These are all addons, so I don't expect the average user to load them. I agree that vanilla Firefox is lacking in security...
        CyberZombie
      • Not for Firefox, exactly

        Although I downloaded it & used it for about a week in Mozilla's Seamonkey browser.

        Did it block scripts from websites I hadn't marked as safe? Oh, you betcha.

        Did it show me how many websites are hooked into Google Analytics? Yep, quite an eye-opener?

        Was it very frustrating to try & figure out which sites/add-ons could be 100% trusted, versus the ones that I would mark as temporarily having access so that I could figure out what part of the page they affected, thereby making me glad that I didn't use it in Firefox (my wife's preferred browser)? Ohhhhh, yeaaaaaah....
        spdragoo@...
      • Firefox advantage

        The advantage with Firefox, is that with addons like NoScript and Ghostery you can block all the Google spyware that is built into so many web sites.

        And, all these addons, including some mentioned below, have been available for years. Long before Microsoft and Google woke up to privacy.
        jorjitop
    • not just URL Filtering

      Both rely URL filtering MS Moreso the Chrome though both look at content albeit in different ways the end result is the same. It's hard for companies like MS and Google to do URL Filter because they have the resources to tell who the majority of the bad actors are. As for Add-ons they are irrelavent for the purposes of Testing BASE Out of box product. (most non technical users don't use add-ons too I would guess) but that's like comparing a Celica to Mustang , but the Celica out performs the Mustang if you add Component XXXX. Compare apples to apples that's the idea.
      Threv
      • Danm lack of Edit

        It's hard for companies like MS and Google to do URL Filter because they have the resources to tell who the majority of the bad actors are.

        should be It's NOT hard for companies like MS and Google to do URL Filter because they have the resources to tell who the majority of the bad actors are.
        Threv
    • sure

      if you can trust the add-on.
      Rob.sharp
  • Incomplete analysis

    The real question raised by this study is why the SmartScreen URL reputation system used by IE catches so many more malware sites than Google's Safe Browsing API which is used by Chrome, Firefox, and Safari.

    That said, the article states that the study excluded false positives... so if SmartScreen blocks 83% of actual threats how many NON threats does it block? If that number is significant then people are naturally going to turn it off. At which point the protection goes away.

    The study could have been much better by analyzing each component separately (i.e. if SmartScreen is turned off then how many threats does Application Reputation catch on its own) and how often each generated false positives. As it is all this study really tells us is that IE's SmartScreen is very good at identifying the URLs of malware sites and Google's Download Protection is very good at identifying actual malware regardless of what site it is coming from.
    CBDunkerson