IE9 versus Google: which one handles social engineering attacks better?

Social engineering has become the dominant method of distribution for fake antivirus software these days. In my real-world testing with actual malware, Google Chrome did a terrible job of helping users avoid suspicious downloads. Meanwhile, Internet Explorer 9 correctly the exact same sites and files as suspicious. What's the difference?

By Ed Bott, Senior Contributing Editor on April 25, 2011

1 of 8 Ed Bott/ZDNet

I found numerous examples of dangerous searches on the first page of Google results. For more than a day, the number-one result for this Google search led to a site that was actively distributing malware.

For more details, see IE9 versus Chrome: which one blocks malware better?

2 of 8 Ed Bott/ZDNet

Malware authors have gotten expert at mimicking the security screens Google Chrome uses,.See the next page for a direct comparison.

For more details, see IE9 versus Chrome: which one blocks malware better?

3 of 8 Ed Bott/ZDNet

After a day, Google found and removed the poisoned result at the top of this search. See how much the real security alert looks like the fake?

For more details, see IE9 versus Chrome: which one blocks malware better?

4 of 8 Ed Bott/ZDNet

You don't always get a warning from Chrome when you're about to download a potentially dangerous executable file. These two download prompts were captured minutes apart, for malware files that were minor variations of the same code.

For more details, see IE9 versus Chrome: which one blocks malware better?

5 of 8 Ed Bott/ZDNet

This malware author went to a lot of trouble to make his landing page look like an authentic Windows 7 security scan. Even the dialog box is convincing.

For more details, see IE9 versus Chrome: which one blocks malware better?

6 of 8 Ed Bott/ZDNet

Yes, this notification bar offers a warning about potential problems with this file, but it also offers a Run button. What happens when you choose this potentially dangerous option?

For more details, see IE9 versus Chrome: which one blocks malware better?

7 of 8 Ed Bott/ZDNet

IE9's Application Reputation technology treats every new file as suspicious. Legitimate files quickly get a good reputation and no longer this type of warning. Notice that the options are to delete this file or to open another dialog box. You can't save or run it directly.

For more details, see IE9 versus Chrome: which one blocks malware better?

8 of 8 Ed Bott/ZDNet

Because this unsigned file is new and potentially dangerous, it gets these dire warnings. According to Microsoft, these new warnings in IE9 have successfully prevented 95% of infections that would have occurred using IE8.

For more details, see IE9 versus Chrome: which one blocks malware better?

Show Comments