Study: IE Scores Highest Against Social Malware

Microsoft's Internet Explorer 8 and 9 Web browsers demonstrated better protection against socially engineered exploits than other browsers, as described in a September NSS Labs report.

NSS Labs, which describes itself as an "independent, information security research and testing organization," put six browsers through a series of tests associated with social engineering threats. Two of the browsers tested came from Microsoft: the IE 9 beta and IE 8. Other browsers tested were Mozilla Firefox 3.6, Apple Safari 5, Google Chrome 6 and Opera 10.

Socially engineered threats are defined in the study as "a Web page link that directly leads to a download that delivers a malicious payload…or a Website known to host malware links," according to the third-quarter report, which can be accessed here. The report didn't test the intrinsic security of the browsers or browser plug-ins. It also did not test exploits-with-malware combinations, such as "clickjacking."

IE 9 and IE 8 blocked socially engineered malware at a mean rate of 98.7 percent and 90.2 percent, respectively. The other browsers faired much worse, according to the study. Firefox 3.6 had a mean block rate of 19.5 percent. Safari 5 had a mean block rate of 10.9 percent. Chrome 6 clocked in at a 3.4 percent mean block rate, while Opera 10 offered no protection from socially engineered threats at all.

The blocking mechanisms that thwart socially engineered threats work based on protections built into the browsers and also from Web services that categorize certain URLs into white lists (safe) and black lists (not safe). Users get a warning screen in their browser if the service detects that the URL to be visited leads to an unsafe site.

Chrome, Firefox and Safari all use the Google Safe Browser feed for this white list/black list protection. However, even though those browsers use the same service, they did not offer the same level of protection. No explanation for the varied performance was provided by the browser makers, according to the report. Moreover, the protection offered by those browsers actually decreased compared with results in NSS Labs' first-quarter 2010 report.

The use of version two of the Google Safe Browsing API may be the reason for the decreased protection rates seen for Chrome, Firefox and Safari between the first-quarter report and current third-quarter report, according to NSS Labs. Opera Software planned to use AVG's Online Shield reputation system, but NSS Labs' report speculated that the integration hasn't been completed yet. For example, Opera 10 did not block what AVG's system blocked, the authors explained.

In contrast, IE 8 showed an improvement of five percentage-points in its resistance to socially engineered malware compared with its test result in NSS Labs' first-quarter 2010 report. IE 8 uses Microsoft's SmartScreen Filter system to warn against socially engineered malware. IE 9 uses that technology plus "a new application reputation system." This new technology boosted IE 9's protection by four percentage points over IE 8, the report explained.

The report, "Web Browser Socially Engineered Malware Protection: Comparative Test Results" for September 2010, is the fourth study in a series that appears to be published every first and third quarter of the year. Microsoft's browsers showed similar high test results in thwarting socially engineered malware in previous NSS Labs reports.

Austin, Texas-based NSS Labs is funded by Microsoft but the study does not disclose that information with great clarity. Instead, this statement appears on page 12 of the study: "This private test was contracted by Microsoft's SmartScreen product team as an internal benchmark, leveraging our Live Testing framework."

About the Author

Kurt Mackie is online news editor for the 1105 Enterprise Computing Group.

comments powered by Disqus

Reader Comments:

Fri, Dec 17, 2010 AVG Technologies

The recent NSS report that claims AVG’s tools embedded in Opera failed to detect any of the malware introduced during the test are incorrect. At the time of the test, AVG was not “live” in the Opera suite of products. These types of tests that are run without vendor input and substantiation only hurt the consumers that rely on testing organizations to deliver legitimate, thoughtful and, most importantly, accurate assessments of the products they review. AVG continues to call for all testing labs to adhere to a common set of guidelines established by standards bodies like AMTSO, for example. Credentialing provides a means of protecting both the industry from faulty testing scenarios and environments and the consumers from misinformation about the products they know and trust.

Thu, Dec 16, 2010 Tom

Google's version 2 of the 'Safe Browsing API' is indeed the latest, is it not?

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.