Report: IE 9 Best Defense Against Social Malware -- Redmondmag.com

Report: IE 9 Best Defense Against Social Malware

By Kurt Mackie
08/15/2011

Microsoft's Internet Explorer 9 browser once again topped the list of browsers providing the greatest protection against socially engineered threats, according to NSS Labs.

This latest August 2011 third-quarter report from the Carlsbad, Calif.-based "independent security and performance lab" collected worldwide test data on socially engineered malware in the second quarter of this year. The performance of leading browsers against threats in which users get tricked into downloading malware was compared. Those browsers included IE 9 (with and without a new "application reputation" feature), Google Chrome 12, Apple Safari 5, Mozilla Firefox 4 and Opera 11.

As with previous NSS Labs reports, there was no contest, with IE 9 providing 99.2 percent protection against socially engineered threats. That result included Microsoft's new application reputation feature. Without that feature, IE 9 still maintained the lead, with 96 percent protection, according to the study.

In contrast, other browsers trailed greatly. Chrome 12 blocked 13.2 percent of socially engineered attacks. Firefox 4 and Safari 5 blocked 7.6 percent of those attacks each. Opera came in last by blocking just 6.1 percent of the attacks.

Compared with NSS Lab's Q3 2010 report, IE 9 showed a 0.2 percent protection improvement in this Q3 2011 report. Chrome 12 showed the best improvement, at 10.2 percent year over year. Safari and Firefox each slipped, year over year, showing 3.4 percent and 11.4 percent declines in protection, respectively. Opera's protection improved by 6.1 percent when compared year over year in NSS Labs' reports.

Microsoft's IE 9 uses a SmartScreen URL reputation service that accesses a cloud-based database to warn users about threats. Chrome, Firefox and Safari use Google's "safe browsing" reputation data feed in a similar way to block malware threats. Nonetheless, the report found that Google Chrome scored somewhat better than Firefox and Safari in protecting against malicious links.

Microsoft has acknowledged in the past that it has provided funding for NSS Labs studies on this topic, even though the reports themselves did not acknowledge that funding. This August 2011 Q3 report appears to be different, with NSS Labs indicating no sponsorship funding.

"This report was produced as part of NSS Labs' independent testing information services," the report states (p. 11). "Leading vendors were invited to participate fully at no cost, and NSS Labs received no vendor funding to produce this report."

NSS Labs' report, "Web Browser Security: Socially-Engineered Malware Protection -- Comparative Test Results Global, August 2011" can be downloaded for free here. The testing organization also produced two regional reports for Europe and the Asia-Pacific.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.