News

Study: IE Scores Highest Against Social Malware

• By Kurt Mackie
• 12/15/2010

Microsoft's Internet Explorer 8 and 9 Web browsers demonstrated better protection against socially engineered exploits than other browsers, as described in a September NSS Labs report.

NSS Labs, which describes itself as an "independent, information security research and testing organization," put six browsers through a series of tests associated with social engineering threats. Two of the browsers tested came from Microsoft: the IE 9 beta and IE 8. Other browsers tested were Mozilla Firefox 3.6, Apple Safari 5, Google Chrome 6 and Opera 10.

Socially engineered threats are defined in the study as "a Web page link that directly leads to a download that delivers a malicious payload…or a Website known to host malware links," according to the third-quarter report, which can be accessed here. The report didn't test the intrinsic security of the browsers or browser plug-ins. It also did not test exploits-with-malware combinations, such as "clickjacking."

IE 9 and IE 8 blocked socially engineered malware at a mean rate of 98.7 percent and 90.2 percent, respectively. The other browsers faired much worse, according to the study. Firefox 3.6 had a mean block rate of 19.5 percent. Safari 5 had a mean block rate of 10.9 percent. Chrome 6 clocked in at a 3.4 percent mean block rate, while Opera 10 offered no protection from socially engineered threats at all.

The blocking mechanisms that thwart socially engineered threats work based on protections built into the browsers and also from Web services that categorize certain URLs into white lists (safe) and black lists (not safe). Users get a warning screen in their browser if the service detects that the URL to be visited leads to an unsafe site.

Chrome, Firefox and Safari all use the Google Safe Browser feed for this white list/black list protection. However, even though those browsers use the same service, they did not offer the same level of protection. No explanation for the varied performance was provided by the browser makers, according to the report. Moreover, the protection offered by those browsers actually decreased compared with results in NSS Labs' first-quarter 2010 report.

The use of version two of the Google Safe Browsing API may be the reason for the decreased protection rates seen for Chrome, Firefox and Safari between the first-quarter report and current third-quarter report, according to NSS Labs. Opera Software planned to use AVG's Online Shield reputation system, but NSS Labs' report speculated that the integration hasn't been completed yet. For example, Opera 10 did not block what AVG's system blocked, the authors explained.

In contrast, IE 8 showed an improvement of five percentage-points in its resistance to socially engineered malware compared with its test result in NSS Labs' first-quarter 2010 report. IE 8 uses Microsoft's SmartScreen Filter system to warn against socially engineered malware. IE 9 uses that technology plus "a new application reputation system." This new technology boosted IE 9's protection by four percentage points over IE 8, the report explained.

The report, "Web Browser Socially Engineered Malware Protection: Comparative Test Results" for September 2010, is the fourth study in a series that appears to be published every first and third quarter of the year. Microsoft's browsers showed similar high test results in thwarting socially engineered malware in previous NSS Labs reports.

Austin, Texas-based NSS Labs is funded by Microsoft but the study does not disclose that information with great clarity. Instead, this statement appears on page 12 of the study: "This private test was contracted by Microsoft's SmartScreen product team as an internal benchmark, leveraging our Live Testing framework."