Report: IE 9 Best Defense Against Social Malware

Microsoft's Internet Explorer 9 browser once again topped the list of browsers providing the greatest protection against socially engineered threats, according to NSS Labs.

This latest August 2011 third-quarter report from the Carlsbad, Calif.-based "independent security and performance lab" collected worldwide test data on socially engineered malware in the second quarter of this year. The performance of leading browsers against threats in which users get tricked into downloading malware was compared. Those browsers included IE 9 (with and without a new "application reputation" feature), Google Chrome 12, Apple Safari 5, Mozilla Firefox 4 and Opera 11.

As with previous NSS Labs reports, there was no contest, with IE 9 providing 99.2 percent protection against socially engineered threats. That result included Microsoft's new application reputation feature. Without that feature, IE 9 still maintained the lead, with 96 percent protection, according to the study.

In contrast, other browsers trailed greatly. Chrome 12 blocked 13.2 percent of socially engineered attacks. Firefox 4 and Safari 5 blocked 7.6 percent of those attacks each. Opera came in last by blocking just 6.1 percent of the attacks.

Compared with NSS Lab's Q3 2010 report, IE 9 showed a 0.2 percent protection improvement in this Q3 2011 report. Chrome 12 showed the best improvement, at 10.2 percent year over year. Safari and Firefox each slipped, year over year, showing 3.4 percent and 11.4 percent declines in protection, respectively. Opera's protection improved by 6.1 percent when compared year over year in NSS Labs' reports.

Microsoft's IE 9 uses a SmartScreen URL reputation service that accesses a cloud-based database to warn users about threats. Chrome, Firefox and Safari use Google's "safe browsing" reputation data feed in a similar way to block malware threats. Nonetheless, the report found that Google Chrome scored somewhat better than Firefox and Safari in protecting against malicious links.

Microsoft has acknowledged in the past that it has provided funding for NSS Labs studies on this topic, even though the reports themselves did not acknowledge that funding. This August 2011 Q3 report appears to be different, with NSS Labs indicating no sponsorship funding.

"This report was produced as part of NSS Labs' independent testing information services," the report states (p. 11). "Leading vendors were invited to participate fully at no cost, and NSS Labs received no vendor funding to produce this report."

NSS Labs' report, "Web Browser Security: Socially-Engineered Malware Protection -- Comparative Test Results Global, August 2011" can be downloaded for free here. The testing organization also produced two regional reports for Europe and the Asia-Pacific.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

  • Windows 10 Version 1809 Users May Get Visual Studio Crashes

    Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.

  • Standardizing the Look of Outlook's Outbound Messages

    Microsoft typically gives users a blank canvas to compose new e-mails in Outlook. In some corporate environments, however, a blank canvas isn't a good thing.

  • Windows 10 'Semiannual Channel Targeted' Goes Away This Spring

    Microsoft plans to slightly alter its Windows servicing lingo and management behavior with its next Windows 10 operating system feature update release, coming this spring.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.