Security Advisor

IE 10 Blocks More Malware than Competing Browsers 

In lab tests, Microsoft's latest browser blocks 99 percent of malware attacks. But can lab-tested attacks accurately represent real-world attacks?

According to a report released last month by research firm NSS Labs, Internet Explorer 10 has a higher block rate of malware attacks than any other browser on Windows.   

The firm's figures found that after throwing 754 samples of malware at the top-five browsers, Microsoft's latest version of IE was successful in blocking 99.96 percent of attacks, which put it ahead of second-place Chrome 25/26, which blocked 83.16 percent. After that, there's a dramatic drop in success rate. Safari 5 only blocked 10.15 percent of malware, Firefox 19 clocked in at 9.92 percent and Opera 12 had a poor showing of only protecting against 1.87 percent.

And Microsoft is not shying away from sharing NSS Labs' findings. "Put differently, only four pieces of malware out of a thousand bypassed Internet Explorer's protections," said Fred Pullen, senior marketing manager for the Internet Explorer group in a blog post. "For Chrome, about two out of ten attacks would have relied on other protection like antivirus software. For Firefox and Safari, nine out of a ten attacks would need to be stopped elsewhere. This is a great example of why the security principle of 'defense in depth' is important."

NSS Labs' report said that the main reason why Internet Explorer 10 and Chrome are leaps and bounds ahead of other browsers when it comes to malware protection is due to strong "file reputation systems combined with URL reputation and site blocking technologies."

Internet Explorer 10 doesn't only lead the pack in blocking malware; it also racks up a far smaller amount of software vulnerabilities than its competition.  According to Symantec's 2013 Internet Security Threat Report, Internet Explorer also racks up far fewer browser vulnerabilities than its competitors, and is only slightly bested by Opera. Internet Explorer (all versions) only accounted for 7 percent of all browser vulnerabilities, while Apple's Safari came in dead last with more than 35 percent of all known browser holes last year.

While Microsoft's testing scores do look impressive, NSS Labs does warn that lab-controlled attack results don't always translate to the real world, where results may not be as high due to attackers being able to work around reputation blocking technologies and end users ignoring warnings that pop up alerting of potentially dangerous Web sites.

"Without empirical testing of user behavior outside the lab, it is not known how often application reputation warnings are ignored," read the NSS Labs report. "It cannot be assumed that the usage rates would be identical for Chrome and Internet Explorer users, since the exact wording of the warning message, as well as the difficulty in overriding the block, will affect absolute rates."

What's your take? How does Internet Explorer 10 stack up to real world use? Is it leaps and bounds ahead of most of its competitors as the lab tests indicate? Share your thoughts in the comments below.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube