Microsoft’s Internet Explorer 9 has proved once again to be the best choice when it comes to catching attacks aimed at making the user download Web-based malware.
This claim was made by NSS Labs in the recently released results of a test conducted globally from May 27 through June 10 of the current year, which saw five of the most popular Web browsers pitted against each other.
Windows Internet Explorer 9 (IE9), Google Chrome 12, Mozilla Firefox 4, Apple Safari 5 and Opera 11 were tested with 1,188 malicious URLs – links that lead to a download that delivers a malicious payload or to a website hosting malware links.
Each of those browsers uses a variety of security technologies that protect users from this type of attack. All of them use a reputation-based system that works by comparing URLs with a blacklist or whitelist located in the cloud that gets updated manually and/or automatically. If the URL is found to be malicious, the browsers redirect the user to a warning page.
The results for IE 9 were almost perfect: the browser blocked 96 percent of the suspicious URLs when its URL reputation filter was enabled, and an additional 3,2 percent after its Application reputation filter was enabled.
The results for the rest of the browsers were rather poor when compared to that of IE – Chrome blocked 13,2 percent of the URLs, Firefox and Safari 7,6 percent, and Opera only 6.1 percent.
When compared to the result of the same test performed the year before, IE, Chrome and Opera show an improvement in the malicious URL detection rate.
And when it comes to reaction times following the addition of new malicious URLs to block lists, IE proved its mettle once again. It caught over 99 percent of the newly added URLs in the first hour following their addition. Safari proved to be the worst in that respect, identifying just 6.4 percent of those URLs.
The researchers explain the results with the efficiency of IE’s newly introduced Application Reputation technology, Chrome enhancements, Opera’s partnership with AVG, and Safari’s and Firefox’ failure to implement new socially engineered malware protection.