Internet Explorer best at blocking malware

NSS Labs released the results and analysis from its web browser security comparative evaluating the protection offered by five browsers – Safari 5, Chrome 25/26, Internet Explorer 10, Firefox 19 and Opera 12 – against malware downloads (also known as socially engineered malware).

While Chrome’s malware download protection improved significantly – rising to more than 83% from 70% in NSS’ October 2012 comparative test – Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.

Safari, Firefox and Opera continue to lag far behind Chrome and Internet Explorer with overall block rates of 10.16%, 9.92% and 1.87% respectively.

Application reputation technology boosts block rates

Both Google and Microsoft utilize application reputation services to enhance their general URL blocking capabilities.

While Chrome saw a larger jump in its overall block rate – up approximately 10% from the last test period to 83.16% – this leap only brought Chrome up to the same levels of protection as Internet Explorer without the added application reputation. Microsoft IE’s block rate jumped 16.79% with the addition of its Application Reputation service, taking it to 99.96% overall.

Google’s latest safe browsing API improves protection

Google’s Safe Browsing API v2 includes additional application reputation-based download protection that has been integrated into Chrome, but not into Firefox or Safari and the results speak for themselves.

The latest API’s additional functionality is seven times more effective than the Safe Browsing API alone and accounts for 73.16% of Chrome’s overall block rate of 83.16%. Without the application reputation service, Chrome, Firefox and Safari all have block rates of around 10%.

Application reputation effectiveness also depends on the end user

While Application Reputation itself can be a highly effective technology, it is also prone to false positives and user error. Perfectly good software that is virtually unknown may be blocked and highly malicious software that has been engineered to have excellent reputational aspects may evade protection.

It’s important to note that Chrome relies upon its application reputation protection almost four times as often as Internet Explorer just to achieve the same protection rates as Internet Explorer achieves without application reputation.

Time to block continues to improve

Because unique malware attacks through infected web pages are often live for only short periods of time, the faster a web browser can detect and block a malware attack, the better.

Internet Explorer, Safari and Firefox all increased the percentage of attacks blocked at 0-hour and within one day. Chrome, however, fell to blocking 48.54% at 0-hour and 72.02% at one day, down from blocking 66.7% and 84.2% of attacks, respectively, during the last test period.

“Web browsers remain the primary infection vector for most consumers and enterprises. Improving the browser’s malware block rate substantially impacts one’s security profile,” said Randy Abrams, Research Director at NSS Labs. “Both Google’s Download Protection and Microsoft’s App Rep allow users to override browser protecting, however, Google relies on this less reliable protection mechanism nearly four times as often as does Microsoft. The net result is that IE 10 users are offered superior protection over Chrome users with one quarter the risk of making a bad download decision. Firefox, Safari, and Opera users are afforded little protection at all by their browsers.”

Don't miss