IE 9 Catches Most Web-Based Malware Attacks, Test Shows

A new report shows that the latest version of Internet Explorer, equipped with some new anti-malware functionality, catches more Web-based malware attacks than any of the other major browsers on the market. IE 9 caught nearly 100 percent of the attacks thrown at it in a new test done by NSS Labs.

IE9A new report shows that the latest version of Internet Explorer, equipped with some new anti-malware functionality, catches more Web-based malware attacks than any of the other major browsers on the market. IE 9 caught nearly 100 percent of the attacks thrown at it in a new test done by NSS Labs.

The test was designed to see how well each of the major browsers, including IE, Mozilla Firefox, Google Chrome, Aple Safari and Opera, identified malicious URLs and potentially malicious downloads. NSS found that IE 9 caught 96 percent of what the company calls socially engineered malware with the browser’s SmartScreen URL reputation filter enabled, and an additional 3.2 percent with its Application Reputation feature enabled.

“URL Reputation, which is included in IE8, and Application Reputation, which is new to IE9, are the two components that make up IE9’s SmartScreen Filter. IE9 with SmartScreen offers the best protection of any browser against socially engineered malware. Protection against malware matched our previous findings from the Q2 2011 European test and Q3 2010 global test as well as the Q3 2011 Asia-Pacific test,” NSS Labs said in its report, which was done n the second quarter of this year and released on Monday.

The company’s test used 5,000 potentially malicious URLs, which was winnowed down to more than 1,100 validated malicious pages during the course of the test. NSS defines socially engineered malware as “a web page link that directly leads to a download that delivers a malicious payload whose content type would lead to execution, or more generally a website known to host malware links.”

After IE 9, there was a considerable drop-off in the effectiveness of the other browsers at catching malicious URLs and download files. Chrome 12 came in second, but with a catch rate of just 13.2 percent, with Firefox 4 placing third at 7.6 percent. Safari 5 also caught 7.6 percent of the bad URLs and files and Opera 11 placed last at 6.1 percent.

NSS also measured how quickly each browser added a new malicious URL to its block list when it was introduced into the test. IE 9 with the Application Reputation enabled again fared the best, catching more than 99 percent of the new URLs the first hour that they were added. Safari was the worst, identifying just 6.4 percent of new malicious URLs within the first hour.

“Ultimately, the results reveal great variations in the abilities of the browsers to protect against
socially-engineered malware. Chrome provided more protection than the other browsers using the
Safe Browsing feed, apparently due to the “enhancements” added to Chrome 12. Trends show minor
differences between Firefox and Safari. Opera fared better when viewed through the lens of unique
URLs (11.8%), however it displayed inconsistent behavior throughout the test, first blocking and then
not blocking malicious URLs. This appears to be due to a race condition where the warning message sometimes appears after the malware has completed downloading/executing,” NSS said in the report.

Suggested articles

Discussion

  • Jade Stone on

    Today, we live 'in' our computers. I believe laws should be put in place to protect the innocent. Outside of that, noone should be in anyone's computer w/o just cause and proof of maliciousness.

  • Anonymous Rhinoceros on

    The NSS labs report was funded by Microsoft. Hardly an unbiased report.

  • Not Verified on

    @Rhino: NSS labs no longer accepts funding since 2009.

    I also doubt that you've actually read through the report.

    One thing to note about the report: the results specifically exclude drive-by-downloads.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.