Internet Explorer top at preventing drive-by download attacks, says NSS Labs
Rival web browsers offer less malware security than Microsoft
By Tim Greene | Network World US | Published: 10:19, 16 August 2011
Internet Explorer is better at defending against drive-by downloads than competitors' browsers and the contest isn't even close, according to a worldwide test of browsers by security research firm NSS Labs.
Internet Explorer scored a 99.2% protection score in the firm's most recent test of socially engineered malware distribution, with Google Chrome coming in a distant second with 13.2%. Trailing behind it were Safari and Firefox tying with 7.6% each, and Opera pulling up last with 6.1%.
NSS tried to access URLs known to download malware to computers used by site visitors and kept track of whether browser protections warned or blocked against these sites using in-the-cloud databases of known malicious sites.
Related Articles on Techworld
The report, "Web Browser Security, Socially Engineered Malware Protection," credits Microsoft's SmartScreen URL and Application Reputation features with landing the big score.
NSS tested Internet Explorer 9, Chrome 12, Opera 11, Firefox 4 and Safari 5 during 14 days, May 27 through June 10. The test included 1,188 URLs that NSS had verified contained malware, and an average of 86 new ones were added each day.
Chrome's score represents a big improvement over its performance in last year's test when it scored just 3%. Firefox lost ground against last year's test when its score was 19%.
As soon as NSS discovered new malicious URLs, they were added to the test, then NSS measured how long it took the browsers to recognise them as such, only recording the calculation if the browser actually recognised a URL as malicious. If it never recognized a given malicious site, it wasn't used in the calculation.
Internet Explorer blocked sites on average within .56 hours. Safari was second with 4.9 hours, then Firefox (6.07 hours), Chrome (17.64 hours) and Opera (18.39 hours).
Chrome, Firefox and Safari all use the same data feed of malicious URLs, Google's Safe Browsing, which explains why their overall protection ratings are similar, the report says. Supporting this notion is that results for the three browsers rose and fell in unison over time.
The testers noted that Opera would detect a malicious site sometimes, but later would miss it. That could be attributed to the fact that in some cases the warning that a site was malicious would pop up after the malware had already downloaded or even downloaded and executed, the report says.
In general, users are four times more likely to be socially engineered into downloading malware than they are to fall victim to a software exploit.