Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Internet Explorer 9 hammers rivals in download blocking test

Firefox and Chrome bested by Microsoft's reputation system

Article comments

The in-house reputation system used in Internet Explorer 8 and 9 is markedly superior at blocking social-engineering attacks than the Google equivalent used by Chrome, Firefox, Apple’s Safari, an independent test by NSS Labs has found.

Rating the browsers against a sample set of European malware URLs over 19 days in April, IE 8 achieved a mean block rate of 90 percent, leaving Chrome 10, Firefox 4 and Safari 5 in the dust on 13 percent each. Opera, which uses technology from antivirus company AVG, came in last on 5 percent.

When assessing IE 9 with application filtering turned on, the results were even more dramatic, taking that version to a mean blocking rate of 100 percent.

Internet Explorer’s positive showing appears to be thanks to two embedded technologies; Smartscreen URL Filter, a cloud-based system that checks URLs against a master database. This is present in both IE 8 and 9 and seems to work more or less identically in both.

In addition, IE 9 has added a second system, SmartScreen Application Reputation which on the basis of this test offers browser users a remarkably effective level of download block protection. Chrome, Firefox and Safari all use a rival URL checking system, Google’s Safe Browser Feed, which as previous NSS Labs tests have suggested, is now falling some way behind.

“The significance of Microsoft’s new application reputation technology cannot be overstated. Application Reputation is the first attempt by any vendor to create a definitive list of every application on the Internet,” the authors conclude.

“Browsers provide a layer of protection against socially-engineered malware, in addition to endpoint protection products; as this report shows, not all are created equal. The overall lower protection offered by Firefox, Safari, and Chrome is concerning.”

An extra but important dimension also tested was the ‘average response time to block malware’, basically the time it took each browser to add a problem site to the block list once it had been fed in to the test by NSS Labs.

Again, IE 9 with Application Reputation enabled gained a perfect score, adding a site without any delay, the only browser to manage such a feat. Interestingly, however, without the Application layer, IE 8 and 9 sank down the table, taking nearly 14 and 16 hours respectively, behind Safari’s five hours, Chrome’s nearly seven hours, and Firefox’s 8 hours.

Block time is worth paying attention to because the longer protection takes to be activated, the longer the window of possible exposure.

The limitation of the report is that it is only measuring one dimension of the threat users face when using browsers, that of attacks where the user can be tricked - ‘socially-engineered’ in security parlance - into downloading malware. This compares with what are called ‘drive-by’ attacks that seek to exploit specific vulnerabilities in software and which require no user intervention.

Which is more dangerous is a matter of debate although NSS Labs references a separate study by AVG that found socially-engineered attacks to be the most likely way for malware to find its way on to a user’s PC.

A social engineering attack has the advantage that it recruits the user to agree to a download event thereby potentially bypassing Windows controls such as User Access Control (UAC) and even the warnings of antivirus software. A drive-by attack, especially one manipulating a zero-day flaw, can sneak on to the PC without any of these defences being aware but requires more engineering effort to work.

The claim that socially-engineered attacks are the more significant doesn’t entirely accord with the admittedly patchy evidence that exists on the subject.

A recent and revealing assessment by Qualys using its Browsercheck tool found that large numbers of browser users routinely run out-of-date plug-ins for interfaces such as Flash Adobe Reader and especially Java. Many of these have significant flaws that can be attacked by drive-by exploits. 

It could be that both sides of this coin – social-engineering attacks and drive-by attacks – are equally perilous but in different ways.

A final qualification is that the test was conducted on Firefox 4, since supplanted by the rapid-development replacement, version 5.0, likewise Google Chrome, which has reached version 13. The URL-filtering systems used by these are, however the same as in the previous versions so would be unlikely to make a difference to their blocking performance.



Share:

More from Techworld

More relevant IT news

Comments

JoseCortesP said: I dont think you understand the article Its not about Ads and you right most people dont see ads thanks to AdBlock its about safety and blocking socially-engineering pages used to spread viruses and lots of dangerous stuff

Andy said: What about Firefox with AdBlock Does anyone use Firefox without it Not a terribly fair test IMO

Brochure Printing said: That is very interesting Ive always used google chrome and firefox on a daily basis because theyre much faster when loading pages compared to IE8 Ive tested IE9 just a few weeks ago and although it kinda gives me an impression that it copied the UI of Google chrome it does have a noticeable change in speed But if it does have that security feature I might consider it now as my default browser



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *