Independent Study: Ranks Browsers in Terms of Security

Tuesday, July 19, 2011

An independent test by NSS Labs has found that Internet Explorer’s built-in reputation system is markedly superior at blocking social-engineering attacks than its rivals.

Rating the browsers against some European malware links over 19 days in April, the following browsers were ranked on how well they blocked the attack.

Each Browser’s Score in Block Rate Test


Block Rate

Internet Explorer 9


Internet Explorer 8


Chrome 10


Firefox 4


Safari 5




IE 9 had the 100% block rate when application filtering was turned on.

IE 9’s positive showing is based on two of its embedded technologies: Smartscreen URL filter and a cloud based system that checks links against a master database.

Its SmartScreen Application Reputation offers its users a strong level of download block protection – it even blocked an unsigned Microsoft application not too long ago.

Chrome, Firefox and Safari all use Google’s Safe Browser feed which falls way behind SmartScreen.

“The significance of Microsoft’s new application reputation technology cannot be overstated. Application Reputation is the first attempt by any vendor to create a definitive list of every application on the Internet,” the authors conclude.

“Browsers provide a layer of protection against socially-engineered malware, in addition to endpoint protection products; as this report shows, not all are created equal. The overall lower protection offered by Firefox, Safari, and Chrome is concerning.”

The testers also tested the block time. Again, Internet Explorer 9 took a commanding lead with its Application Reputation enabled. Without Application Reputation enabled, however, it ended last.

Each Browser’s Score in Block Time Test (IE Application Reputation Disabled)


Average Block Time

Safari 5 5 hours
Chrome 10 7 hours
Firefox 4 8 hours
IE 8 14 hours
IE 9 16 hours

Note that the longer it takes for the protection to be activated, the longer the window of exposure and risk of attack.

The report doesn’t measure any other dimension than the one where users use browsers and where attacks are user-triggered. It only looks at instances where users are tricked into downloading malware. This differs from ‘drive-by’ attacks where malware does the work and users don’t know anything about it.

It is debatable as to whether ‘drive-by’s’ are more dangerous than socially-engineered attacks, but the lab sites an AVG report that found that the majority of malware attacks come from user trickery.

The advantage of socially engineered attacks is that it gets the user to accept oit6s terms and let it past built-in security mechanisms in Windows such as User Access Control (UAC) and opts them to by-pass warnings from malware programs.

A drive-by attack requires more engineering to work as it attempts to by-pass these controls on its own.

Meanwhile, an assessment by Qualysis found that most users are vulnerable to drive-bys due to outdated versions of Adobe Flash Player and especially Java.

Another thing to consider is that Firefox is rapidly approaching version 5 and Chrome is already at version 13 so the results don’t necessarily apply in the same context.

0 Blogger:

Post a Comment

Computer Software is Your Friend © 2012 | Designed by Bubble Shooter, in collaboration with Reseller Hosting , Forum Jual Beli and Business Solutions