Security Experts:

Test Shows IE9 Beats Chrome, Safari, Firefox in Overall Malware Detection

A new study by NSS Labs found Microsoft Internet Explorer outstripped the competition when it came to protecting users from socially-engineered malware. Google Chrome was a distant second, and performed dismally when blocking click-fraud malware, the research and testing company said.

For overall malware protection, Internet Explorer performed the best, blocking 95 percent of malicious activity, NSS Labs found in its report, released Thursday. The report examined the ability of the major Web browsers to block malware and malware monetization, including click fraud, fake antivirus, account/password theft, bank/financial fraud, and gaming fraud. NSS Labs compared how Internet Explorer 9, Chrome 15 through 19, Mozilla Firefox 7 through 13, and Apple Safari 5 performed against 84,396 active and malicious URLs over a 175-day testing period.

While IE performed consistently well throughout the test period, Firefox and Safari maintained a block rate remained just under six percent, NSS Labs found. Since Safari and Firefox use the same technology, a similar block rates was expected. Chrome's performance was erratic, ranging from 13 percent to over 74 percent over the testing period, for an average of just 33 percent, according to NSS Labs. The variation may be attributed to changes in protection tactics that is "indicative of the ongoing battle between antimalware developers and malicious actors," the report said.

"Browsers vary widely in their ability to block malware, despite adverse effects on business and individual users alike," the authors wrote in the report.

Modern Web browsers offer an added layer of protection against these threats by leveraging in-the-cloud, reputation-based mechanisms to warn users of potential infection, according to the report. As the report's findings show, not all vendors took the same approach.

For example, Chrome, Safari, and Firefox all use Google's Safe Browsing API for URL blocking, but Chrome is the only one to extend the reputation-based system to flag malicious executable files before they are downloaded. IE uses SmartScreen, which provides URL-based protection using an integrated cloud-based URL reputation service, instead of Safe Browsing. With SmartScreen, IE had a 94 percent block rate, compared to just under five percent for Safari, Firefox, and Chrome. However, Chrome was also able to block 23 percent of malicious downloads, which Safari and Firefox couldn't do.

NSS Labs also examined how well browsers detect and block click fraud. Click fraud refers to a technique that abuses the pay-per-click online advertising model by increasing the number of clicks the site receives. While click fraud causes minimal direct harm to the end user, they can be devastating for small business owners and costly for ad buyers. Click fraud often have a side effect of infecting users with additional malware, the report found.

Internet Explorer also performed the highest in catching click fraud, blocking 96.6 percent of attempts. This was in stark contrast to Chrome's mere 1.6 percent, Firefox's 0.8 percent, and Safari's 0.7 percent, according to the report. Considering Chrome had better performance blocking other types of malware, its poor performance for click fraud is a little surprising.

"It is surprising and concerning that there is such a large different between blocked rates for other malware types vs click fraud from browser to browser," the report found, noting that click fraud is a "leading purpose" of browser malware.

Chrome's market share and adoption rate is growing, and NSS Labs said it was the leader in overall browser market share as of the second half of 2012. There will be a major growth in click fraud in 2013, NSS Labs predicted.

"Unless Chrome improves its protection against click fraud, NSS predicts an increase in fraudulent click transaction rates given Chrome's dominant and increasing market share," the report found.

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.