Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Test Shows IE9 Beats Chrome, Safari, Firefox in Overall Malware Detection

A new study by NSS Labs found Microsoft Internet Explorer outstripped the competition when it came to protecting users from socially-engineered malware. Google Chrome was a distant second, and performed dismally when blocking click-fraud malware, the research and testing company said.

A new study by NSS Labs found Microsoft Internet Explorer outstripped the competition when it came to protecting users from socially-engineered malware. Google Chrome was a distant second, and performed dismally when blocking click-fraud malware, the research and testing company said.

For overall malware protection, Internet Explorer performed the best, blocking 95 percent of malicious activity, NSS Labs found in its report, released Thursday. The report examined the ability of the major Web browsers to block malware and malware monetization, including click fraud, fake antivirus, account/password theft, bank/financial fraud, and gaming fraud. NSS Labs compared how Internet Explorer 9, Chrome 15 through 19, Mozilla Firefox 7 through 13, and Apple Safari 5 performed against 84,396 active and malicious URLs over a 175-day testing period.

While IE performed consistently well throughout the test period, Firefox and Safari maintained a block rate remained just under six percent, NSS Labs found. Since Safari and Firefox use the same technology, a similar block rates was expected. Chrome’s performance was erratic, ranging from 13 percent to over 74 percent over the testing period, for an average of just 33 percent, according to NSS Labs. The variation may be attributed to changes in protection tactics that is “indicative of the ongoing battle between antimalware developers and malicious actors,” the report said.

“Browsers vary widely in their ability to block malware, despite adverse effects on business and individual users alike,” the authors wrote in the report.

Modern Web browsers offer an added layer of protection against these threats by leveraging in-the-cloud, reputation-based mechanisms to warn users of potential infection, according to the report. As the report’s findings show, not all vendors took the same approach.

For example, Chrome, Safari, and Firefox all use Google’s Safe Browsing API for URL blocking, but Chrome is the only one to extend the reputation-based system to flag malicious executable files before they are downloaded. IE uses SmartScreen, which provides URL-based protection using an integrated cloud-based URL reputation service, instead of Safe Browsing. With SmartScreen, IE had a 94 percent block rate, compared to just under five percent for Safari, Firefox, and Chrome. However, Chrome was also able to block 23 percent of malicious downloads, which Safari and Firefox couldn’t do.

NSS Labs also examined how well browsers detect and block click fraud. Click fraud refers to a technique that abuses the pay-per-click online advertising model by increasing the number of clicks the site receives. While click fraud causes minimal direct harm to the end user, they can be devastating for small business owners and costly for ad buyers. Click fraud often have a side effect of infecting users with additional malware, the report found.

Internet Explorer also performed the highest in catching click fraud, blocking 96.6 percent of attempts. This was in stark contrast to Chrome’s mere 1.6 percent, Firefox’s 0.8 percent, and Safari’s 0.7 percent, according to the report. Considering Chrome had better performance blocking other types of malware, its poor performance for click fraud is a little surprising.

Advertisement. Scroll to continue reading.

“It is surprising and concerning that there is such a large different between blocked rates for other malware types vs click fraud from browser to browser,” the report found, noting that click fraud is a “leading purpose” of browser malware.

Chrome’s market share and adoption rate is growing, and NSS Labs said it was the leader in overall browser market share as of the second half of 2012. There will be a major growth in click fraud in 2013, NSS Labs predicted.

“Unless Chrome improves its protection against click fraud, NSS predicts an increase in fraudulent click transaction rates given Chrome’s dominant and increasing market share,” the report found.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.