Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Test Shows IE9 Beats Chrome, Safari, Firefox in Overall Malware Detection

A new study by NSS Labs found Microsoft Internet Explorer outstripped the competition when it came to protecting users from socially-engineered malware. Google Chrome was a distant second, and performed dismally when blocking click-fraud malware, the research and testing company said.

A new study by NSS Labs found Microsoft Internet Explorer outstripped the competition when it came to protecting users from socially-engineered malware. Google Chrome was a distant second, and performed dismally when blocking click-fraud malware, the research and testing company said.

For overall malware protection, Internet Explorer performed the best, blocking 95 percent of malicious activity, NSS Labs found in its report, released Thursday. The report examined the ability of the major Web browsers to block malware and malware monetization, including click fraud, fake antivirus, account/password theft, bank/financial fraud, and gaming fraud. NSS Labs compared how Internet Explorer 9, Chrome 15 through 19, Mozilla Firefox 7 through 13, and Apple Safari 5 performed against 84,396 active and malicious URLs over a 175-day testing period.

While IE performed consistently well throughout the test period, Firefox and Safari maintained a block rate remained just under six percent, NSS Labs found. Since Safari and Firefox use the same technology, a similar block rates was expected. Chrome’s performance was erratic, ranging from 13 percent to over 74 percent over the testing period, for an average of just 33 percent, according to NSS Labs. The variation may be attributed to changes in protection tactics that is “indicative of the ongoing battle between antimalware developers and malicious actors,” the report said.

“Browsers vary widely in their ability to block malware, despite adverse effects on business and individual users alike,” the authors wrote in the report.

Modern Web browsers offer an added layer of protection against these threats by leveraging in-the-cloud, reputation-based mechanisms to warn users of potential infection, according to the report. As the report’s findings show, not all vendors took the same approach.

For example, Chrome, Safari, and Firefox all use Google’s Safe Browsing API for URL blocking, but Chrome is the only one to extend the reputation-based system to flag malicious executable files before they are downloaded. IE uses SmartScreen, which provides URL-based protection using an integrated cloud-based URL reputation service, instead of Safe Browsing. With SmartScreen, IE had a 94 percent block rate, compared to just under five percent for Safari, Firefox, and Chrome. However, Chrome was also able to block 23 percent of malicious downloads, which Safari and Firefox couldn’t do.

NSS Labs also examined how well browsers detect and block click fraud. Click fraud refers to a technique that abuses the pay-per-click online advertising model by increasing the number of clicks the site receives. While click fraud causes minimal direct harm to the end user, they can be devastating for small business owners and costly for ad buyers. Click fraud often have a side effect of infecting users with additional malware, the report found.

Internet Explorer also performed the highest in catching click fraud, blocking 96.6 percent of attempts. This was in stark contrast to Chrome’s mere 1.6 percent, Firefox’s 0.8 percent, and Safari’s 0.7 percent, according to the report. Considering Chrome had better performance blocking other types of malware, its poor performance for click fraud is a little surprising.

Advertisement. Scroll to continue reading.

“It is surprising and concerning that there is such a large different between blocked rates for other malware types vs click fraud from browser to browser,” the report found, noting that click fraud is a “leading purpose” of browser malware.

Chrome’s market share and adoption rate is growing, and NSS Labs said it was the leader in overall browser market share as of the second half of 2012. There will be a major growth in click fraud in 2013, NSS Labs predicted.

“Unless Chrome improves its protection against click fraud, NSS predicts an increase in fraudulent click transaction rates given Chrome’s dominant and increasing market share,” the report found.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.