• United States



john_mello jr

Study: IE 9 Defends Best Against Malware Links

Aug 15, 20114 mins

NSS Labs survey finds that IE9 blocks almost all malicious URLs, while the closest competition was at 13 percent.

Microsoft Internet Explorer 9 offers Web surfers the best protection against social engineering malware, according to test results released today by an independent research firm.

With its new Application Reputation feature, IE9 blocks malicious URLs more than 99 percent of the time, according to NSS Labs, of Carlsbad, Ca.

Application Reputation is Microsoft’s attempt to create a definitive list of every application on the Internet. The list is dynamically created and maintained, much the same way Google and Bing are continuously building and maintaining a library of content for search purposes. That list is then used to establish the reputation of a program.

“It became obvious from these recent tests, in comparison to NSS Labs’ earlier global tests, that Microsoft continues to improve their IE malware protection in IE9 through its SmartScreen Filter technology and with the addition of SmartScreen Application Reputation technology,” NSS reported.

Hot Nude Girls

NSS defines social engineering malware URLs as links that entice users to download a malicious payload or visit a site known to host malware links. The carrot that gets users to click is often the promise of nude pictures or fantasy football apps,

“With a unique URL blocking score of 99.9 percent and over-time protection rating of 99.2 percent, Internet Explorer 9 was by far the best at protecting against socially-engineered malware,” it added.

The unique URL blocking score measures what percentage of malicious links a browser blocks when those links first become active. The overtime protection rating looks at what percentage of malicious links a browser blocks over a period of days.

Internet Explorer’s test results left the scores of four competing browsers in the dust. The over-time protection rate for Google Chrome, for example, was 13.2 percent, while for Firefox 4 and Safari 5 it was 7.6 percent and for Opera 11, 6.1 percent.

Learning from Experience

“Microsoft is the most attacked company in the world, so this is something they have a lot of experience with,” said NSS President and CEO Rick Moy. The Redmond giant collects data on all the attacks on their products to create the list of benign and malicious applications that drive Application Reputation.

Neither Microsoft nor any other browser maker sponsored the report, Moy said. Each browser maker is invited to participate, free of charge, in setting up its browser properly for the test.

The NSS test results confirm claims made by Microsoft about the effectiveness of the blocking features introduced in IE9. Those claims were initially challenged by one security researcher. “Because IE9’s unable to block exploits of such software as Adobe Reader and Flash, Apple’s iTunes or Oracle ‘s Java, Microsoft’s data doesn’t show the real picture,” declared Sophos’s Chet Wisniewski.

NSS tests have been a source of controversy in the past. Its report on firewalls in April had several makers of those products protesting the test results that found their products vulnerable to TCP Split Handshake attacks.

NSS performs this test periodically. Since the last test in the third quarter of 2010, IE9, Chrome, and Opera have improved, while Firefox and Safari did more poorly.

NSS explained that social engineering malware remains the most common security threat facing Internet users today, claiming one third of Internet users as victims. These attacks pose a significant risk to individuals and organizations by threatening to compromise, damage or acquire sensitive personal and corporate information.

European and American users have found themselves particular targets of malware authors over the last 12 months, it said. North America has consistently been the primary host of malicious URLs, while users in Asia have been victims of the greatest number of malicious URLs.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.