Internet Explorer 9 was by far the best at protecting against socially engineered malware.
The Carlsbad, Calif.-based independent testing firm tested a group of popular browsers by exposing them to a set of malware URLs targeting European users. The firm said Internet Explorer 8 (IE8) achieved a blocking rate of 90%. Internet Explorer 9 (IE9), the latest iteration of Microsoft’s browser, earned a 100% blocking rate when its application filtering technology was enabled.
“Internet Explorer 9 was by far the best at protecting against socially engineered malware,” NSS Labs said in its Web browser security report. “The significance of Microsoft’s new application reputation technology cannot be overstated.”
The NSS Labs team said Microsoft’s blocking success is based on its Smartscreen URL Filter, which checks URLs against a master database. The SmartScreen Application Reputation service, which is embedded in IE9, adds to the URL filter to block unwanted downloads. It gives added context so the user can determine whether the source of the download can be trusted.
Google Chrome, Firefox 4 and Safari 5 garnered a 13% blocking rate when tested against the same malware URLs. The three browsers use an engine that checks sites against a list of reported phishing and malware sites provided by Google and Stopbadware.org. The Opera browser, which uses endpoint security vendor AVG to thwart social engineering attacks, came in last, earning a 5% blocking rate.
A Mozilla spokesperson said the company is proud of its security features and would "welcome any truly comprehensive study of the subject." The spokesperson said robust defenses are included in the browser and a security team helps get Firefox patches out quickly.
The NSS Labs test exposed the browsers to a set of 650 known malicious URLs over the course of 19 days in April. The URLs were known to target users in European Union countries. The testing firm invited the popular browser makers to participate at no cost. The company said it received no vendor funding to produce the report.
Socially engineered malware attacks are extremely common. A recent report from Cisco Systems Inc. found the number of spear phishing campaigns rising over mass email phishing attacks. Spear phishing attacks can target people with similar interests using a phony email message, prompting them to click on a URL to download a malicious file containing malware. The cybercriminals can use information gathered from social networks and blogs to target individuals or a specific group of people within an organization. The goal is typically to obtain account credentials and other sensitive data and ultimately gain access to corporate information.
Browser makers have added protections to warn users of potentially dangerous sites. Most use a reputation-based system, which adds malicious sites to a black list or assigns a score for the browser user. NSS Labs said some vendors use feedback from user agents on their customers’ endpoints to report to reputation systems, while others crawl the Internet, proactively setting up black lists. Most browsers are set up to connect to Web-based reputation systems and check a URL against the list.
NSS Labs also tested the average response time to block malware, rating the browser for the time it took to add a blacklisted site to its block list. IE9 earned a perfect score using its Application Reputation engine. Chrome, Firefox and Safari, according to NSS Labs, took five to eight hours to add a known trouble site to its block list. Without the Application Reputation engine, IE8 and 9 took up to 16 hours to add a site to its block list.