<< Back to article Print this page Loading page, please wait...

IE 9 anti-malware kingpin in browser face off

Tests indicate Google Safe Browsing not so responsive.

Liam Tung (CSO Online)
18 July, 2011 09:44

Microsoft’s Internet Explorer 9 is hands-down superior at detecting security threats delivered by malicious websites, according to testing company NSS Labs.

Over 19 days in April, researchers threw newly discovered URLs that contained downloadable malware at Chrome 10, Firefox 4, IE 8 and IE9, and Opera 11.

IE9’s SmartScreen Filter caught 92 per cent of the bad URLs and IE 8 caught 90 per cent, while Safari, Chrome and Firefox each caught 13 per cent and Opera detected 11 percent, according to NSS.

The test essentially pitted Google’s Safe Browsing system, which underpins the URL filter offered in Chrome, Firefox and Safari, against IE9’s two main URL security features: URL Reputation and Application Reputation.

Each browser faced 76 tests over the period, based on a selection of 650 URLs that were designed to target European website visitors. The researchers removed URLs that only delivered ad-ware or that were not validated as malware, according to NSS.

NSS defined the attacks it was testing against each browser as a “web page that directly leads to a download that delivers a malicious payload whose content type would lead to execution, or more generally a website know to host malware links”.

The method of infection has become increasingly popular with cybercriminals, such as the group behind the Zeus banking trojan, NSS noted.

Security vendor Sophos described the typical method employed by attackers spreading Zeus who had recently rigged several legitimate sites with redirects to the exploit site.

Microsoft’s IE9 also proved to be highly responsive to new threats when Application Reputation was activated, while those that relied on Google’s Safe Browsing changed little.

With the feature on, IE9 picked up every new threat the researchers had found in the past 6 hours and thrown at it repeatedly over seven days; without it IE9 only picked up 76 per cent at the outset and 89 percent at the end of the week.

Firefox, Safari, Chrome initially picked up between 16 and 11 percent, which rose to 17 per cent after seven days, while Opera, detected 7 per cent, rising to 20 per cent over the period.

Microsoft has described Application Reputation as an “early warning system for undetected malware”. The feature was included in IE9’s beta version last October and targeted the time between the spread of an attack and its inclusion in antivirus databases, according to Microsoft.