Study lauds IE for blocking Web's social attacks

The study, funded by Microsoft, concludes that Microsoft's browser bests competitors in blocking socially engineered malware attacks.

An updated study has found that when it comes to blocking Web sites used in efforts to trick people into installing malware, Internet Explorer has widened its lead over the four other most-used browsers.

NSS Labs, a product analysis company, issued a third installment of an ongoing study of how well browsers avert socially engineered attacks that try to exploit a person's trust with a Web address that actually installs and runs malware. The upshot: "Windows Internet Explorer 8 provided the best protection against socially engineered malware," stopping 85 percent of the attacks at 562 sites.

In contrast, Mozilla Firefox 3.5.7 and Apple Safari 4.0.4 stopped 29 percent, Google Chrome 4.0.249.78 stopped 17 percent, and Opera 10.10 stopped less than 1 percent. All the browsers, except for Opera, showed better results now than on versions of the test conducted six months and a year ago.

Microsoft funded the study, but NSS Labs led its design, a Microsoft representative said. NSS Labs released the study this week in conjunction with the 2010 RSA security conference .

Those curious about detailed methodology of the test, which was conducted over an 18-day period in January, can check appendix five of the study on page 15. Here's a summary: NSS Labs collects malware sites from partners and from its own lists harvested via spam traps and honeypots; of the 12,000 sites collected, 562 were validated to work and to meet its definition of socially engineered malware: "a Web page link that directly leads to a download that delivers a malicious payload whose content type would lead to execution."

Bear in mind that there are several other aspects to browser security, including plug-ins, the ability to shut off JavaScript or run security-oriented add-ons, resistance to drive-by exploits that work without people actively downloading malware, vulnerability response time, and other matters.

Internet Explorer 8 fared better on blocking of socially-engineered malware sites in NSS Labs' tests.
Internet Explorer 8 fared better on blocking of socially engineered malware sites in NSS Labs' tests. NSS Labs
About the author

Stephen Shankland has been a reporter at CNET since 1998 and covers browsers, Web development, digital photography and new technology. In the past he has been CNET's beat reporter for Google, Yahoo, Linux, open-source software, servers and supercomputers. He has a soft spot in his heart for standards groups and I/O interfaces.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Nissan gives new Murano bold style (pictures)
Top great space moments in 2014 (pictures)
This is it: The Audiophiliac's top in-ear headphones of 2014 (pictures)
ZTE's wallet-friendly Grand X (pictures)
Lenovo reprises clever design for the Yoga Tablet 2 (Pictures)
Top-rated reviews of the week (pictures)