Sign in with
Sign up | Sign in

The Safest Browser Against Malware? IE9

By - Source: NSS Labs | B 32 comments

There are different angles to evaluate the security features of web browsers, but if you are looking only at their capability to fend off malware websites, your best bet may be IE9.

NSS Labs found that IE9 detected 100 percent of the malware sites the company threw at the browser, followed by IE8 with 90 percent. The next best browsers were Safari 5, Firefox 4 and Chrome 10 with 13 percent each, followed by Opera with just 5 percent. Before you complain about the result, the foundation of the test may actually clarify the result.

NSS said it used about 650 sites as test sample, which it collected via spam emails, instant messages social networks and its own honeypots. Excluded from the test were typical browser vulnerabilities, as well as sites that integrate nasty clickjacking or drive-by downloads. All included websites required user action and, in a best case scenario, did not load in the browser window: instead, a browser should show a warning that the user is about to enter a website with malicious code.

NSS said that “Internet Explorer 9 was by far the best at protecting against socially-engineered malware, even before App Rep’s protection is layered on top of SmartScreen. The significance of Microsoft’s new application reputation technology cannot be overstated." About a year ago, NSS released results that were similarly in favor of IE8, but Chrome and Opera complained that they had no idea how NSS tested their browsers and had doubts about the accuracy of the result.

This time, NSS said that browser makers were invited to participate at no cost in the test.

Discuss
Display all 32 comments.
This thread is closed for comments
  • -5 Hide
    milktea , July 18, 2011 4:26 PM
    I wonder IE9 would pass the OLE hacks similar to the PC flank leak test?
    http://www.pcflank.com/pcflankleaktest.htm
    :) 
  • -1 Hide
    Anonymous , July 18, 2011 4:30 PM
    and all this proves is that browser makers sux big, instead of having a single list of black listed sites open to and shared by all browsers, we have dis-parted list of black listed sites, they not trying to make the safest browser, they trying to win brownie points

    besides which, these sites came for spam... they is no way in hell your going be able to protect someone who was intelligent enough to click on a link sent via spam, you can presume no matter how 'safe' their browser really is that this person most probably is already sporting the latest and greatest Trojan. Your going need something more then a "this site maybe unsafe" warning to save them, i dont know maybe something like a defense against click jacking and drive by downloads as well as script blocking (which obvious has nothing to do with 'safe' browsers according to the researchers)
  • 7 Hide
    visa , July 18, 2011 4:47 PM
    I agree with the other posts, nothing is foolproof and many users will end up doing something foolish to install malware themselves.

    Instead of a warning, they need a USB add-on that will give the user a quick squirt from a water bottle. Worked pretty well when my cat had a bad habit of sharpening her claws on the sofa.
  • 2 Hide
    winner4455 , July 18, 2011 4:48 PM
    BlackListMeand all this proves is that browser makers sux big, instead of having a single list of black listed sites open to and shared by all browsers, we have dis-parted list of black listed sites, they not trying to make the safest browser, they trying to win brownie pointsbesides which, these sites came for spam... they is no way in hell your going be able to protect someone who...


    Thanks for reminding me I had some brownies in the fridge :D 
  • 6 Hide
    omnimodis78 , July 18, 2011 4:49 PM
    mobrocketother newsNSS thanks MSFT for its recent unrelated donation... does it really matter, cus the USER will happly install most malware themselves...

    Umm, pardon? Give that comment another try...
  • -4 Hide
    JOSHSKORN , July 18, 2011 4:49 PM
    Oh here we go again, testing the latest version of IE against outdated versions from competitors. C'mon, isn't Firefox 5 and Chrome 12 out? Nevermind...I'll answer that question for you. YES!
  • 0 Hide
    upgrade_1977 , July 18, 2011 5:05 PM
    Quote:
    Excluded from the test were typical browser vulnerabilities, as well as sites that integrate nasty clickjacking or drive-by downloads.


    Really???
    I really, really, don't get these articles. This is something which basically changes week to week, so whats the point? I mean it seemed like it took only a couple months for firefox to go from ver. 3 to 4 then to 5 already.. Updates just happen so quick now a days.
  • 3 Hide
    techseven , July 18, 2011 5:09 PM
    Its funny to see the reaction of people who love to hate IE, its already a fact that IE has things going for it and here we have 1 of many proofs...
  • -1 Hide
    jlats26 , July 18, 2011 5:12 PM
    Internet Explorer. The number one browser for downloading a better browser.
  • -5 Hide
    cadder , July 18, 2011 5:14 PM
    I'm sorry but it's not even close. I took a new laptop on a trip and connected to the unscrupulous ISP that the hotel had contracted with. Immediately the machine filled will malware from that ISP. I had gone on this trip suddenly and didn't have time to set up the laptop by installing Firefox and so forth, so I was using IE. The security holes in IE rendered the laptop almost unusable in seconds.
  • 1 Hide
    chickenhoagie , July 18, 2011 5:24 PM
    cadderI'm sorry but it's not even close. I took a new laptop on a trip and connected to the unscrupulous ISP that the hotel had contracted with. Immediately the machine filled will malware from that ISP. I had gone on this trip suddenly and didn't have time to set up the laptop by installing Firefox and so forth, so I was using IE. The security holes in IE rendered the laptop almost unusable in seconds.

    For some reason, I feel that your claims are either untrue, or very exaggerated. And I could explain why, but I don't feel like typing up an essay.
  • 5 Hide
    eddieroolz , July 18, 2011 5:44 PM
    I wonder if people that say "users install most malware" have actually read the entire article.

    If I recall correctly, it says in the article that IE9 was also excellent at stopping downloads that could potentially be malware by throwing a warning for less-downloaded executables. Annoying yes, but it works.
  • 2 Hide
    Niva , July 18, 2011 5:53 PM
    Nothing is foolproof, but this does add an extra layer in some instances. The fact that MS scored 100% and other browsers scored so low is actually a big deal. I'm not convinced it's that good in the real world but it's still a major win for them. I use IE at work and really don't have anything against it. There has been more than one instance in my life where I ended up on sites (both IE and Chrome) that told me the site may contain malicious code. I did not proceed. Disaster averted. The fact that this is being advertised now 2 years in a row is a good thing, it may generate a central black-list repository for all the browsers to use and some standard protocol on what the browsers should do if users go to such sites.
  • 1 Hide
    ohseus , July 18, 2011 5:53 PM
    So if I understand the article they "tested" browser security by ignoring and not testing the vast majority of browser insecurities. Isn't that a bit like describing a house as secure because the front door is locked while all the windows and the back door are wide open?
  • -1 Hide
    Thilindi , July 18, 2011 6:25 PM
    As others have stated in the past, the only safe system from hacks, malwares, viruses, etc is to unplug your system.

    The next best this is to do your research and compile a good set of anti-virus, malware detection, and ad-aware type protocols to run in conjunction with a physical firewall... and then to not be an idiot and click yes to everything.

    All Microsoft did here was make IE9 an even larger target from the cyber community. Not a good idea.
  • 3 Hide
    sunflier , July 18, 2011 6:52 PM
    Microsoft probably (and if so, finally) gets something right and it's still not good enough.

    MS - Danged if they do and danged if they don't!

    You guys would b*tch if you were hung with a new rope.
  • 2 Hide
    cyprod , July 18, 2011 7:18 PM
    JOSHSKORNOh here we go again, testing the latest version of IE against outdated versions from competitors. C'mon, isn't Firefox 5 and Chrome 12 out? Nevermind...I'll answer that question for you. YES!

    This post makes me laugh. Firefox 4 was replaced with 5 what? 3 weeks ago? Not only that, but Firefox 4 was only out for what, 3 or 4 months total? People complaining about the speed which it was updated and replaced, yet somebody complaining about not using something recent enough. Really, you do realize that it takes time to run a test like this and put the results together to publish, right? I don't know about how old chrome was, but this is another browser that's famous for going through version numbers like I go through ice water on a hot day. What this tells us is they made their best effort to use up to date browsers.
  • 1 Hide
    sunflier , July 18, 2011 7:37 PM
    ThilindiAs others have stated in the past, the only safe system from hacks, malwares, viruses, etc is to unplug your system. The next best this is to do your research and compile a good set of anti-virus, malware detection, and ad-aware type protocols to run in conjunction with a physical firewall... and then to not be an idiot and click yes to everything.All Microsoft did here was make IE9 an even larger target from the cyber community. Not a good idea.


    You, sir, are as about as bright as a burnt out light bulb. Its obvious you are a newbie and/or no nothing about the world of IT. Your ridiculous comment shows your lack of intelligence and how you are trying convince everyone who reads your comment how clever you are. I can prove you know nothing because your very first line you are quoting, "as others have stated".

    Do us all a favor and stop posting mindless jibber-jabber. STOP trying to educate and mislead those who read your pathetic comments - you are doing more harm than good.
  • 2 Hide
    enforcer22 , July 18, 2011 7:37 PM
    cadderI'm sorry but it's not even close. I took a new laptop on a trip and connected to the unscrupulous ISP that the hotel had contracted with. Immediately the machine filled will malware from that ISP. I had gone on this trip suddenly and didn't have time to set up the laptop by installing Firefox and so forth, so I was using IE. The security holes in IE rendered the laptop almost unusable in seconds.


    When ever i read this kind of dribble i wonder what kind of gay fettish child porn they brows so much. Since windows 95 has this ever once happened to me or anyone i have ever known or heard of. You are either a total moron who clicks yes to anything on the screen or you need to stay away from the 10 year old porn.
  • 0 Hide
    hellwig , July 18, 2011 7:56 PM
    Quote:
    NSS said it used about 650 sites as test sample, which it collected via spam emails, instant messages social networks and its own honeypots.

    Ok, but HOW did it get those sites, and HOW does it know those sites are in any way dangerous? It certainly didn't employ people to open up their Spam boxes and copy and paste links in there. There has to be some sort of method to determine that the site is truly malicious. After all, just because something is advertised via spam, doesn't mean the site is in any way harmful. My guess is, they got this list from some security firm, and I'm also going to guess that Microsoft uses the same firm for determining their own blacklist.

    Basically, the NSS used a blacklist to collect a list of malicious websites, then tested those sites against the other companies' blacklists. Microsoft's latest happened to match 100%, good for them. I bet if they had picked 650 sites from Opera's blacklist, Opera would have passed 100%, same with Chrome, Firefox, and Safari.

    What the NSS NEEDS to do is create websites with certain vulnerabilities and check to see if the browsers can detect them. Throwing a very small subset of known bad sites ata browser doesn't prove much, except which browser makers consult with which security firms.

    And before you claim I didn't read the article, I read the linked PDF file. Firefox, Opera, Chrome, Safari, and IE8 web browsers blocked sites based purely on "URL Reputation" (i.e. a blacklist). IE9 blocked 92% of websites based on URL Reputation. It blocked another 8% based on "Application Reputation", which they don't even bother to elaborate on, but basically means Microsoft is keeping track of every file everyone downloads, and whether or not that file might be infected (probably tied to their own antivirus software).

    So yeah, your browser can be safer, assuming everything you do is tracked by the browser manufacturer (including which files you download), and that those same files are later scanned by that manufacturers antivirus software. Makes me wonder why Chrome isn't more secure (from a blacklist perspective). Makes sense why Safari, Opera and Firefox aren't so secure.
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter