Those who made the upgrade to Microsoft’s Internet Explorer 8 will be pleased to learn that the browser has proven to be the most effective at blocking malware, following a recent study by NSS Labs. However, some experts question the validity of the results.
Internet Explorer 8 blocked about four out of every five sites that attempt to trick visitors into downloading malicious software in browser security tests performed by NSS Labs, according to a report released yesterday.
Microsoft on Thursday released NSS Labs research on several of its own newsgroups indicating that IE 8 excels at blocking phishing and malware attacks. These newsgroup posts reveal that in Microsoft-sponsored testing at a Texas lab, NSS found that IE 8 and an open-source Firefox browser from Mozilla tied for first place when it came to catching “social-engineering” phishing attacks.
“We’ve spent quite a bit of time talking about the socially engineered malware threat because it is currently the biggest problem users face. However, phishing remains a prevalent and important threat to users as well. We’re continuously making improvements to our data sources and intelligence systems that deliver phishing protection. This continuous investment keeps IE in the market-leading position it established with the release of the Phishing Filter in IE7. Since then, Internet Explorer 7 and 8 have blocked over 125 million phishing attacks,” said Eric Lawrence, IE PM
NSS tested a total of five Windows-based browsers including: IE8, Firefox 3.0.11, Safari 4.0.2, Chrome 18.104.22.168.33 and Opera 10 beta. The browsers were to defend their users against more than 2,100 malware sites in 69 tests run over a 12-day period.
Mozilla’s Firefox 3.0, was able to catch just 27% of the same infected sites. Apple’s Safari 4.0 blocked out 21% of the corrupt online destinations, while Google’s Chrome 2.0 was good for a 7% total. Opera Software’s browser provided the most dismal figure, identifying just 1% of the infected sites.
The tests did not include sites that use hidden exploits and drive-by-download attacks to attempt to install malware without your ever having a chance to recognize an attack.