Home > Security, Web Browsers > According to a recent test, Internet Explorer 8 is the best browser at protecting users from malware. Not so fast…

According to a recent test, Internet Explorer 8 is the best browser at protecting users from malware. Not so fast…

According to a recent test by a company called NSS Labs, Internet Explorer 8 beat the competition as far as preventing users from going to websites that distribute malware. By a lot.

IE8 was able to protect users from 80% of sites that attempted to trick users into deliberately downloading malware. Firefox 3 was second with 27% accuracy. Safari 4 scored 21%, Chrome 2 scored 7%, and the Opera 10 Beta scored a mere 1%.

There are a few things I’d like to highlight. First of all, the test only covered sites that try to trick the user into downloading malware, or “trojans.” Sites that distribute programs that don’t, or secretly do more, than the user expects (such as a program that claims to be a game, but is in fact a backdoor that allows a hacker to gain access to your computer).

This was a good category to choose, but it’s only a fraction of what needs to be tested in order to determine the overall security of a browser. The big things, in my opinion? Exploits and drive-by downloads. Rick Moy, the president of NSS labs, said that these were left out because of the risk of infecting test computers (sandboxing and other technologies were utilized to protect computers from malware on the tested sites).

From what I know, I could guess the threat of exploits could be mitigated via methods such as going to flagged websites with a computer running a less used operating system such as Linux or BSD, which is presumably immune to the effects of the vast majority of exploits out there. More so, the computers could easily run a live version of a rare operating system off a CD or external drive. Although less stable, they could avoid installing these softwares thus preserving the native OS and configuration.

There are a few things I noticed when looking through the report:

  • The analysis strictly focused on how effectively browsers were able to warn the user about the site. On page 3, NSS noted that the study did not cover actual vulnerabilities in plugins or the browsers themselves. In other words, the test didn’t cover Internet Explorer’s internal security issues, or, more importantly, it’s highly vulnerable native ActiveX support, which poses the biggest risk for IE users.
  • After testing a number of sites, NSS finally decided to test just over 600 websites that distributed malware in this fashion. I would feel better about the accuracy of the study if that number had been well over 1,000, or beyond.
  • NSS tested Mozilla Firefox 3.0, instead of 3.5, the latest version, which has major improvements in its anti-malware protection. I think it was kind of odd that they decided to test the Opera 10 beta, which is newer than the current stable version of Opera, but not Firefox 3.5, the newest stable release.

I get a Google Alert every day with a harvest of Firefox and Mozilla-related news articles. In the past few days, I’ve been seeing headlines (from lesser-known and presumably less credible sources) such as “Microsoft leads browsers in malware defense.” Saying that, you’d be ignoring the fact that Internet Explorer has been and is considered far less secure by numerous security experts and writers when compared to alternative browsers, Firefox especially.

So in conclusion, IE can not be considered superior security-wise because of one test covering one fraction of what needs to be analyzed in order to determine the overall security of a browser. I hope NSS, or another testing company provide some more tests giving more insight into which browsers are more secure.

Categories: Security, Web Browsers
  1. October 7, 2010 at 4:23 am

    thanks. useful post

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: