Which browser bests the rest in fighting social malware?

Out of all the browsers out there, NSS Labs says, Microsoft's Internet Explorer 9 is better than all the rest -- at protecting users from social malware, that is.

This latest August 2011 third-quarter report from the Carlsbad, Calif.-based "independent security and performance lab" collected worldwide test data on socially engineered malware in the second quarter of this year. The performance of leading browsers against threats in which users get tricked into downloading malware was compared. Those browsers included IE 9 (with and without a new "application reputation" feature), Google Chrome 12, Apple Safari 5, Mozilla Firefox 4 and Opera 11.


Related coverage:

Would upgrading to IE 9 save your organization millions?


As with previous NSS Labs reports, there was no contest, with IE 9 providing 99.2 percent protection against socially engineered threats. That result included Microsoft's new application reputation feature. Without that feature, IE 9 still maintained the lead, with 96 percent protection, according to the study.

In contrast, other browsers trailed greatly. Chrome 12 blocked 13.2 percent of socially engineered attacks. Firefox 4 and Safari 5 blocked 7.6 percent of those attacks each. Opera came in last by blocking just 6.1 percent of the attacks.

Compared with NSS Lab's Q3 2010 report, IE 9 showed a 0.2 percent protection improvement in this Q3 2011 report. Chrome 12 showed the best improvement, at 10.2 percent year over year. Safari and Firefox each slipped, year over year, showing 3.4 percent and 11.4 percent declines in protection, respectively. Opera's protection improved by 6.1 percent when compared year over year in NSS Labs' reports.

Microsoft's IE 9 uses a SmartScreen URL reputation service that accesses a cloud-based database to warn users about threats. Chrome, Firefox and Safari use Google's "safe browsing" reputation data feed in a similar way to block malware threats. Nonetheless, the report found that Google Chrome scored somewhat better than Firefox and Safari in protecting against malicious links.

Microsoft has acknowledged in the past that it has provided funding for NSS Labs studies on this topic, even though the reports themselves did not acknowledge that funding. This August 2011 Q3 report appears to be different, with NSS Labs indicating no sponsorship funding.

"This report was produced as part of NSS Labs' independent testing information services," the report states (p. 11). "Leading vendors were invited to participate fully at no cost, and NSS Labs received no vendor funding to produce this report."

NSS Labs' report, "Web Browser Security: Socially-Engineered Malware Protection -- Comparative Test Results Global, August 2011" can be downloaded for free here. The testing organization also produced two regional reports for Europe and the Asia-Pacific.

About the Author

Kurt Mackie is the online news editor for the 1105 Enterprise Computing Group sites, including Redmondmag.com, RCPmag.com and MCPmag.com.

inside gcn

  • security in the cloud (ShutterStock image)

    Cloud security is the agency’s responsibility

Reader Comments

Thu, Aug 18, 2011 steve baltimore, md

Firefox 4? 6 was just released! I would have thought that Firefox 5 would have been used as a measure. Otherwise, IE 8 would have been more appropriate for comparison.

Thu, Aug 18, 2011 Mark Jaeger Michigan

You reviewed Firefox 4? When Firefox 6 is the current release? Why not stop at IE 7 if you want an oranges-to-oranges comparison?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group