NSS Labs Performs International Tests of Web Browsers Against Socially Engineered Malware
August 15, 2011
Malware
Infection Rates Are Almost 70% in Some Countries; Malware Blocking by Browsers Range from 6% to 99%
CARLSBAD, Calif., August 15, 2011 - NSS Labs, Inc., the leading
independent security testing organization, today announced the release of its
latest Web Browser Security Comparative Test Reports against Socially-Engineered
Malware for the third quarter of 2011. Two tests were carried out; one global
test and one Asia-Pacific specific test. These reports examine the ability of
five different web browsers to protect users from socially-engineered malware.
Socially engineered malware
(SEM) remains the most common security threat facing Internet users today, claiming
one third of internet users as victims. These attacks pose a significant risk
to individuals and organizations by threatening to compromise, damage, or
acquire sensitive personal and corporate information. European and American
users have found themselves particular targets of malware authors over the last
12 months. North America has consistently been the primary host of malicious
URLs, while users in Asia have been victims of the greatest number of malicious
URLs.
Cybercriminals
are taking advantage of the implied trust relationships inherent in social
networking sites (Facebook®, MySpace™, Badoo, StudiVZ, Skyrock, LinkedIn®,
renren, Kaixin001 (a.k.a. Happy Net), 51, Multiply, Cyworld, Orkut, Mixi, etc.)
and user-contributed content (blogs, Twitter™, etc.) which allow for rapid
publishing and anonymity. Furthermore, the speed at which these threats are
“rotated” to new locations poses a significant challenge to security vendors.
Browsers
tested in the report include:
- Apple® Safari® 5
- Google Chrome™ 12
- Windows® Internet Explorer® 9 (IE9)
- Mozilla® Firefox® 4
- Opera™ 11
Key findings from the reports show
- Browsers can offer an additional layer of protection beyond antivirus.
- Results varied from Q3 2010 test, with IE9, Chrome, and Opera showing improvement, while Firefox and Safari decreased in protection.
- Microsoft’s IE9 achieved over 99% in protection results with the new Application Reputation feature.
The use of free browser-based reputation systems to
assist in the fight against socially-engineered malware is a strong use of cloud
technologies. However, in these tests of socially-engineered malware, we found
that not all vendor implementations and daily operations yield the same
results. It became obvious from these recent tests, in comparison to NSS Labs’
earlier global tests, that Microsoft continues to improve their IE malware
protection in IE9 through its SmartScreen® Filter technology and with the
addition of SmartScreen Application Reputation technology. With a unique URL
blocking score of 99.9% and over-time protection rating of 99.2%, Internet
Explorer 9 was by far the best at protecting against socially-engineered
malware. Copies of the Web Browser Security Comparative Test Report against
Socially-Engineered Malware (including Global, Asia-Pacific, and European
reports) are available for no charge at www.nsslabs.com/browser-security.
About
NSS Labs, Inc.
NSS Labs, Inc. is the leading independent, information
security research and testing organization. Its expert analyses provide
information technology professionals with the unbiased data they need to select
and maintain complex security products for their organizations. Pioneering
intrusion detection and prevention system testing with the publication of the
first such test criteria in 1999, NSS Labs evaluates firewall, unified threat
management, anti-malware, encryption, web application firewall, and other
technologies on a regular basis. The firm’s real-world test methodology is the
only one to assess security products against live Internet threats. NSS Labs
tests are considered the most aggressive in the industry. Founded in 1991, the
company has offices in Carlsbad, California and Austin, Texas. For more
information, visit www.nsslabs.com.
