2012 Browser Security Comparative Analysis: Socially Engineered Malware

Report Overview

The web browser is the primary vector by which malware is introduced to computers. Links in phishing emails, compromised web sites, and trojanized “free” software downloads all deliver malware via web browser downloads.  The web browser is also the first line of defense against malware infection. Browsers must provide a strong layer of defense from malware, rather than defer to antimalware solutions and operating system protections. This test examines the effectiveness of the leading web browsers in blocking malware.

Overall Malware Block Rate by Browser

Overall Malware Block Rate by Browser (higher % is better)

During the testing period, Internet Explorer 10 with App Rep had a mean malware block rate of 99.1%, with App Rep adding 10.6% percent to the 88.5% URL reputation blocking achieved by the browser. Chrome with Google’s Malicious Download Protection had a mean block rate of 70.4%.  However, only 4.5% of the blocked malware was based upon URL reputation; Google’s Malicious Download Protection provided 65.8% additional protection. Firefox and Safari, which have no download protection, were only able to block 4.2% and 4.3% of the malware respectively.  

The four leading browsers were tested against over ninety-one thousand samples of real world malicious software. Major differences in the ability to block malware were observed. Data represented in this report was captured over twenty (20) days through NSS Labs’ unique live testing harness, and provides insight into the built-in protection capabilities of modern browsers, including Chrome, Firefox, Internet Explorer, and Safari.

To put the numbers in perspective, for every twenty encounters with socially engineered malware, Firefox and Safari users will be protected from approximately one attack. That means nineteen out of twenty socially engineered malware attacks against Firefox and Safari users will end up testing the user’s antivirus and/or operating system defenses. Chrome users will be protected from about fourteen of the twenty attacks, leaving their antivirus and operating systems responsible for protecting against six attacks, and IE10 users will generally be protected from all twenty attacks.

Tested Products

  • Apple Safari 5
  • Google Chrome 21
  • Microsoft Internet Explorer 10
  • Mozilla Firefox 15

Download this unsponsored and independent report to see the full results.

Downloads

Category: 
Product types: 
Go to top