December 16, 2010, 6:02 PM — It would be unfair to suggest that Microsoft's Internet Explorer is better at resisting social-engineered malware than more highly regarded browsers simply because IE users have so few social skills that they can't even make malware work.
That would be also be inaccurate, unfortunately.
It's the browser that broke the malware, at least in this case.
The report, which came out today from NSS Labs, tested how well leading browsers resisted clickjacking -- links that led directly to sites that downloaded malware onto the victim's computer without the victim's knowledge.
Firefox, Chrome and Safari, each of which individually has higher approval ratings than the collected positives for every version of IE ever produced, blocked socially engineered malware at rates below (sometimes well below) 20 percent.
IE 8 scored 90.2 percent and IE 9 scored an astonishing 98.7 percent.
Internet Explorer uses Microsoft's SmartScreen Filter to check for malwardian clickjack attempts; IE9 adds an application reputation system to boost its numbers.
The others use whitelist/blacklists to identify clickjacking sites, which is effective enough if the lists cover every potential site on the Web and are continually updated to that last tenth of a second, but that wouldn't leave you much time for browsing.
Chrome, Firefox and Safari all use the Google Safe Browser whitelist/blacklist service, but scored very differently.
Firefox 3.6 foiled 19.5 percent of attempts; Safari 5 spoiled 10.9 percent; Chrome 6 (which you'd think would be the most effective at using Google's own whitelist service) scored a pathetic 3.4 percent.
Opera 10, by the way didn't block anything.
This doesn't mean IE is safer than the rest of the crowd. Weaknesses in its Protected Mode actually makes Adobe Reader X, Chrome and some other apps that rely on it less secure than they were without it.
And, of course, being found to use Internet Explorer by choice is a good way to limit your opportunities for social activities of any kind, which might be a good thing if it's true that abstinence is as good insurance against unintended consequences online as it is in the real world.