July 16, 2011, 1:37 PM — The in-house reputation system used in Internet Explorer 8 and 9 is markedly superior at blocking social-engineering attacks than the Google equivalent used by Chrome, Firefox, Apple's Safari, an independent test by NSS Labs has found.
Rating the browsers against a sample set of European malware URLs over 19 days in April, IE 8 achieved a mean block rate of 90%, leaving Chrome 10, Firefox 4 and Safari 5 in the dust on 13% each. Opera, which uses technology from antivirus company AVG, came in last on 5%.
When assessing IE 9 with application filtering turned on, the results were even more dramatic, taking that version to a mean blocking rate of 100%.
Internet Explorer's positive showing appears to be thanks to two embedded technologies; Smartscreen URL Filter, a cloud-based system that checks URLs against a master database. This is present in both IE 8 and 9 and seems to work more or less identically in both.
In addition, IE 9 has added a second system, SmartScreen Application Reputation which on the basis of this test offers browser users a remarkably effective level of download block protection. Chrome, Firefox and Safari all use a rival URL checking system, Google's Safe Browser Feed, which as previous NSS Labs tests have suggested, is now falling some way behind.
"The significance of Microsoft's new application reputation technology cannot be overstated. Application Reputation is the first attempt by any vendor to create a definitive list of every application on the Internet," the authors conclude.
"Browsers provide a layer of protection against socially-engineered malware, in addition to endpoint protection products; as this report shows, not all are created equal. The overall lower protection offered by Firefox, Safari, and Chrome is concerning."
An extra but important dimension also tested was the 'average response time to block malware', basically the time it took each browser to add a problem site to the block list once it had been fed in to the test by NSS Labs.
Again, IE 9 with Application Reputation enabled gained a perfect score, adding a site without any delay, the only browser to manage such a feat. Interestingly, however, without the Application layer, IE 8 and 9 sank down the table, taking nearly 14 and 16 hours respectively, behind Safari's five hours, Chrome's nearly seven hours, and Firefox's 8 hours.
Block time is worth paying attention to because the longer protection takes to be activated, the longer the window of possible exposure.