- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Network World - Microsoft's Internet Explorer 8 rated tops among five browsers tested by NSS Labs for effectiveness in protecting against malware and phishing attacks—though NSS Labs acknowledges Microsoft paid for the tests.
Nevertheless, the test process, which lasted over a two-week period in July at the NSS Labs in Austin, evaluated the browsers based on access to live Internet sites and in theory could be duplicated elsewhere. Apple Safari 4, Google Chrome 2, Mozilla Firefox 3, and Opera 10 beta were evaluated as being behind Microsoft IE 8 when it comes to browser protection against phishing and malware, mainly because Microsoft was deemed more speedy and comprehensive in delivering updates about known phishing and malware to the user's desktop browser.
Time is of the essence to use the browser as protective cover, one of the two NSS Labs reports issued Thursday notes. The report cites an Anti-Phishing Working Group estimate that more than 47,000 unique attacks occurred in the second half of 2008 with an average lifespan of 52 hours.
The test was based on 593 validated URLs. "The average phishing URL catch rate for browsers over the entire 14-day test period
ranged from 2% for Safari 4 to 83% for Windows Internet Explorer 8," the test report states. "Internet Explorer 8 and Firefox
3 were the most consistent in the high level of protection they offered."
Firefox 3, which boasted 80% effectiveness in the phishing test, finished just behind IE 8's 83%. Coming in at third was the Opera 10 beta at 54%, followed by Chrome 2 at 26% and Safari 4 at 2 % in terms of mean block rate for phishing.
"Google Chrome's overall catch rate of 26% was below average," the "Web Browser Security: Phishing Comparison Comparative Results" report concludes. "We expected better results given the fanfare about Google's SafeBrowsing initiative . Additionally, a third-party (Firefox) was able to utilize Google API to achieve significantly better protection than Google's own browser."
In the testing for how well each of the five browsers provide protection against socially-engineered malware—defined as a Web page link that leads directly to a ‘download' that delivers a malicious payload whose content type would lead to execution—Microsoft was also found to perform the best.
In a test based on 608 potentially malicious URLs, IE 8 achieved an 81% mean block rate for socially-engineered malware, while Firefox 3 logged in at 27%, Safari 4 at 21%, Chrome 2 at 7% and Opera 10 beta at 1%. On average, 197 new validated URLs were added to the test each day, more or less depending on "criminal activity levels" as malicious URLs quickly rolled in and out of use.
IE Explorer 8, which calls its protection mechanism SmartScreen , did best for protecting against socially-engineered malware in what was called the "zero hour" timeframe when a malicious URL was spotted by blocking 51% of the time. By the fifth day of the known malicious URL, IE 8 was blocking 91% of the time, Firefox 3 24%, Safari 4 22% , Chrome 2 14% and Opera 10 beta 1%.