Microsoft pays for test that shows IE8 is most secure

Analysis
Aug 14, 20093 mins

IE8 is mighty strong against phishing sites, test finds.

In a test of Internet Explorer 8’s malware-blocking abilities, IE8 significantly bested the competitors. But then again, Microsoft paid for the test.

The tester, NSS Labs in Austin, evaluated the browsers over a two week period in July against live Internet sites. The test pitted these browsers against one another: Apple Safari 4, Google Chrome 2, Mozilla Firefox 3, Opera 10 beta and, of course, Microsoft IE 8. Testers were trying to ascertain how well these browsers detected what the researchers called “a socially engineered malware URL.” It defines this term as “a web page link that directly leads to a ‘download’ that delivers a malicious payload whose content type would lead to execution. These are links that appear to be safe, like a screen saver application, video codec upgrade, etc., designed to fool the user into downloading it. Security professionals also refer to these threats using different terms such as consensual or dangerous downloads.”

In other words, the test was basically restricted to testing the browser’s reputation filtering abilities, used mostly to defend against phishing. And here’s another tidbit … all of the browsers were being run on a Windows 7 machine.

The study showed that IE8 kicked the others to the curb when it came to the number of sites it recognized as malicious … although Opera actually beat them all when it came to speed of how quickly it would add a known malicious site to its blocked list. (The testers made a big point in their report that even though Opera won that round, it shouldn’t be paid much heed, as Opera did most poorly when it came to the number of nasty sites it recognized as such.)

I can’t fault Microsoft for working so hard to show its latest browser in a better light. Although I think a better way to do that is to build a product that works great and let the independent testers do the proclaiming for you. Question is, do tests like this have any value for you?

Disclaimer: I’ve been using Internet Explorer 8 since it was released as IE works better with some of the content management applications I access over the VPN. I tend to use Firefox for my everyday browsing all day long because I like the plugins. My favorites are the plugins for social networking (Socialite). I absolutely love Snap Links Plus, which opens multiple links on a page. I have Chrome, too, but find it to be mostly annoying and, like most of the world, haven’t found a reason yet to download Opera … although I hear good things about it.

As long as IE8 remains the most popular choice for the enterprise, it will be the biggest target for phishing and other social-engineering efforts — so it dang well better do as good a job as possible with its anti-phishing features.

Like this post? Check out these others.
  • First bits for SQL Server 2008 R2 are out
  • 5 Reasons To Use SharePoint Instead Of Emailing Excel Files
  • Sam Ramji: ‘Open source as an unstoppable phenomenon’
  • The Move-Mailbox cmdlet, a Cross-Forest move, and a complex password
  • Performance Analysis of Logs (PAL) Tool: Is a PAL every Administrator needs
  • Prioritizing Traffic in Remote Desktop
  • MicroHoo Search – coming to a browser near you
  • Criteo allows advertisers to re-target users to increase sales
  • August giveaways: we’re giving away SCCM books and free training

Plus, visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.) Follow All Microsoft Subnet bloggers on Twitter

Follow Julie Bort on Twitter