Is Microsoft’s Windows Internet Explorer 9 the most secure browser out there? It depends who you ask. A study published today by NSS Labs says that indeed Microsoft bests Google, Mozilla, and Apple when it comes to blocking malware.
NSS tested Microsoft’s Internet Explorer 9, Google Chrome versions 15 through 19, Mozilla Firefox versions 7 through 13, and Apple Safari 5 to see which of the big four are best at protecting users against leading forms of malware linked to bank fraud, password theft, fake antivirus scams, and click fraud.
First, some background. The firm conducted the study over a period of 175 days between December 2011 and May 2012, though the results were calculated based on 10-day moving averages. Each browser was tested with all available updates installed on identical virtual machines running Windows 7. The tests were run every six hours until the malicious URL was no longer active, resulting in over 750,000 tests cases per browser.
Out of the 84,396 URLs, IE9 blocked 95 percent of malicious activity, Chrome blocked 33 percent, while Safari and Firefox both blocked less than 6 percent. Those numbers are based on a combination of the two reports, as a running average of all successful blocks.
Here’s the general malware breakdown for the 175 days:
Microsoft’s browser blocked 94.0 percent of general malware and 96.6 percent of click fraud, Chrome stopped 27.6 percent of malware and only 1.6 percent of click fraud, Firefox was 5.0 percent for malware and at 0.8 percent for click fraud, while Safari was at 4.7 percent for malware and 0.7 percent for click fraud.
The report noted that Chrome’s performance was particularly worrying: “Chrome’s adoption rate has established it as the leader in overall browser market share as of the latter half of 2012. Unless Chrome improves its protection against click fraud, NSS predicts an increase in fraudulent click transaction rates given Chrome’s dominant and increasing market share.”
Here’s the click fraud breakdown for the 175 days:
Click fraud isn’t so much malware as it is a scam. It’s thus odd that there was such a focus on click fraud, especially given these two statements from NSS: “Click fraud itself causes minimal direct harm to the typical end user as the ultimate target is the ad buyer” and “the average lifespan of a click fraud URL was 32 hours with over 50% expiring within 54 hours.”
The company did note, however, that users are sometimes infected by additional malware as a by-product of click fraud installation, which is definitely worth emphasizing. “While it is apparent from these results that click fraud is a leading purpose of browser malware, it is surprising and concerning that there is such a large difference between blocked rates for other malware types vs. click fraud from browser to browser,” the report states.
I think it’s also worth noting that NSS Labs has told me before it doesn’t have the funding to conduct these tests and often requires sponsorship. In fact, the firm has previously published studies that were sponsored by Microsoft. When I checked with the company to verify the credibility of this latest study, however, I was told this no longer applies: “This was independent research done only by NSS Labs and was not sponsored by Microsoft.”
Image credit: George Crux