Microsoft PR almost hit a home run today, but they made their graph too hard to read. You see, the Microsoft teams around the world are touting a new browser security study that clearly shows that Internet Explorer 8 and 9 are the top browsers in the world for blocking consumer malware.
While that is perhaps surprising in and of itself, look at the chart below from the study which shows the percent of malware that each browser blocks, and tell me if you can spot just what looks wrong. It may take a second.
Yes, it is clear that Internet Explorer 8 and 9 are very good at “protect[ing] users against malware attacks,” but you may have pulled a double take when looking at the browser versions that were listed. We did, and so we chased down the study and looked into how it was executed.
On first blush the chart looks ridiculous. Opera 10? It had better not be 10.0 and so forth, that would be as out of date as a Model T. These were the tested browsers:
Chrome 6? Really? Chrome 8 is the current average user version, and Chrome 9 is just around the corner. Chrome 6 is quite a ways back from that, as you can imagine. To compare such an out of date browser is just unfair, and a bit ridiculous. If you want to pick on the competition, pick on their current version.
The other browsers seem to be more or less up to date, although we would have loved to see the Firefox 4 beta included in the test.
What do we make of all this? It seems completely plain that Microsoft is scrambling to save whatever may be left of Internet Explorer’s good name, so that when IE9 does finally come out, they can push it and not blush. The IE team has been working around the clock on its 9th version, and it is worlds improved, but it needs to be proven better, and this study is a step in that direction.
Microsoft sent us this quote, which should summarize exactly what the company is thinking:
Jason Miller of Shavlik Technologies, a global leader in simplifying the complexity of IT management, notes that with the recent NSS findings, “Microsoft is showing, with their current browser technologies, that security for end user browsing is important to them.”
Still, as this was a Microsoft sponsored test, it is sure to draw controversy.
A Google spokesperson sent us the following statement:
“As we’ve stated previously, these sponsored tests are limited in their sole focus on socially engineered malware, while excluding vulnerabilities in plug-ins or browsers themselves. Additionally, the testing methodology isn’t available in a way that can be independently verified. Google Chrome was built with security in mind from the beginning and emphasizes protection of users from drive-by downloads and plug-in vulnerabilities — for example, we recently introduced a new security sandbox for Flash Player.”