IE8 'Safest' Among Leading Browsers, Report Says

Those who made the upgrade to Microsoft's Internet Explorer 8 (IE8) will be pleased to learn that the browser has proven to be the most effective at blocking malware, following a recent study by NSS Labs. However, some experts question the validity of the results.

Five Browsers Tested

NSS tested a total of five Windows-based browsers including: IE8, Firefox 3.0.11, Safari 4.0.2, Chrome 2.0.0.172.33 and Opera 10 beta. The browsers were to defend their users against more than 2,100 malware sites in 69 tests run over a 12-day period.

The malware peddled on the infected sites is "socially engineered". This is basically the type of malware that tricks users into downloading attack codes. The attack codes are disguised, often as an update, to popular software such as Adobe's Flash Player.

12 Days of Testing

In the 12-day span, IE8 was able to block out 8 out of 10 malware-distributing sites, for a total of about 81% efficiency.

In contrast, the closest rival browser, Mozilla's Firefox 3.0, was able to catch just 27% of the same infected sites. Apple's Safari 4.0 blocked out 21% of the corrupt online destinations, while Google's Chrome 2.0 was good for a 7% total. Opera Software's browser provided the most dismal figure, identifying just 1% of the infected sites. (Source: idg.no)

This is not the first time NSS Labs has put these browsers to the test, running similar trials this past March. Since then, Microsoft managed to better their figures by 12 percentage points (a 17% improvement) while every other rival browser managed to fare worse than before: Firefox went down 3 percentage points, Chrome went down 8 and Safari and Opera each dropped 4 percentage points.

Validity of Results Questioned

There is still some concern over the validity of the results.

The testing was done by NSS Labs, which was sponsored by Microsoft's security team; a fact that raised the ire of a number of analysts when the first run of testing was completed in March.

Another cause for concern is that the tests did not include sites that spawn "drive-by attacks". These attacks do not require user interaction, an increasingly common tactic by hackers who often infect legitimate sites with kits that try a number of different exploits in the hope of compromising an unpatched browser or PC. (Source: pcworld.com)