Internet Explorer Ranks #1 for Blocking Malware: Study

Microsoft has been judged the clear winner in a recent test of how well web browsers block unintended access to malicious software on websites. It's great news for Microsoft's reputation, though some critics suggest the methods used in the test may be lacking.

Browser Malware Protection Tested, Compared

The browser comparison was conducted by independent security firm NSS labs. The test observed a feature known as browser protection, which appears in all the major browsers under various names.

In general, browser protection is designed to deal with situations where users are tricked into visiting a bogus website that houses malware; for example, by accidentally / unknowingly clicking on a malicious link on a website.

The feature involves the browser checking a list of website addresses (also known as "URLs"), that are suspected to host malicious software. The browser protection is then suppose to warn users of the risk involved in visiting a potentially malicious page, and requires them to click a confirmation button before allowing the page to load onto the browser (which could then possibly infect a PC).

Seven Hundred Sites Tested For Malware

NSS carried out tests on the latest finished and publicly available versions of each of the major browsers, checking how they coped with a list of 706 active websites known to be a serious risk to users in Europe.

The results showed Internet Explorer 9 (IE9) blocked 92 per cent of the sites, while IE8 managed 90 per cent. Meanwhile, Chrome 10, Firefox 4 and Safari 5 were all far behind at 13 per cent, with Opera 11 at five per cent.

The three-way tie is because the sites all use Google's data for dubious sites. (Source: nsslabs.com)

Application Reputation Checks for Auto-Loading Malware

NSS also tested an additional Internet Explorer feature known as Application Reputation, which checks to see if the page hosts any files that will automatically run when the page is loaded. The results were intriguing: it managed to pick up the eight per cent missed by the browser protection, thus catching every page on the test.

Caveat: Testing Methods Have Limitation

There are, of course, some limitations to the methods of this testing.

First of all, this test only checked the ability to block websites that may pose a threat. It doesn't test how well browsers cope when users do get onto an infected website -- for example, one that hasn't yet made it onto the block list. Although Internet Explorer 9 appears to have made major improvements in this area, historically, it has a poor reputation.

Another potential problem is that the testing didn't explore the risk of false positives, where browsers mistakenly identify legitimate sites as compromised.

While it's not known for certain, there's a possibility that IE9's high detection rate may be because the browser is being overcautious about which sites to flag. That could lead to users becoming frustrated and taking less notice of warnings. (Source: arstechnica.com)