Home > Uncategorized > Microsoft’s IE8 Catches Most ‘Social Malware’

Microsoft’s IE8 Catches Most ‘Social Malware’

March 20th, 2009 Leave a comment Go to comments

A study by NSS Labs of 6 major web browsers shows a large difference in their ability to block “socially engineered malware.”

NSS Labs is an independent entity with business in many areas unrelated to this, but it’s important to note that the study was funded by Microsoft.

That said, and even though the study shows IE8 and it’s new SmartScreen filter head and shoulders above all other browsers, the funding does not make the study illegitimate. “Socially engineered malware,” as they put it, is arguably the most important form of malware these days. We’ve reported on it many times in the last year, with recent examples here , here and here . The basic idea is that the user is enticed into visiting a web site and downloading malware believing it to be something else.

The recent generation of web browsers has approached this problem with reputation services, just as they have with phishing. Just as phishing sites are often initially blocked by browsers (“…this is a reported phishing web site”) based partly on blacklists of domains and IP addresses, so are malware sites being blocked.

NSS Labs’ tests came up with these results overall:

Browser Malware Catch Rate
IE8 (RC1) 69%
Firefox 3.07 30%
Safari v3 24%
Chrome 1.0.154 16%
Opera 9.84 5%
IE7 4%

You don’t have to think ill of NSS Labs to realize that it’s hard to take the results completely seriously until they are confirmed by a source not funded by Microsoft. They didn’t publish the exact sample URLs so an exact replica can’t be performed, and in any event such sites are highly transient. But replicating the basic idea of the test is an excellent idea for anyone with access to enough malware and a decent lab.

The other important take-away from this is that even the best numbers from IE8 are low. Protection such as this is a good defense-in-depth measure, but it’s no substitute for a good anti-malware program and other protections, such as least-privileged access.

Share
  1. No comments yet.
  1. No trackbacks yet.