IE8 best at blocking malware sites, says study
The two bottom browsers, Opera 9.64 and IE7, were essentially useless at stopping their users from visiting bad sites, catching just 5% and 4%, respectively. "[They] provided virtually no protection against malware," said the NSS report.
Microsoft was the sole sponsor of the test, Moy acknowledged, adding that having just one funding source was unusual for his company. "It wasn't exactly a comfortable feeling, but I think it was all pretty above board. They were very hands off."
Even though Gartner Inc. analyst John Pescatore noted that NSS has a solid reputation in testing circles, he cautioned against reading too much into the report. "You do have to look at the results of this with a jaundiced eye," he said Tuesday.
Pescatore also questioned whether the numbers reflected how browsers -- and more importantly, browser users -- really work. "For IE7 and Firefox, in real-world use, we don't see any major difference in their security performance," he said. "If you look at how Firefox 3.0 is really used, and how IE8 is used, and the typical user, I don't think there's going to be a tremendous difference in blocking malware sites. They use very similar databases."
In fact, Firefox, Chrome and Safari all turn to the same source for their blacklist: Google's SafeBrowsing API. Moy wasn't able to completely explain why, if that's the case, the three browsers' scores were so different in the NSS tests. He did, however, speculate that while each browser pings Google's blacklist, they handle the information differently, and may add or subtract from it using their own algorithms.
"The implementation [of SafeBrowsing] is different in Firefox than the others using it," Moy said.
The NSS report can be downloaded from the company's Web site (PDF download). NSS has also scheduled a webinar for March 31 at 10 a.m. Pacific time, during which it will outline its results. Users can register for the session on the NSS site.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts