IE8 best at blocking malware sites, says study
The two bottom browsers, Opera 9.64 and IE7, were essentially useless at stopping their users from visiting bad sites, catching just 5% and 4%, respectively. "[They] provided virtually no protection against malware," said the NSS report.
Microsoft was the sole sponsor of the test, Moy acknowledged, adding that having just one funding source was unusual for his company. "It wasn't exactly a comfortable feeling, but I think it was all pretty above board. They were very hands off."
Even though Gartner Inc. analyst John Pescatore noted that NSS has a solid reputation in testing circles, he cautioned against reading too much into the report. "You do have to look at the results of this with a jaundiced eye," he said Tuesday.
Pescatore also questioned whether the numbers reflected how browsers -- and more importantly, browser users -- really work. "For IE7 and Firefox, in real-world use, we don't see any major difference in their security performance," he said. "If you look at how Firefox 3.0 is really used, and how IE8 is used, and the typical user, I don't think there's going to be a tremendous difference in blocking malware sites. They use very similar databases."
In fact, Firefox, Chrome and Safari all turn to the same source for their blacklist: Google's SafeBrowsing API. Moy wasn't able to completely explain why, if that's the case, the three browsers' scores were so different in the NSS tests. He did, however, speculate that while each browser pings Google's blacklist, they handle the information differently, and may add or subtract from it using their own algorithms.
"The implementation [of SafeBrowsing] is different in Firefox than the others using it," Moy said.
The NSS report can be downloaded from the company's Web site (PDF download). NSS has also scheduled a webinar for March 31 at 10 a.m. Pacific time, during which it will outline its results. Users can register for the session on the NSS site.
Read more about Security in Computerworld's Security Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!