Computerworld - Microsoft's Internet Explorer 9 (IE9) blocks more malicious sites and malware than any other browser, including its predecessor IE8, according to a report released Tuesday.
The still-in-beta browser was five times more effective at warning users of potential danger than its closest rival, Mozilla's Firefox, said NSS Labs, which conducted a Microsoft-commissioned study of browser anti-malware tactics and technologies. IE9 also beat Microsoft's current production browser, IE8, by nine percentage points.
Microsoft claimed that IE9's improved score was due to the addition of SmartScreen Application Reputation, a new feature that uses a complex algorithm to rank the probability that a download is legitimate software.
"We wanted to look at malware blocking from a new perspective," Jeb Haber, principal program manager lead for IE security, said in a Tuesday interview. "We looked at what people are downloading [via IE] and found that a significant percentage of executable files were later confirmed to be malware."
Application Reputation, or "App Rep," uses a file's hash -- which identifies the file contents -- and its digital certificate to determine whether it's a known application with an established reputation. For example, "firefox.exe" would be labeled a legitimate download with a known history and reputation. If the App Rep algorithm ranks the file as unknown -- perhaps because the hash value hasn't been seen before -- IE9 throws up a warning when users try to run or save the file.
Haber refused to call App Rep a "whitelist" -- the term for a pre-approved list of allowed software -- saying that it was more accurately an "allow" model since users can click through the warnings and still install software that triggers a warning.
Microsoft started serving App Rep data to IE9 Beta in October.
Haber said Microsoft sees App Rep as a way to "close the gap" that remains in browser-based anti-malware technologies, which generally just interpose a warning between the time users click on a potentially risky link and when the site renders.
NSS Labs attributed the bulk of IE9's improved score over IE8 -- which offers anti-malware blocking through SmartScreen Filter -- to App Rep. At a minimum, said Rick Moy, president of NSS Labs, five of the nine percentage points that IE9 scored over IE8 can be credited to App Rep.
"Reputation matters," said Moy, "and [App Rep] is pretty darn compelling."
But Moy also gave kudos to Microsoft's decision to put money and muscle behind browser blocking. "The obvious question is why does IE do such a good job?" asked Moy. "It's clear that the others just aren't putting the same amount of resources into solving the problem of malware and social attacks. The data bears that out."
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
