Chrome improves anti-malware blocking score by 340%
But Microsoft's IE9 stymies seven times more dangerous URLs
Computerworld - Google's Chrome blocked four times more malicious sites and malware than a year ago, but Firefox 4 was much less effective at warning users of danger than Mozilla's browser last year, according to a report released Monday.
Both were thrashed by Microsoft's Internet Explorer 9 (IE9), however, which easily retained its crown, said NSS Labs in a reprise of a 2010 study of browser anti-malware technologies.
Even with Chrome's improved detection -- it blocked 13.2% of the malware links that NSS threw at it during a 14-day run ending June 10 -- IE9 beat it with a score seven-and-a-half times higher.
According to NSS' test results, IE9 displayed a warning message for 96% of the malicious URLs, with the program's Application Reputation feature stymying an additional 3.2% for a total blocking score of 99.2%. Last year, IE9 posted a 99% score.
Application Reputation, or "App Rep," uses a file's hash -- which identifies the file contents -- and its digital certificate to determine whether it's a known application with an established reputation. For instance, "firefox.exe" would be labeled a legitimate download with a known history and reputation. If App Rep's algorithm ranks the file as unknown -- perhaps because the hash value hasn't been seen before -- IE9 throws up a warning when users try to run or save the file.
App Rep is a part of the overall SmartScreen technology included with IE9, the browser that runs only on Windows 7 and Vista.
NSS did not retest IE8, the newest Microsoft browser that works with Windows XP, still the most widely used edition of the operating system. Last year when it put IE8 through the paces, the 2009 browser blocked 90% of the sites that tried to download attack code.
Hackers spread "social-engineered malware" -- NSS Labs' term -- by enticing users to visit malicious sites that then dupe them into downloading attack code. Such downloads often pose as an update to popular software, an innocuous video codec or a seemingly-useful antivirus program.
The tests did not include sites that attack browsers without any user interaction through drive-by attacks that exploit vulnerabilities in Windows or its applications.
Rick Moy, president of NSS Labs, said that Microsoft's SmartScreen technology remains the browser anti-malware technology to beat, pointing out that it easily trumped Google's rival Safe Browsing API, which is used by Chrome, Firefox and Apple's Safari.
Google maintains a blacklist of suspected or known malicious sites, then serves that list via the Safe Browsing API to its own and other browsers.
The troika that uses the API fared poorly in NSS' tests.
Chrome was the best of the three, blocking 13.2%, up 10.2 percentage points from last year, a 340% improvement. Firefox 4, however, displayed a warning on only 7.6% of the URLs, a drop of 11.4 points from Firefox 3.6. (NSS Labs ran its tests before Mozilla shipped Firefox 5.)
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts