Internet Explorer 8 and 9 both block more socially engineered malware than Chrome, Firefox, Opera or Safari. At least, that’s what the Web Browser Group Test Socially-Engineered Malware Q3 2010 report from NSS Labs says. The results are similar to NSS Labs’ previous reports on the subject. Past browser testing reports from NSS Labs were reported to have been commissioned by Microsoft. I’m no longer able to find any disclosure about this in these reports.
So, should you scrap those plans to deploy Chrome in the enterprise you made earlier this evening? Not necessarily. These results are focused on the browsers’ native ability to block malware downloads – not the overall security of each browser.
When navigating to a site known to contain malware, one should hopefully get a warning such as this one:
Firefox warning
NSS Labs tested several popular browsers against a list of sites known to contain malware. Here is a chart summarizing the results:
Of course, there are other tools that can help protect your users from socially engineered malware, such as end-point protection software. And there are other potential security holes in browsers (to say nothing about PDF viewers). Also, NSS Labs did not test the phishing protection capabilities of any of these browsers.
What the results may indicate, however, is that Microsoft’s malware database is better than Google’s Safe Browsing data feed. Chrome, Firefox and Safari all use Google Safe Browsing data feed to block malware. But then why the discrepancy between those three browsers? NSS Labs speculates that the discrepancy could be due to differing implementations of the API, calling the API at different times or differing parameters used.
Perhaps the most surprising result is that Opera’s AVG powered malware blocking function failed to block a single malware download in NSS Labs’ tests.
The report indicates that NSS Labs found that Opera did not block malware that AVG’s Online Shield reputation system does indeed block. NSS Labs suggests that the integration of AVG’s technology into Opera is incomplete.
Opera’s PR Manager Thomas Ford told us that Opera’s malware protection is a compliment to its Fraud Protection mechanism, which also protects against phishing and other security issues. “We have multiple providers for our Fraud Protection mechanism,” Ford says. “It’s unclear why NSS Labs did not manage to test our AVG feed, but it is very strange that they do not test results
from any of our other providers, including Yandex, which performs very well in our tests.”
But this was not a test of Opera and other browsers’ protection against phishing, it was a socially engineered malware protection test. (NSS Labs did a testing of phishing protection last year, and Opera faired much better in that test.)
Ford also notes: “We would welcome hearing more from NSS Labs about their methodology, including the URLs used, so we could more fully evaluate their findings.”
Representatives from AVG did not respond to requests for comment. We covered controversy surrounding NSS Labs’ testing in general, and around its testing of AVG in particular, in our article Antivirus Product Testing is Changing, Whether Vendors Like it or Not.
It’s difficult to asses NSS Labs’ results without being able to access the company’s malware samples. In the past, vendors have complained that NSS Labs charges steep fees for access to its sample list. However, NSS Labs President Rick Moy has explained to us in the past that consulting is how NSS Labs makes its money since the company has moved away from commissioned testing. Other independent testers such as AV-Comparatives and AV-Test.org don’t tend to release malware samples either. That makes it very difficult for outside observers to evaluate the results of any of these tests.
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.