IE10 beats Chrome, Safari, Firefox at blocking web malware

[DrBeenGolfing]

Internet Explorer 10 offers better protection against malware hosted on websites than Chrome, Safari, Firefox and Opera, according to a new browser security study.

At 99.96 percent, IE10's malware block rate outperformed Chrome's (versions 25 and 26) block rate of 83.16 percent, according to a study by analyst firm NSS Labs.

The difference between the two browsers however was minor compared to their lead on rivals: Safari 5 blocked 10.15 percent of malware, Firefox 19 blocked 9.92 percent and Opera 12 only blocked 1.87 percent in the study said.

The company tested each browser's ability to block malware from a sample of 754 URLs that were found to be "active and malicious". The company said it removed adware and false positives and tested the URLs against each browser every six hours between 13 March and 9 April this year.

According to NSS, Chrome and IE10 both offered superior defences because of the additional file blockers Microsoft and Google employed in their respective browsers.
More:
http://www.zdnet.com/ie10-beats-chrome-safari-firefox-at-blocking-web-malware-7000015409/

 

[rebel4life]

hmm hogwash i read on a forum that zdnet has some kind of deal with mircosoft so dont think these teasts is fair just my 2 cents worth

 

[Venustus]

I'm finding it very difficult to trust any test these days with regards to security,and or software!

 

[jamescv7]

In reality IE10 does really good with their SmartScreen Filter feature, and that's the main concentration for browser.

There are likely the first implemented that feature and its been followed by others.

Since its probably integrated based for the MSE.

 

[DrBeenGolfing]

hmm hogwash i read on a forum that zdnet has some kind of deal with mircosoft so dont think these teasts is fair just my 2 cents worth

Our very own MalwareDoctor did a browser v malware video(s) a couple of months ago with these browsers---same results as this lab had. Bty--it wasn't ZDNet that did this test.

 

[McLovin]

And people say Internet Explorer is bad. I've always liked IE when I'm not using Waterfox. The only problem I have with Internet Explorer is not having a built in Spell Check.

 

[DrBeenGolfing]

And people say Internet Explorer is bad. I've always liked IE when I'm not using Waterfox. The only problem I have with Internet Explorer is not having a built in Spell Check.

IE 10 finally has one - better late than never I guess.

 

[Nico@FMA]

IE out of the box is a rather good browser, and as a browser on its own it does offer some level of protection.
The massive downside IE has, is a problem that will never go away.
Its part of the OS itself in such way that if the OS is subject to exploits and vulnerabilities then IE will be the first to reflect that vulnerability and be open to those exploits.

Which basically contradict everything MS does and say in terms of browser security.

So imo IE cannot be as save as Opera, FF, Safari or Chrome based browsers.
As the config its designed to fit in is the weakest factor here.

That said if you compare IE 5 up to 10 towards Opera, FF and Chrome (The last 3 years) then you see that MS has again contradicted itself, as it did a rather nice job in taking options out of Opera and FF and build their own version into the newer IE version.
I remember the days where MS was saying that Opera and FF are bad browsers, fact is that if you look at the latest 4 versions of IE that you see a selection of features who can be directly traced back to Opera and FF roots.
So yes IE has become saver, IE has become faster and more stable.
But the international community has been saying for years that unless IE is going to fundamentally change something they will never catch up.
Today IE 10 is a good browser, and yes it does present the user with a wide range of features who should enhance security.

But keep in mind that took over 10 years to achieve where browsers like Opera and FF where featuring those options already like 8 years ago.
Now out of the box IE is a better browser then FF or Opera or Chrome, specially if the OS is patched up.

But both Opera and FF still have a massive lead on IE and nowadays Chrome is also surpassing IE, because their biggest PLUS is that they are not part of the OS and that they have upgraded their browser core as well, to a point where IE needs another 10 years to catch up.

As long IE is a integral part of the OS it will never be as good as a standalone browser, but then again if MS would use Opera or FF as their build in browser then both would suffer the same faith as IE does.
To much bugs, vulnerabilities and exploits that can hit IE because its OS is not up to the task.

If you would rip IE out of the OS and make it a standalone browser then i have no doubt that IE can be just as good as the other browsers.
Its all there its just not working properly thanks to the OS.
And thats the biggest security feature the other browsers have....

Cheers

 

[jamescv7]

Exchange of those patches for IE, it declared for being not the most vulnerable software unlike Adobe Flash, Adobe Reader, Java and even Google Chrome.

Popularity affects on how the targets existed.

 

[firestr001]

Whatever they say i prefer firefox over other and next chrome.

For my requirements they are the best

 

[Nico@FMA]

Exchange of those patches for IE, it declared for being not the most vulnerable software unlike Adobe Flash, Adobe Reader, Java and even Google Chrome.

Popularity affects on how the targets existed.

True, so true.
However one needs to realize that 80% of those holes are only accessible due to the OS itself.

This has been proven that if MS does patch some holes then flash vulnerabilities would be virtually gone.
That said we all know that JAVA and FLASH have major problems, and those problems are in some situations more problematic then the average flaw in MS OS.
Thing however is and i pointed this out in several posts is that if MS would patch up properly then most of the external flaws would not see daylight.
So one has to remember that its a combination of flaws that eventually lead to infection.
And if the CORE itself is hardened as it should then the damage by external flaws is minimal.
But its that combination that actually provide a attacker with a way in, as the small flaws in flash (Which are not even big flaws as they are largely bound to how the OS is coded and thus limited to the rules set by the MS core.)

But yeah you are right.

 

[Gnosis]

Good to know for the masses, but too little too late for me. I am never getting away from Firefox and Opera.

 

[DrBeenGolfing]

Ah, I found one of McLovin's videos on just this subject. Keep in mind we are talking about these browsers ability to block malware and malicious downloads - not any other features or if you do or do not like one browser or the other. Note IE 9 blocked 100% of malware downloads - just like the NSS Lab result.

 

[DrBeenGolfing]

And, here is our own MalwareDoctor's review of IE10. He also has reviews of Chrome and a couple of other browsers if you'd care to look at them on his YouTube channel.

 

[DrBeenGolfing]

IE out of the box is a rather good browser, and as a browser on its own it does offer some level of protection.
The massive downside IE has, is a problem that will never go away.
Its part of the OS itself in such way that if the OS is subject to exploits and vulnerabilities then IE will be the first to reflect that vulnerability and be open to those exploits.

Which basically contradict everything MS does and say in terms of browser security.

So imo IE cannot be as save as Opera, FF, Safari or Chrome based browsers.
As the config its designed to fit in is the weakest factor here.

That said if you compare IE 5 up to 10 towards Opera, FF and Chrome (The last 3 years) then you see that MS has again contradicted itself, as it did a rather nice job in taking options out of Opera and FF and build their own version into the newer IE version.
I remember the days where MS was saying that Opera and FF are bad browsers, fact is that if you look at the latest 4 versions of IE that you see a selection of features who can be directly traced back to Opera and FF roots.
So yes IE has become saver, IE has become faster and more stable.
But the international community has been saying for years that unless IE is going to fundamentally change something they will never catch up.
Today IE 10 is a good browser, and yes it does present the user with a wide range of features who should enhance security.

But keep in mind that took over 10 years to achieve where browsers like Opera and FF where featuring those options already like 8 years ago.
Now out of the box IE is a better browser then FF or Opera or Chrome, specially if the OS is patched up.

But both Opera and FF still have a massive lead on IE and nowadays Chrome is also surpassing IE, because their biggest PLUS is that they are not part of the OS and that they have upgraded their browser core as well, to a point where IE needs another 10 years to catch up.

As long IE is a integral part of the OS it will never be as good as a standalone browser, but then again if MS would use Opera or FF as their build in browser then both would suffer the same faith as IE does.
To much bugs, vulnerabilities and exploits that can hit IE because its OS is not up to the task.

If you would rip IE out of the OS and make it a standalone browser then i have no doubt that IE can be just as good as the other browsers.
Its all there its just not working properly thanks to the OS.
And thats the biggest security feature the other browsers have....

Cheers

Any browser you download hooks into Windows OS - it has to in order to work.

 

[Nico@FMA]

IE out of the box is a rather good browser, and as a browser on its own it does offer some level of protection.
The massive downside IE has, is a problem that will never go away.
Its part of the OS itself in such way that if the OS is subject to exploits and vulnerabilities then IE will be the first to reflect that vulnerability and be open to those exploits.

Which basically contradict everything MS does and say in terms of browser security.

So imo IE cannot be as save as Opera, FF, Safari or Chrome based browsers.
As the config its designed to fit in is the weakest factor here.

That said if you compare IE 5 up to 10 towards Opera, FF and Chrome (The last 3 years) then you see that MS has again contradicted itself, as it did a rather nice job in taking options out of Opera and FF and build their own version into the newer IE version.
I remember the days where MS was saying that Opera and FF are bad browsers, fact is that if you look at the latest 4 versions of IE that you see a selection of features who can be directly traced back to Opera and FF roots.
So yes IE has become saver, IE has become faster and more stable.
But the international community has been saying for years that unless IE is going to fundamentally change something they will never catch up.
Today IE 10 is a good browser, and yes it does present the user with a wide range of features who should enhance security.

But keep in mind that took over 10 years to achieve where browsers like Opera and FF where featuring those options already like 8 years ago.
Now out of the box IE is a better browser then FF or Opera or Chrome, specially if the OS is patched up.

But both Opera and FF still have a massive lead on IE and nowadays Chrome is also surpassing IE, because their biggest PLUS is that they are not part of the OS and that they have upgraded their browser core as well, to a point where IE needs another 10 years to catch up.

As long IE is a integral part of the OS it will never be as good as a standalone browser, but then again if MS would use Opera or FF as their build in browser then both would suffer the same faith as IE does.
To much bugs, vulnerabilities and exploits that can hit IE because its OS is not up to the task.

If you would rip IE out of the OS and make it a standalone browser then i have no doubt that IE can be just as good as the other browsers.
Its all there its just not working properly thanks to the OS.
And thats the biggest security feature the other browsers have....

Cheers

Any browser you download hooks into Windows OS - it has to in order to work.

Uhhh yes, differences is that IE is considered as "windows" core as its so backed in that you cannot get it out even if you use a crowbar lol.
And this might seem funny, but that is a very vital thing.
So other browsers are not "deeplevel" coded into windows.
Which means that if malware manages to break IE then it automatically gets protection from the OS, which is not the case with third party browsers.

 

[Nico@FMA]

Also i will not deny that smart screen is a nice feature, but it is working according known bad domains and some bad file names.
I am pretty sure that if i would download the virus, and rename it and then upload it to a different server that smartscreen will not stop it.
Keep in mind the links used during testing are commonly known over the net, so because MS is collecting data from each windows box they are able to gather info which in turn gives smart screen the ability to block it.
And thats good, no argue there.
But IE gets a 99.9% score and thats also very good, infact thats pretty fantastic.
That being said i like someone to try what i just said, and if SS blocks it then, then this is something to think about.
As even aldo the results speak for them selfs i am not convinced.
Also one has to remember that the physical file might be blocked by SS but a TEMP file during download is still being made, which means that of its a aggressive virus that it still has the ability to infect you.
I am not trying to be a ass here as i am totally honest when i am saying that i find it impressive to start with, but i also learned in my many years that if there was reason for joy and happiness when MS came up with something that it always turned into crying.

So download a couple of viruses, rename them, upload it to some host, so it gets a new domain, then get the link and download it with IE having SS enabled.
And if IE blocks all the well done, but do me a favor run a scanner and see if the IE cache files are clean.
I would be more then interested to see that on video.

 

[MrXidus]

Also i will not deny that smart screen is a nice feature, but it is working according known bad domains and some bad file names.
I am pretty sure that if i would download the virus, and rename it and then upload it to a different server that smartscreen will not stop it.
Keep in mind the links used during testing are commonly known over the net, so because MS is collecting data from each windows box they are able to gather info which in turn gives smart screen the ability to block it.
And thats good, no argue there.
But IE gets a 99.9% score and thats also very good, infact thats pretty fantastic.
That being said i like someone to try what i just said, and if SS blocks it then, then this is something to think about.
As even aldo the results speak for them selfs i am not convinced.
Also one has to remember that the physical file might be blocked by SS but a TEMP file during download is still being made, which means that of its a aggressive virus that it still has the ability to infect you.
I am not trying to be a ass here as i am totally honest when i am saying that i find it impressive to start with, but i also learned in my many years that if there was reason for joy and happiness when MS came up with something that it always turned into crying.

Not that a .tmp file alone could do any damage as the antivirus would most likely pick it up before it gets to finish its file structure, if not - UAC and SmartScreen will.

 

[Nico@FMA]

Also i will not deny that smart screen is a nice feature, but it is working according known bad domains and some bad file names.
I am pretty sure that if i would download the virus, and rename it and then upload it to a different server that smartscreen will not stop it.
Keep in mind the links used during testing are commonly known over the net, so because MS is collecting data from each windows box they are able to gather info which in turn gives smart screen the ability to block it.
And thats good, no argue there.
But IE gets a 99.9% score and thats also very good, infact thats pretty fantastic.
That being said i like someone to try what i just said, and if SS blocks it then, then this is something to think about.
As even aldo the results speak for them selfs i am not convinced.
Also one has to remember that the physical file might be blocked by SS but a TEMP file during download is still being made, which means that of its a aggressive virus that it still has the ability to infect you.
I am not trying to be a ass here as i am totally honest when i am saying that i find it impressive to start with, but i also learned in my many years that if there was reason for joy and happiness when MS came up with something that it always turned into crying.

Not that a .tmp file alone could do any damage as the antivirus would most likely pick it up before it gets to finish its file structure, if not - UAC and SmartScreen will.

Thats what i am thinking as well and it should be.
But i remember myself a guy who did a similar review which also involved IE and SS and there was also a 100% block score, but still out of the 50 samples tested 19 managed to get past UAC and Defended/MSE thanks to those very TEMP files, Because this TEMP file is actually a exact copy of the file you are downloading so which means if you got a rather fast virus it can hop over pretty easy to your system.

See my point?

 

[ZeroDay]

Also i will not deny that smart screen is a nice feature, but it is working according known bad domains and some bad file names.
I am pretty sure that if i would download the virus, and rename it and then upload it to a different server that smartscreen will not stop it.
Keep in mind the links used during testing are commonly known over the net, so because MS is collecting data from each windows box they are able to gather info which in turn gives smart screen the ability to block it.
And thats good, no argue there.
But IE gets a 99.9% score and thats also very good, infact thats pretty fantastic.
That being said i like someone to try what i just said, and if SS blocks it then, then this is something to think about.
As even aldo the results speak for them selfs i am not convinced.
Also one has to remember that the physical file might be blocked by SS but a TEMP file during download is still being made, which means that of its a aggressive virus that it still has the ability to infect you.
I am not trying to be a ass here as i am totally honest when i am saying that i find it impressive to start with, but i also learned in my many years that if there was reason for joy and happiness when MS came up with something that it always turned into crying.

Not that a .tmp file alone could do any damage as the antivirus would most likely pick it up before it gets to finish its file structure, if not - UAC and SmartScreen will.

Thats what i am thinking as well and it should be.
But i remember myself a guy who did a similar review which also involved IE and SS and there was also a 100% block score, but still out of the 50 samples tested 19 managed to get past UAC and Defended/MSE thanks to those very TEMP files, Because this TEMP file is actually a exact copy of the file you are downloading so which means if you got a rather fast virus it can hop over pretty easy to your system.

See my point?

Have you got a link to this test where 19 samples bypassed UAC?