Microsoft may get criticised for security issues, but IE8 just came top in a security study, beating Firefox, Chrome, Safari and Opera. Larry Walsh asks – is it time to reassess your choice of browser?
Microsoft gets a lot of grief (and deservedly so) for the insecurity of its products. But when it comes to stopping common Web-based attacks against browser users, its Internet Explorer 8 topped the field of major browsers in a security test conducted by NSS Labs.
Within each Web browser are discreet features that guard against malicious activity, such as phishing attacks, pixel-embedded malware, digital certificate inspection, Web site reputational analysis and cross-site scripting (XSS) attacks.
In the NSS Labs test with live traffic, Internet Explorer 8 caught 81 percent of the attacks coming over the wire. IE8 – an upgrade that we rated highly in our review – vastly outperformed the second closest rival, Firefox 3, which caught 54 percent of the inbound threats. IE8’s performance improved 12 percent over a similar test conducted the previous quarter; NSS Labs credits continual improvements to its SmartScreen technology.
The virgin install of Firefox 3 (IE’s biggest challenger with a billion downloads) failed to impress testers, but it did dramatically improve when used with Google’s SafeBrowsing, a plugin that inspects Web sites for malicious or fraudulent characteristics.
Google’s ballyhooed browser Chrome (v2) only caught 7 percent of the threats, a drop of 8 percent from the previous test. Safari 4 picked up 21 percent of the threats and Opera 10 Beta was the worst performer, detecting just 1 percent of malicious traffic.
When it comes to phishing attacks, Firefox improved its standing against IE8; the two browsers scored a statistical tie (IE8, 83 percent; Firefox 3, 80 percent). Opera 10 dramatically improved its performance from the malicious traffic test by catching 54 percent of phishing attacks. Chrome 2 and Safari 4 rounded out the test field, catching 26 percent and 2 percent of the attacks, respectively.
“Web browsers are in a unique position to combat phishing and other criminal activities by warning potential victims that they are about to stray onto a malicious Web site. Since phishing sites have an average lifespan of only 52 hours, it is essential that the site is discovered, validated, classified and added to the reputation system as quickly as possible… The developers at both Microsoft and Mozilla clearly understand this relationship and respond quickly to block new phishing sites,” NSS Labs wrote in its report.
It’s easy to dump on Microsoft for its long history of security vulnerabilities and faulty software. And browser purists will argue the feature virtues and performance of Firefox, Safari and Chrome over Internet Explorer. But the NSS Labs test shows that the superior security performance of Internet Explorer 8 (still the leading browser in business, for various reasons)should give users pause in considering a switch to a competing browser.