IE9 decimates other browsers for socially-engineered malware protection in report

Mike Halsey MVP
Jul 16, 2011
Updated • Dec 9, 2012
Internet Explorer

Security firm NSS Labs have been running some tests on different modern web browsers to see how they defend and protect their users against socially-engineered malware.  This is malware that attempts to trick users into installing it, much in the way Apple Mac users have been suffering with the recent spate of 'Mac Defender' malware.

They praise Internet Explorer's SmartScreen filter for protecting users against significantly more social malware than any other current browser, and by the looks of the chart below this is by some significant margin.

smartscreen filter

In their report the firm describe socially-engineered malware as...

Socially-engineered malware attacks pose a significant risk to individuals and organizations by threatening to compromise, damage, or acquire sensitive personal and corporate information; statistics from 2008 - 2010 show that this trend is increasing at a rapid rate. According to a recent study by AVG, users are four times more likely to be tricked into downloading malware than be compromised by an exploit; criminals continue to increase their use of malware as a cybercrime attack vector. Anti-virus researchers report detecting between 15,000 and 50,000 new malicious programs per day, Kaspersky Lab has even reported detecting up to “millions per month.”

They go on to describe IE's SmartScreen filter as...

The SmartScreen Filter protection offered by Windows Internet Explorer 9 has two components: URL Reputation, which is included in IE8 and Application Reputation, which is new to IE9. IE9 caught an exceptional 92% of the live threats with SmartScreen URL reputation, and an additional 8% with Application Reputation. IE9 with SmartScreen offers the best protection of any browser against socially engineered malware. Protection against malware targeting European users matched our broader findings from the Q3 2010 global test.

The results are quite something, and other browser makers, Apple, Mozilla and Google will no doubt fight back rigorously with strong statements that their browsers are every bit as safe and secure as Internet Explorer, if not more so.

In the tests though, Internet Explorer 8, the previous generation of Microsoft's browser, caught 90% of all live threats with IE9 catching 92% and reaching 100% of all threats when the known reputation of applications was factored in.

This is compared to the other browsers.  Apple's Safari caught just 13% of live threats, Mozilla FIrefox 4 also caught 13% which had dropped from the 19% the browser caught in the same tests last year.  Opera 11 caught only 5% of all threats and Google's Chrome browser caught, again, just 13% of all live threats.

StartScreen is not a widely talked about feature of Microsoft's browser.  The company describes it as...

a feature in Internet Explorer that helps detect phishing websites. SmartScreen Filter can also help protect you from downloading or installing malware (malicious software).

They say that is "analyses web pages" as you visit them to "determine iof they have any characteristics that might be suspicious", "checks the sites you visit against a dynamic list of reported phishing sites and malicious software sites" and "checks files you download from the web against a list of reported malicious software sites and programs known to be unsafe."

This feature though is only as good as the people who keep the information up to date, which means that a 92% success rate today might not mean you'll get that tomorrow.

Every week, new social malware is being discovered that is trying to trick users into installing it and surrendering personal information such as their credit card details with ever increasing believability.  The recent attacks on Apple Mac users by Mac Defender is an example of just how convincing this software can be.

The weak link with malware and viruses will always be the user, as it will always be this person who has to click or select something in order for malware to infect their PC.  It's commonly said that the only safe PC is one that's still in the box and has never been switched on.


Previous Post: «
Next Post: «


  1. Adnan said on July 27, 2011 at 1:31 pm

    to be honest with you guys I have been using IE9 for some time now and it is a real pain in as*.

  2. Robert Palmar said on July 19, 2011 at 6:30 am

    It is hard to discern whether critics are unfamiliar
    with how these studies are conducted or whether they are
    merely blinded by their own prejudice and even hatred of Microsoft.

    It is standard practice for companies to sponsor
    studies of their software with various independent labs.
    Sponsorship of the study in no way means the lab is compromised
    in any way or the results are necessarily tainted because of the sponsorship.

    When software does well versus the competition the firm usually publishes
    the results and when they perform poorly the results are usually not as
    one would expect and the findings are used internally review.

    Companies do not hire independent labs to produce positive results for if that
    is all they really want they could do their own testing at far less expense
    and release their intended outcome for public consumption.

    Microsoft has spent a small fortune in security of late
    and it is not surprising Internet Explorer has indeed improved.
    Competition is keen and the superiority of IE for this test will not
    last long as other browsers will take note and catch up very quickly.

    Long gone are the days of the Netscape wars and anti-trust litigation
    against Redmond but critics sound as though they are frozen in time.
    Reading their railing against any positive news about Microsoft is
    all too familiar and predictable and embarrassingly outdated.

    Also predictable, and worst of all, are the personal attacks
    against authors and sites conveying the new information.
    All of which is uncalled for, immature, and unprofessional.

    Times have changed and time has passed such critics by.

    1. Martin Brinkmann said on July 19, 2011 at 7:58 am

      Well said Robert.

  3. Simon B. said on July 19, 2011 at 12:37 am

    “NSS Labs research is sponsored by Microsoft”

    You, gHacks, failed miserably at giving a clear background. Obviously, any research ordered by Microsoft is not going to get published unless it is positive, so it better be ignored. On the other hand, there has been some obvious angling to the gHacks articles leading up to and following the “freebies” that Microsoft has given the gHacks author.

    (Anyone up to creating a moderated stream off of this blog so I could read the good and skip the propaganda?)

  4. jimmyjamesjimmy said on July 18, 2011 at 11:32 am

    argue over browsers you will. get nowhere you wont.

  5. vasa1 said on July 18, 2011 at 10:48 am

    The reports of IE’s superior performance have been around since IE 8 debuted.

    If market share is any indication, IE hasn’t really benefited.

    I’d have expected a MVP to do a more analytical job than largely cut-n-paste.

    Otherwise, it does give the impression of a PR job. “I presented the information as described by NSS Labs so you could draw your own conclusions about it.” isn’t good enough.

  6. Mike Hasley is a tool said on July 16, 2011 at 10:19 pm

    Mike Hasley, stop posting this crap. NSS has always been sponsored by MS and always put out this bullshit crap.

    1. Robert Palmar said on July 17, 2011 at 6:52 am

      Well aren’t you the tough guy, Mr. Anonymous.
      And so articulate too despite your limited vocabulary.

  7. Mike Halsey (MVP) said on July 16, 2011 at 4:42 pm

    In response to all so far. There are very few studies of this type that are ever completely independent and one that shows Microsoft being so incredibly far ahead should always be taken with a pinch of salt.

    This is why I said in the article “Apple, Mozilla and Google will no doubt fight back rigorously with strong statements that their browsers are every bit as safe and secure as Internet Explorer, if not more so.”

    Here at gHacks we’ll always bring you a wide variety of these types of reports. This one particularly stood out though for giving all non-Microsoft browsers a complete kicking. Given the absence of any absolute facts on browser security one way or another I presented the information as described by NSS Labs so you could draw your own conclusions about it.

  8. Lee said on July 16, 2011 at 4:02 pm

    I agree. Seems like all these tests always show builds that are not current. With the test claiming to be Q3 you would think the builds would be more up to date.
    Anders: The current build of Chrome is 12. 13 is beta, the tests were done on stable builds and not beta.

    Current Builds as of today:
    Opera v11.01 (Build 1190)
    Google Chrome v12 (Build 12.0.742.122)
    Windows Internet Explorer 8 (Build 8.0.7600.16385)
    Windows Internet Explorer 9 (Build 9.0.8112.16421)
    Firefox v5 (Build 5.0)
    Opera v11.01 (Build 1150)
    Safari v5.0.5 (Build 7533.21.1)

  9. spb said on July 16, 2011 at 3:53 pm

    It’s sad to see gHacks turning into some MS advertising blog. The Redmond company has always hired this kind of studies and people stopped paying attention to those long ago, specially after watching the figures in this one. After reading the full report you see the ‘statistical bias’ of the study (nor type I nor type II errors were specifically mentioned throughout the entire study). This is without mentioning some obscured issues with regard to sampling and groundtruth generation. In other words, anyone could basically get the same success rate by just blocking every single URI that wants to be accessed.
    As I said before, I’m disappointed to see gHacks promoting this kind of MS-biased articles, and the fact that their MVP is writing it doesn’t make it any better.

  10. Nico said on July 16, 2011 at 3:36 pm

    And don’t forget that NSS Labs research is sponsored by Microsoft!

  11. Anders said on July 16, 2011 at 3:12 pm

    You probably should mention more strongly that this test compared IE 8 and 9 to other more old browser, for example Chrome is at version 13 now, and this test was done with version 10

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.