IE is tops in Socially-Engineered Malware Detection
Courtesy Antone Gonsalves, CSOOnline.com
Microsoft’s combination of application reputation technology and URL filtering gave Internet Explorer a malware block rate that blew pass Google Chrome, Mozilla Firefox and Apple Safari.
The latest tests from NSS Labs showed IE with a 99.9 percent block rate for what the security tester calls socially engineered malware (SEM). Chrome had a rate of 70.7 percent while Firefox and Safari hovered around 4 percent.
In general, SEM includes all malware that a computer user is tricked into downloading on the Web through a malicious link in an email, instant message or other vehicle. Malware delivered as an email attachment is excluded.
Microsoft and Google use a combination of application reputation technology and URL filtering in detecting malware. The difference is Microsoft relies more on URL filtering, while Google does the opposite.
"They both use the same approaches, but the recipes are different," Randy Abrams, research director at NSS Labs, said.
The low rates of Firefox and Safari are due to the browsers only using Google’s URL filtering through its Safe Browsing service available to application developers, Abrams said. Neither browser uses an application reputation system, which scans all downloads for attributes that indicate malware.
Chrome’s latest block rate was substantially lower than the previous NSS Labs test, when the browser’s score was 83.17 percent. Abrams did not know the reason for the significant drop, but suggested two possibilities.
Google might have lowered the aggressiveness of its application reputation system, if it was preventing too many legitimate applications from being downloaded. Another possibility is hackers have profiled how the system works and have figured out a way to game the system.
Google did not respond to a request for comment.
NSS Labs also tested three leading browsers from China. The Liebao Browser, developed by anti-virus vendor Kingsoft, came in second behind IE with a block rate of 85.1 percent.
Liebao does not use application reputation technology. Instead, Kingsoft depends on its cloud-based malware detection system to scan all downloads.
Liebao surpassing Chrome is unexpected because most browser makers have turned toward application reputation, also called content-agnostic malware protection (CAMP), because it is believed to be the most effective.
Kingsoft’s approach uses URL filtering with cloud-based file scanning, which Abrams found "very interesting."
"I thought application reputation was going to be the predominant technology for protection, and it really is a surprise to see this cloud-based file scanning perform so well," he said.
As of last month, IE held nearly 58 percent of the browser market, with Firefox and Chrome each with slightly more than 17 percent, according to Net Applications.