Wow, just wow. I am extremely shocked right now. For all the bad stuff I hear about IE, this article really hit me square in the eyes.
http://nsslabs.com/browser-security
SOCIALLY ENGINEERED MALWARE PROTECTION
Internet Explorer 8 caught 81% of the live threats, an exceptional score which surpassed the next best
browser (Firefox 3) by a 54% margin. Windows Internet Explorer 8 improved 12% between Q1 and Q2 tests,
evidence of concerted efforts Microsoft is making in the SmartScreen technology.
Firefox 3 caught 27% of live threats, far fewer than Internet Explorer 8. It was, however, the best among
products utilizing the Google SafeBrowsing API. (Note: Firefox 3.5 was not stable enough to be tested during
the course of this test. A patch has subsequently become available to address the stability issue. We were
able to manually verify that the protection was identical between versions 3.0.11 and 3.5).
Safari 4 caught 21% of live threats. Overall protection varied greatly, with two short periods of severe dips.
Chrome 2 caught just 7% of live threats an 8% drop from the previous test.
Opera 10 Beta caught a mere 1% of live threats, providing virtually no protection against socially engineered
malware. In our test bed validation, we verified there was effectively no difference between Opera 9 and
Opera 10 Beta.
PHISHING PROTECTION
Generally available software releases were used in all cases except for Opera 10 which was in late beta and
deemed to be sufficiently stable for testing. Each product was updated to the most current version available
at the time testing began, with the exception of Mozilla Firefox. We would have liked to have been able to
test Firefox 3.5 which was released June 30, 2009, and attempted to test it alongside the other browsers.
However, serious instability where the browser repeatedly crashed (a widely reported issue) along with poor
results prevented its inclusion for the sake of fairness.
Internet Explorer 8 achieved an overall block rate of 83% during our extended testing,
Firefox 3 achieved an overall block rate of 80% during our extended testing.
Opera 10 Beta achieved an overall block rate of 54% during our extended testing. NOTE: It appeared that
Opera experienced operational issues during the latter part of testing which dragged down Opera 10’s
effectiveness. Prior to those issues, Opera 10 was comparable with Internet Explorer 8 and Firefox 3.
Chrome 2 achieved an overall block rate of 26% during our extended testing.
Safari 4 achieved an overall block rate of 2% during our extended testing.
Given that Safari 4, Chrome 2, and Firefox 3.0.11 share a feed from Google’s SafeBrowsing API, these
results indicate that utilizing the API itself is not an indicator of protection capabilities.
http://nsslabs.com/browser-security
SOCIALLY ENGINEERED MALWARE PROTECTION
Internet Explorer 8 caught 81% of the live threats, an exceptional score which surpassed the next best
browser (Firefox 3) by a 54% margin. Windows Internet Explorer 8 improved 12% between Q1 and Q2 tests,
evidence of concerted efforts Microsoft is making in the SmartScreen technology.
Firefox 3 caught 27% of live threats, far fewer than Internet Explorer 8. It was, however, the best among
products utilizing the Google SafeBrowsing API. (Note: Firefox 3.5 was not stable enough to be tested during
the course of this test. A patch has subsequently become available to address the stability issue. We were
able to manually verify that the protection was identical between versions 3.0.11 and 3.5).
Safari 4 caught 21% of live threats. Overall protection varied greatly, with two short periods of severe dips.
Chrome 2 caught just 7% of live threats an 8% drop from the previous test.
Opera 10 Beta caught a mere 1% of live threats, providing virtually no protection against socially engineered
malware. In our test bed validation, we verified there was effectively no difference between Opera 9 and
Opera 10 Beta.
PHISHING PROTECTION
Generally available software releases were used in all cases except for Opera 10 which was in late beta and
deemed to be sufficiently stable for testing. Each product was updated to the most current version available
at the time testing began, with the exception of Mozilla Firefox. We would have liked to have been able to
test Firefox 3.5 which was released June 30, 2009, and attempted to test it alongside the other browsers.
However, serious instability where the browser repeatedly crashed (a widely reported issue) along with poor
results prevented its inclusion for the sake of fairness.
Internet Explorer 8 achieved an overall block rate of 83% during our extended testing,
Firefox 3 achieved an overall block rate of 80% during our extended testing.
Opera 10 Beta achieved an overall block rate of 54% during our extended testing. NOTE: It appeared that
Opera experienced operational issues during the latter part of testing which dragged down Opera 10’s
effectiveness. Prior to those issues, Opera 10 was comparable with Internet Explorer 8 and Firefox 3.
Chrome 2 achieved an overall block rate of 26% during our extended testing.
Safari 4 achieved an overall block rate of 2% during our extended testing.
Given that Safari 4, Chrome 2, and Firefox 3.0.11 share a feed from Google’s SafeBrowsing API, these
results indicate that utilizing the API itself is not an indicator of protection capabilities.