PC Magazine shares recent results of NSS Labs test, where IE 10 did a superior job in blocking malicious download attacks
QUOTE: People sometimes ask me, “Why do I have to buy security software? Shouldn’t the operating system keep nasty programs out?” In a perfect world that might happen, but not in our world. However, Windows 8 brings us just a bit closer to that Utopian ideal. In a test by NSS Labs, its Internet Explorer 10 browser detected and blocked over 99 percent of malicious downloads without any help from a third-party antivirus program.
NSS Labs researchers spent most of September putting Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari to the test under Windows 8. Every day they captured hundreds of real-world malicious URLs and inflicted them on each of the four browsers. To ensure freshness of each sample, they performed the browser tests immediately and verified that the URL was actually malicious afterward, discarding any that didn’t meet the test criteria. They accumulated over 90,000 real-world URLs and used around 900 of those in testing.
Levels of Protection — IE and Chrome block malicious downloads in two ways. First, they check the URL’s reputation; if it’s a known malware-hosting site they divert the user to a warning page. Second, they check the downloaded file itself and warn the user if it’s malicious. For testing purposes, the researchers tracked these two types of protection separately. Safari and Firefox also rely on Google’s Safe Browsing API to block known bad URLs, but only Chrome includes the additional detection for malicious downloads.
Lopsided Results — Internet Explorer 10 protected the test systems against 99.1 percent of the malicious URLs thrown at it by the researchers. It blocked almost 90 percent of the URLs before the malware download even began. The Application Reputation component handled the rest by flagging the downloaded file as dangerous.