HackDig : Dig high-quality web security articles for hacker

New NSS Labs Report: IE's Browser Security Bests Others

2014-08-10 19:53

Microsoft's Internet Explorer 10 is the most secure web browser according to the results of a mid-May 2013 NSS Labs' analysis.

Apple Safari 5, Google Chrome 25/26, Internet Explorer 10, Mozilla Foxfire 19 and Opera 12 were all evaluated against malware downloads and socially engineered malware. Results show that Chrome's malware download protection improved significantly, up to more than 83 percent from a 70 percent performance in NSS' October 2012 analysis, Browser Comparative Analysis Report - Socially Engineered Malware.

IE earned a block rate of 99.96 percent, while Safari, Firefox and Opera lagged far behind with overall block rates of 10.15 percent, 9.92 percent and 1.7 percent, respectively, according to the NSS Labs 2013 Browser Security Comparative Analysis Report - Socially Engineered Malware.

The report covers over 96,000 test cases conducted in March 2013 and is a continuation of NSS Labs' previously published six-month test in October 2012.According to Randy Abrams, research director at NSS Labs, "Improving the browser's malware block rate substantially impacts one's security profile."

In terms of defense, both Chrome's Download Protection and IE's App Rep allow users to override browser protection. However, Chrome relies on this less-reliable protection mechanism nearly four times as often as Internet Explorer.

"The net result is that Internet Explorer 10 users are offered superior protection over Chrome users, with one-quarter the risk of making a bad download decision," said Abrams, "Firefox, Safari, and Opera users are afforded little protection at all by their browsers."

Here are some key browser security test conclusions from the NSS Lab report:- Application Reputation Technology Boosts Block Rates: Google and Microsoft both utilize application reputation services to enhance general URL blocking capabilities. NSS notes the while Chrome's overall block rate jumped to 83.16 percent, or about 10 percent, from the last test period, the leap only brought Chrome up to the same levels as Internet Explorer without the added application protection. Explorer's block rate jumped 16.79 percent, thanks to the addition of its Application Reputation service, giving it a 99.96 percent overall rating.

  • Google's Latest Safe Browsing API Dramatically Improves Protection: Google's Safe Browsing API v2 includes additional application reputation-based download protection that has been integrated into Chrome, notes NSS. That's not the case with Firefox or Safari, says NSS, and the results speak for themselves. The latest API's additional functionality is seven times more effective than the Safe Browsing API alone and accounts for 73.16 percent of Chrome's overall block rate of 83.16 percent, according to the report. Without the application reputation service, results show Chrome, Firefox and Safari all have block rates of around 10 percent.

  • Application Reputation Effectiveness Also Depends on the End User: NSS cautions that although Application Reputation itself can be a highly effective technology, it is also prone to false positives and user error. For instance, perfectly good software that is virtually unknown may be blocked and highly malicious software that has been engineered to have excellent reputational aspects may evade protection. Therefore, NSS says it's important to underscore that Chrome relies on its application reputation protection almost four times as often as Internet Explorer just to achieve the same protection rates as Internet Explorer achieves without application reputation.

  • Time to Block Continues to Improve for Most Vendors: Because unique malware attacks through infected web pages are often live for only short periods of time, says NSS, the faster a web browser can detect and block a malware attack, the better. Internet Explorer, Safari and Firefox all increased the percentage of attacks blocked at 0-hour and within one day. Chrome, however, fell to blocking 48.54 percent at 0-hour and 72.02 percent at one day, down from blocking 66.7 percent and 84.2 percent of attacks, respectively, during the last test period.


Source: srehto-stseb-ytiruces-resworb-s-ei-troper-sbal-ssn-wen/tsop/moc.tenitrof.golb

Read:1339 | Comments:0 | Tags:No Tag

“New NSS Labs Report: IE's Browser Security Bests Others”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud