Do you trust your web browser to warn you before you stumble into a malicious Web site? A recent study of six major browsers indicates that you probably shouldn't. Only one browser succeeded at blocking over 90 percent of malicious links. Three runners-up tied at a measly 13 percent! The winner might surprise you, read on...
First, here's a little background on how a browser decides whether to warn you against proceeding to a website. The browser checks each URL (web address) you click on against an online database of reported malicious sites. If a URL is not in the database, the browser just lets you go there. If the URL is in the database, a warning window pops up and you get to choose whether to proceed to the site or not.
Three major browsers - Firefox, Safari, and Chrome - use Google's Safe Browsing database of malicious links. Opera uses technology provided by antivirus developer AVG. Microsoft has its own database called SmartScreen URL Filter. Apparently, Microsoft's database is vastly superior to the others.
NSS Labs, an independent security testing facility, turned all six browsers loose against a set of 650 malicious URLs. The results are rather alarming for anyone who doesn't use a recent version of Microsoft's Internet Explorer:
Internet Explorer 9 blocked 92 percent of the malicious links. (IE8 scored at 90 percent.)
Only 13 percent of malicious links were blocked by Firefox, Chrome, and Safari.
Opera scored a pathetic 5 percent.
But wait, it gets even better. (Or worse, depending on your preferred browser.) Internet Explorer 9 has a new feature, Application Reputation, which boosted its blocking rate to an astonishing 100 per cent in NSS Labs' test. Application Reputation focuses on downloadable files rather than Web pages. It examines a file's "reputation" in the SmartScreen database: how many times it has been downloaded; is it digitally signed; is the publisher known and reputable; have there been any reports of malware in the file. If a file is known and trusted, the download proceeds without interference from SmartScreen. If it is known malware, you are warned of that fact and given a chance to cancel the download. If it is unknown, you receive a cautionary message before the download is allowed to proceed.
The methodology used by NSS Labs has been criticized. The sample size and test run were too limited, say critics. You can read the entire NSS Labs report (22 pages, PDF) and decide for yourself. It should be noted that NSS Labs did not receive funding from any of the browser developers.
So, is IE 9 the most secure browser? That would be too broad a statement. There are many other ways a browser can let malware enter your computer, or allow hackers to take over control of your system. Some criticize Microsoft for tightly integrating the browser into the operating system, which can allow a browser security hole to penetrate deeper than it would otherwise. But as far as the tested methods are concerned, both IE8 and IE 9 seem to protect you from malicious links and downloads better than any other browser, by a long shot.