browsers tested were veritable social-malware sieves

browsers tested were veritable social-malware sievesJudging from the headlines appearing this week on tech Web sites, you’d guess anyone using a browser other than Internet Explorer was a fool.

After all, IE version 9 scored a whopping 99.2 percent in NSS Labs’ worldwide test (PDF) of the ability of top browsers to detect socially engineered malware. IE 8 wasn’t far behind at 96 percent–the difference attributed by NSS Labs to the Application Reputation component added to IE 9’s SmartScreen technology.

By comparison, the four other browsers tested were veritable social-malware sieves: Google Chrome 12 had a 13.2-percent detection rate, Firefox 4 and Safari 5 detected 7.6 percent, and Opera 6.1 percent. The report’s chart illustrating the test results is even more striking.

Google researchers track the evolution of Web-borne threats
Malware purveyors are attempting to take advantage of users’ propensity to click first and think second. A Google Technical Report released last month entitled Trends in Circumventing Web-Malware Detection found that the number of malware sites using social-engineering techniques increased from one in January 2007 to 4,230 in September 2010.

Still, this number represented only 2 percent of all malware-distribution sites. Drive-by downloads remain the primary delivery mechanism for Web-borne malware, according to the researchers, although they note that attacks using social engineering will continue to increase. The researchers recommend a “multi-pronged approach” that also addresses two other growing malware techniques: JavaScript obfuscation and IP cloaking.

Read more

Benchmark your Browser Peacekeeper is a free service that lets you quickly and easily find out which one works best on your PC.