In 2010 and again in 2011, NSS Labs determined that Internet Explorer 9, with its Smart Screen Filter, offers better protection against malicious URLs than Chrome, Firefox, Opera, or Safari. I can’t argue with their conclusions. I use Internet Explorer for comparison in my own antiphishing tests because in my own testing it vastly outperforms Chrome or Firefox. Chrome, Firefox, and Safari all use Google’s Safe Browsing API to identify malicious URLs. The latest report from NSS Labs suggests that Google may be holding out on its partners.
Researchers at NSS Labs conducted a study from late November to early January that exhibited some peculiar results. Chrome’s protection rate steadily climbed to 50 percent, but then suddenly dropped to 20 percent on December 22nd. Firefox and Safari plugged along at 2 percent but then leapt to 7 percent on the same day. Click the image below to see a larger chart.
Although the three browsers use the same API to identify malicious sites, they handle blocking differently. According to NSS Labs, “Chrome uses an undocumented API call to block malware once download begins. This API is not utilized by Firefox or Safari, apparently due to lack of documentation and a proprietary format.” More significantly, Chrome uses a new type of protection against malicious downloads that Google calls “Safe Browsing PI v2.” They determined that “the significant reduction in Chrome’s malicious download protection on December 22, 2011… coincides with an uplift in Safe Browsing API v2 protection.”
NSS Labs can’t identify a causal relationship between the two events, though “the timing raises questions.” The full report explains in great detail the discoveries researchers made by digging into the different implementations of the Safe Browsing API.
Internet Explorer Wins Again
In any case, the latest study once again identified Internet Explorer 9 as the runaway winner for malicious URL blocking. IE9 blocked 96 percent of samples and Chrome blocked 34 percent. Safari and Firefox both blocked under 4 percent. The report concludes that “if you currently have a free choice of browser then Internet Explorer 9 offers the most comprehensive protection from these particular threats.”
For more from Neil, follow him on Twitter @neiljrubenking.