AUSTIN, TX--(Marketwired - May 13, 2013) - NSS Labs today released the results and analysis from its web browser security comparative evaluating the protection offered by the five leading browsers -- Apple Safari 5, Google Chrome 25/26, Microsoft Internet Explorer 10, Mozilla Firefox 19 and Opera 12 -- against malware downloads (also known as socially engineered malware). While Chrome's malware download protection improved significantly -- rising to more than 83% from 70% in NSS' October 2012 comparative test -- Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%. Safari, Firefox and Opera continue to lag far behind Chrome and Internet Explorer with overall block rates of 10.16%, 9.92% and 1.87% respectively.
View the NSS Labs 2013 Browser Security Comparative Analysis Report - Socially Engineered Malware.
Key browser security test conclusions:
- Application Reputation Technology Boosts Block Rates: Both Google and Microsoft utilize application reputation services to enhance their general URL blocking capabilities. While Chrome saw a larger jump in its overall block rate -- up approximately 10% from the last test period to 83.16% -- this leap only brought Chrome up to the same levels of protection as Internet Explorer without the added application reputation. Microsoft IE's block rate jumped 16.79% with the addition of its Application Reputation service, taking it to 99.96% overall.
- Google's Latest Safe Browsing API Dramatically Improves Protection: Google's Safe Browsing API v2 includes additional application reputation-based download protection that has been integrated into Chrome, but not into Firefox or Safari and the results speak for themselves. The latest API's additional functionality is seven times more effective than the Safe Browsing API alone and accounts for 73.16% of Chrome's overall block rate of 83.16%. Without the application reputation service, Chrome, Firefox and Safari all have block rates of around 10%.
- Application Reputation Effectiveness Also Depends on the End User: While Application Reputation itself can be a highly effective technology, it is also prone to false positives and user error. Perfectly good software that is virtually unknown may be blocked and highly malicious software that has been engineered to have excellent reputational aspects may evade protection. Therefore, it's important to note that Chrome relies upon its application reputation protection almost four times as often as Internet Explorer just to achieve the same protection rates as Internet Explorer achieves without application reputation.
- Time to Block Continues to Improve for Most Vendors: Because unique malware attacks through infected web pages are often live for only short periods of time, the faster a web browser can detect and block a malware attack, the better. Internet Explorer, Safari and Firefox all increased the percentage of attacks blocked at 0-hour and within one day. Chrome, however, fell to blocking 48.54% at 0-hour and 72.02% at one day, down from blocking 66.7% and 84.2% of attacks, respectively, during the last test period.
- This report covers over 96,000 test cases conducted in March and April 2013 and is a continuation of NSS Labs' previously published 6 month test: Browser Comparative Analysis Report - Socially Engineered Malware.
Commentary: NSS Labs Research Director Randy Abrams
"Web browsers remain the primary infection vector for most consumers and enterprises. Improving the browser's malware block rate substantially impacts one's security profile," said Randy Abrams, Research Director at NSS Labs. "Both Google's Download Protection and Microsoft's App Rep allow users to override browser protecting, however, Google relies on this less reliable protection mechanism nearly four times as often as does Microsoft. The net result is that IE 10 users are offered superior protection over Chrome users with one quarter the risk of making a bad download decision. Firefox, Safari, and Opera users are afforded little protection at all by their browsers."
The products covered in this test were:
- Apple Safari 5
- Google Chrome 25/26
- Microsoft Internet Explorer 10
- Mozilla Firefox 19
- Opera 12
About NSS Labs, Inc.
NSS Labs, Inc. is the world's leading information security research and advisory company. NSS is both an analyst firm specializing in security technologies and a testing laboratory widely recognized as the "go to" company for research and unbiased reporting. We deliver a unique mix of test-based research and expert analysis to provide our clients with the right information they need to make IT decisions. CIOs, CISOs, and information security professionals from many of the largest and most demanding enterprises rely on NSS. The company is located in Austin, Texas. For more information, visit www.nsslabs.com.
© 2013 NSS Labs, Inc. All rights reserved. All brand, product and service names are the trademarks, registered trademarks, or service marks of their respective owners.
Contact Information:
Contact:
ReseAnne Sims
Sr. Marketing Manager, Public Relations
NSS Labs
Phone: +1 (832) 741-7373
rsims@nsslabs.com