Study claims IE10 blocks nearly all malware on Windows 8

Microsoft's Internet Explorer 10 web browser may be the newest member of the IE family, but a new study now claims IE10 does a near perfect job of blocking malware threats while running on Windows 8; the study's results were released on Monday by NSS Labs.

NSS Labs states in their report (in PDF format) that in addition to IE10, the firm tested Google’s Chrome 25 and 26, Mozilla's Firefox 19, Apple’s Safari 5, and Opera 12 from March 13th to April 9th. The browsers were tested on virtual machines that ran Windows 8 Enterprise. According to the study:

An initial sample set of 11,296 unique and suspicious URLs entered the system; 754 URLs were found active and malicious, and met the criteria for entry into the test. In total, 550 test runs were performed by the five browsers against these unique 754 URLs – resulting in over 18,000 test cases per browser.

The final results can be seen in the graph above, as IE10 blocked a whopping 99.96 percent of all malware during the test period. The two versions of Chrome blocked 81.16 percent of malware threats. Safari 5 blocked just 10.15 percent, and Firefox 19 block only 9.92 percent. Mozilla has since released two updated version of Firefox, including one that was unofficially released on Monday. Opera 12 only blocked 1.87 percent of its malware threats.

NSS Labs's main conclusion from its web browser testing is that both IE10 and Chrome "benefit significantly from file reputation systems combined with URL reputation and site blocking technologies."

Source: NSS Labs | Image via NSS Labs

Report a problem with article
Previous Story

Microsoft adds Google Talk support to Outlook.com

Next Story

Microsoft: Windows Blue to be named Windows 8.1, will be free

35 Comments

Commenting is disabled on this article.

The browser can only block so much. It's mostly the user who infects themselves. Before i believe this study, we need at least 3 studies done, to gauge these claims and see if they come to the same conclusion.

I wonder if part of the reason IE10 blocks this much is due to SmartScreen, where they simply block unknown apps from the Internet from starting (which has tons of false positives because of its nature). That seems to match the "file reputation systems" aspect I think?

This is about the SmartScreen filter detecting malicious downloads so I don't think it would make a difference w.r.t. metro vs. desktop or the plugins used.

techbeck said,
....

Grammar aside, you have that many IE10/WIn8 users that you support?
And here I was under the impression Windows 8 was horrible and sales were abysmal.
Did you upgrade them all to 8 yourself?

techbeck said,
Let me tell this to the many people I have helped clean hundreds of pieces of malware off of....

Windows 8 and IE10 must be very popular in your area. Or are you talking about something else? Because that's not what this study is talking about.

techbeck said,
Let me tell this to the many people I have helped clean hundreds of pieces of malware off of....

Probably because people don't care about the warnings?

People tend to not give a crap about computer warnings because they think they know better. UAC, Site blocking etc, cannot protect you when you just accept everything...

so all those malware thingies came via IE10 or maybe some of the hundreds are from downloaded stuff and other "i don't care, run as admin" scenarios?

Lol 99.96% malware blocking and after one week of newly purchased PC given to a kid to use, the 99.96% of the PC was infected 99.96% of the times.

I don't quite see how chrome has such a high rating and firefox so low when the suspicious URL database in firefox IS SUPPLIED by google.

I was thinking the same, Firefox uses Google's.
Their description on method is quite vague. States nothing about using just the url scanners security protection. They just mention URLs infested with malware. This could be anything. Not just blacklisted URLs.

Plus wasnt there a recent test that based on URL blacklisting, IE10 was behind Google?

You might have been thinking of the recent study that demonstrated a higher percentage of malware serving pages from Bing versus Google.

Shadowzz said,

Plus wasnt there a recent test that based on URL blacklisting, IE10 was behind Google?

That was Bing vs Google. And that was because Bing's api doesn't blacklist, but the website does.

0--JLowzrif said,

Microsoft-sponsored reports find IE8 most secure browser

http://arstechnica.com/informa...rts-ie8-is-the-most-secure/

Another Microsoft sponsored report from NSS labs with ZERO credibility

This line of reasoning is asinine. So if no free angelic organization decides to do a study, we should just sit here and not know? If you can't pay someone to do a study, and no one will do one for free, then what? Ah, but that works to your advantage, because then you can just say "Windoze is teh insecure!" which requires no proof on the internet.

half of the browser benchmarks/speedtests are in some way influenced by Google, either made by them, sponsored by them or similar.
But its okay in this field, and when its a company not named Microsoft.

See the hypocricy here mate?

J_R_G said,

This line of reasoning is asinine. So if no free angelic organization decides to do a study, we should just sit here and not know? If you can't pay someone to do a study, and no one will do one for free, then what? Ah, but that works to your advantage, because then you can just say "Windoze is teh insecure!" which requires no proof on the internet.


It's just a childish way for people to brush off statistics they don't like. Oh, mind you, these people--like most people--will agree that it's a person's own responsibility to prove their claims in arguments. "The onus is on him", they'll say.

But every now and then--here being an example--the group making the claim is precisely who canNOT be permitted to offer proof. Only some magical, unbiased group acting of its own accord, unprompted by any other party, with no ties to any studio associated with making any web technologies, is allowed to perform and publish a study that will satisfy these idiots.

THolman said,
I'm not sure why they tested Safari. Safari for Windows is ancient, and they're not updating it anymore.

Which makes Firefox's and Opera's performance pretty sad.

Wow, congrats to the IE team, those are excellent results. Additionally, IE10 can utilize x64 ASLR which is very useful for blocking exploits, and can run in the especially hardened Metro App sandbox called AppContainer, if you enable 'enhanced protected mode' (x64 mode) in IE options in Win 8. You get Flash, and fast javascript (unlike in IE9 x64), but lose a lot of other plug-ins, but it has a fall back mode where it will ask you if you want to reload a page in 32-bit mode if it detects a 32-bit only plug-in being used so it's very usable.

Edited by J_R_G, May 14 2013, 2:33pm :

Dushmany said,
IE also blocks the proper running of this site too on some systems

I usually open up developer console, debug the issue quickly and email the support contact on the site how to fix it.. 9 out of 10 times its still their crappy code.

Chrome does use a lot of the security features of Windows, but I don't believe that's related to it's ranking here, this study is about URL blocking only, not about exploit blocking. Exploits are useful to block, but MS' security intelligence report states that only something like less than 1% of infections are from exploits, the rest would fall under social engineering which URL blocking is designed to thwart.

and that won't change until FF shows up for touch by the end of the year.

let the denial begin.
let the MSFT bought the results theory begin.
let the find some other obscure survey that shows the opposite begin.
let the <insert windows 8 fud here> begin.