Study: IE9 blocks more malware than other web browsers

If you are doing a lot of surfing on the Internet, there's always the concern that you might come across a site that could deliver a malware program on your PC. Today, a new study claims that the best web browser to use for keeping malware off your PC is Microsoft's Internet Explorer 9.

The study, from NSS Labs, looked at how IE9 handles malware threats, along with Google's Chrome, Mozilla's Firefox and Apple's Safari browser. According to RSS Labs' findings, "When dealing with overall malware protection, Internet Explorer provides users with significant advantages, blocking 95 percent of malicious activity, while Chrome is a distant second, blocking only 33 percent. Safari and Firefox both block less than 6 percent."

In addition, NSS Labs says that IE9 prevented 96.6 percent of click fraud malware in its tests, compared to just 1.6 percent for Chrome, 0.8 percent for Firefox and 0.7 percent for Safari. The research team conducted its research between December 2, 2011 and May 25, 2012.

NSS Labs said that the rise of popularity of Chrome could lead to more people having issues with click fraud malware. Stefan Frei, the Research Director at NSS Labs, states, "Given Chrome’s prominence and increasing market share, we predict ongoing increases in click fraud unless Google takes serious steps to improve its click fraud protection."

Via: TheNextWeb.com
Source: NSS Labs | Image via Microsoft

Report a problem with article
Previous Story

ZTE V98 Windows 8 tablet revealed [Update]

Next Story

Microsoft to push for better tech education in US

58 Comments

Commenting is disabled on this article.

coth said,

Well, actually IE has very good anti-fishing features. While Chrome, Firefox and Opera are very bad on anti-fishing.

Opera pretty good on anti phishing provided you spelled it right. don't worry I got Natalie Portman's boys name wrong. Alef do'h it's Aleph. I go to IE and usually it's Virus hell. as for phishing, takes a brain for that. Very easy to spot. So whats the point. Chrome by far is the worst because they allow pop unders and those suck. at least with popups Opera if they make it thru it's a quick L and it's gone. But Opera is more for the powerful computers than other browsers. Chrome is best for older computers. Still I do use Chrome . Firefox never use it. Still use Flock (obsolete, dead) because of how the old Twitter feeds show up... If anyone is using IE make sure you have a great AV running. (Avast, not AVG) Paid for. don't know can't say.

I clean people's computers from trojans etc. and 95% of those infected are using... IE 7+ on XP/Vista/7. I know, it's not scientific, but the sheer amount of people using IE and getting infected does not correlate with these "findings." Fact. Sure, about <15% of those infected also have Firefox or Chrome installed, but their main browser is almost always IE. So don't try to flog off lab results as fact. It just isn't. Not visiting weird porn sites = 90% safer browsing, cos most infected has been at a pron site. The man of the house is almost always the culprit, and they use IE almost exclusively. These are the facts - here at least.

Frankenchrist said,
I clean people's computers from trojans etc. and 95% of those infected are using... IE 7+ on XP/Vista/7. I know, it's not scientific, but the sheer amount of people using IE and getting infected does not correlate with these "findings." Fact. Sure, about <15% of those infected also have Firefox or Chrome installed, but their main browser is almost always IE. So don't try to flog off lab results as fact. It just isn't. Not visiting weird porn sites = 90% safer browsing, cos most infected has been at a pron site. The man of the house is almost always the culprit, and they use IE almost exclusively. These are the facts - here at least.

This is what's known as "anecdotal evidence" and is usually not admissible in court.

Also, you kind of refute yourself. Their primary browser is IE, so that's what they use to watch porn, and they get infected. What if they used Chrome or Firefox exclusively? They'd get infected then as well and now you'll blame Chrome or Firefox? Why don't you just blame the real culprit: the porn sites.

siah1214 said,
Also, you kind of refute yourself. Their primary browser is IE, so that's what they use to watch porn, and they get infected. What if they used Chrome or Firefox exclusively? They'd get infected then as well and now you'll blame Chrome or Firefox? Why don't you just blame the real culprit: the porn sites.

I don't really know if Firefox/Chrome are safer when watching pron, just that people who do watch porn almost always use IE. Would be fun to see a report on that. We all know porn sites = bad I've never had any problems with porn sites, and as a Chrome user I might be fooling myself thinking I'm safe, but the fact remains, I've never been infected. Of course it's anecdotal, but also true. Oh, and I don't use Anti-virus programs of any kind. Maybe twice a year I run mbam and so far never had a problem. Been using the internet since 1996 and the score so far is, Virus/worm/trojan etc: 0
I guess I'm due and I'm fully expecting that one of these days I will get some malware. Common sense to avoid it is the key I think.

I've known since the day Firefox, Chrome and Safari were released and they HAVEN'T gotten any better at it yet either!

The above 3 browsers are the very last one's I would EVER use!

I dropped IE years ago. I refuse to switch back to it. This so called research is funded by MS(they deny it of course) and is a failed attempt to win IE users.

soldier1st said,
I dropped IE years ago. I refuse to switch back to it. This so called research is funded by MS(they deny it of course) and is a failed attempt to win IE users.

No.

When I checked with the company to verify the credibility of this latest study, I was told the following: “This was independent research done only by NSS Labs and was not sponsored by Microsoft.”

soldier1st said,
I dropped IE years ago. I refuse to switch back to it.

I stopped here. I support IE 100%, but I do take them time to check out the latest versions of Chrome/Chromium and Firefox/Nightly just to make sure I'm giving all the browsers a fair chance. Refusing to even consider switching or trying a browser, especially after years of improvements since your last experience with it, is just plain ignorance IMO

soldier1st said,
I dropped IE years ago. I refuse to switch back to it. This so called research is funded by MS(they deny it of course) and is a failed attempt to win IE users.

Ha ha, even studies funded by Google show that IE outperforms Chrome.
(Lemme guess, those were *secretly* funded by Microsoft, too?)

soldier1st said,
I dropped IE years ago. I refuse to switch back to it. This so called research is funded by MS(they deny it of course) and is a failed attempt to win IE users.

If that's the only acceptable thing that fits in your little world, good for you.

soldier1st said,
I dropped IE years ago. I refuse to switch back to it. This so called research is funded by MS(they deny it of course) and is a failed attempt to win IE users.
I'm not shure when it was, but some times ago, a test (sponsored) by Google showed that Internet Explorer beats Chrome. So, yes, IE is the most secured.

soldier1st said,
I dropped IE years ago. I refuse to switch back to it. This so called research is funded by MS(they deny it of course) and is a failed attempt to win IE users.

Just because a study is funded doesn't mean that it isn't independent. First of all the methodology should be transparent enough to be reproduced by a third party. It called "Peer Review".

Same with that report that was produced by Accuvant last year saying Chrome is the most secure browser. At least with that one, you reproduce most of the experiments. Because of that transparency we were able criticize the design methodology of the experiments.

Btw, NSS hasn't been funded by Microsoft in about 3 years. However, they are funded by Microsoft Gold Partners.

To be honest, I have seen other studies where ALL the 3-5 major browsers failed miserably to block socially engineered attacks. However, in a global perspective, they blocked different parts of the list. Most likely NSS has a cherry picked list they use to dole out the data.

http://www.pcworld.com/article...lorer-zero-day-attacks.html


Microsoft has confirmed reports that a zero-day vulnerability in its Internet Explorer Web browser is being actively attacked in the wild. While Microsoft works diligently to crank out a patch, it's important for businesses and consumers to understand the threat, and the steps that can be taken to avoid compromise while you wait.

Microsoft has published a security advisory acknowledging the threat. According to Microsoft, the zero-day exploit affects Internet Explorer 7, 8, 9. Internet Explorer 10 is not impacted, but it's not completely safe because it remains vulnerable to flaws in the embedded Adobe Flash.

Nelson Muntz said,

Ha Ha

Yet another *funded* report by Microsoft. And what do you know, just after the above drive-by malware was discovered. Transparent much?

simplezz said,
http://www.pcworld.com/article...lorer-zero-day-attacks.html

Yet another *funded* report by Microsoft. And what do you know, just after the above drive-by malware was discovered. Transparent much?


did you even read the article/source?

this study is about the browser's detection & protection against socially engineered malware - aka, it just tested whether the browser detected & deleted malicious files that the user was tricked into downloading (think, "you're our millionth user! click here to download your free copy of Adobe Photoshop!" etc.). It had nothing to do with 0-day exploits and bugs in the browser itself.

simplezz said,
http://www.pcworld.com/article...lorer-zero-day-attacks.html

Yet another *funded* report by Microsoft. And what do you know, just after the above drive-by malware was discovered. Transparent much?

So, a single security flaw can make IE an insecure browser, despite the fact that chrome and Firefox have MUCH more flaws than IE?

http://cdn2.sbnation.com/impor...browser-vulnerabilities.png

But I guess people like you don't care about facts. It's far easier to believe crazy apocalyptic announcement about IE flaws in the press rather than looking at boring statistics.

link8506 said,

So, a single security flaw can make IE an insecure browser, despite the fact that chrome and Firefox have MUCH more flaws than IE?

http://cdn2.sbnation.com/impor...browser-vulnerabilities.png

But I guess people like you don't care about facts. It's far easier to believe crazy apocalyptic announcement about IE flaws in the press rather than looking at boring statistics.

Charts on tell part of the story. If you look at the news surronding Chrome vulnerabilities. They pay out money to researchers to find these for example this is from 2010:
http://www.esecurityplanet.com...me-for-11-Flaws-and-10K.htm

Now if you look at the number of zero day vulnerabilities, IE and Chrome are equal and Firefox has less. IE had the most zero day exploits, btw.

http://www.gfi.com/blog/resear...ar-security-battle-in-2011/

I don't really use IE, but I think chrome+Adblock works munch better, also a good antimalware or Internet security program help a lot. I'll go for Chrome and Adblock!

mjedi7 said,
I don't really use IE, but I think chrome+Adblock works munch better, also a good antimalware or Internet security program help a lot. I'll go for Chrome and Adblock!

So you're thinking that an adblocker is efficient at blocking phishing sites and dangerous downloads?

--'

if you want to block ads in ie9, you don't even need a third party addon, because ie9 is the only browser to include natively an ad blocker.
Just visit this page and select the easylist TPL to enable it:
http://www.iegallery.com/en-us/trackingprotectionlists

mjedi7 said,
I don't really use IE, but I think chrome+Adblock works munch better, also a good antimalware or Internet security program help a lot. I'll go for Chrome and Adblock!
Why add all that extra junk to your computer. Register with opendns and have them deal with the reported fishing sites. I use tracking protection in IE9. There is so many options for tracking protection.

warwagon said,

So why did they have to rush the last patch out for Vista / 7 ?


Blame flash and java =P Without them that attack wouldn't have been possible.

warwagon said,
But....but...but......IE has a sandbox

And? Since when was any security feature 100% foolproof? They're designed to make it harder for hackers to do stuff, making it impossible is well impossible lol.

And yes I know quite well that you're just being sarcastic =P

-Razorfold said,

Blame flash and java =P Without them that attack wouldn't have been possible.

Actually there are other ways too. I read somewhere that Microsoft's msvcrt.dll could be used as well. The exploit is still in IE, flash and java are just two ways of getting to it.

warwagon said,

So why did they have to rush the last patch out for Vista / 7 ?

Because Microsoft cares about security.

IE7/8/9's sandbox protects against write access only, which is great to prevent permanent malware installation, but doesn't protect against read access (it was a design choice to allow plugins to be sandboxed as well). Now in IE10 the sandbox protects against read access to, but plugins need to be rewriten to support the new sandbox.

Btw, the flaw was exploitable only if java or an old version of msvcrt was installed.

That clearly shows it isn't easy to exploit a flaw in a clean installation of IE9.

I don't care if it blocks more attack. I am a power user and I know about those attacks. IE is just a bad browser. The scripts engine is not properly working and is not as fast as chrome's engine. I know they have been working hard lately but they should just raise their HTML 5 score and improve their Javascript engine. revamp their developer tool. Then I will move to IE. I know in IE 10 they support CORS and some other feature that they really should have supported since IE 6 or 7 but its not enough.

S3P€hR said,
I don't care if it blocks more attack. I am a power user and I know about those attacks. IE is just a bad browser. The scripts engine is not properly working and is not as fast as chrome's engine. I know they have been working hard lately but they should just raise their HTML 5 score and improve their Javascript engine. revamp their developer tool. Then I will move to IE. I know in IE 10 they support CORS and some other feature that they really should have supported since IE 6 or 7 but its not enough.


Yeah right, IE is so bad that the latest benchmark designed by some google employees actually show that IE10 is much faster than Chrome, even though the benchmark was clearly designed to make Google Chrome shine.

I guess you didn't even try IE10 before claiming that chrome is better.
Apparently the google employee who created this benchmarks didn't try ie10 either...

link8506 said,


Yeah right, IE is so bad that the latest benchmark designed by some google employees actually show that IE10 is much faster than Chrome, even though the benchmark was clearly designed to make Google Chrome shine.

I guess you didn't even try IE10 before claiming that chrome is better.
Apparently the google employee who created this benchmarks didn't try ie10 either...

Forgot the link:
http://www.neowin.net/news/mic...rnet-still-takes-fist-place

S3P€hR said,
I don't care if it blocks more attack. I am a power user and I know about those attacks. IE is just a bad browser. The scripts engine is not properly working and is not as fast as chrome's engine. I know they have been working hard lately but they should just raise their HTML 5 score and improve their Javascript engine. revamp their developer tool. Then I will move to IE. I know in IE 10 they support CORS and some other feature that they really should have supported since IE 6 or 7 but its not enough.

sure Mr. Power User! then again any punk can be a Power User and with your obvious hate for IE it sure makes you a really fair person.

S3P€hR said,
I don't care if it blocks more attack. I am a power user and I know about those attacks.

and what good is knowing about the attacks? That's like saying "I know what STDs are, so now I can have unprotected sex and I've got a 0% chance of getting an STD"

IE is just a bad browser. The scripts engine is not properly working and is not as fast as chrome's engine.

source? otherwise, this is just BS.

S3P€hR said,
I don't care if it blocks more attack. I am a power user and I know about those attacks. IE is just a bad browser. The scripts engine is not properly working and is not as fast as chrome's engine. I know they have been working hard lately but they should just raise their HTML 5 score and improve their Javascript engine. revamp their developer tool. Then I will move to IE. I know in IE 10 they support CORS and some other feature that they really should have supported since IE 6 or 7 but its not enough.
I see you trust an advertising behemoth over IE or Firefox.

link8506 said,


Yeah right, IE is so bad that the latest benchmark designed by some google employees actually show that IE10 is much faster than Chrome, even though the benchmark was clearly designed to make Google Chrome shine.

I guess you didn't even try IE10 before claiming that chrome is better.
Apparently the google employee who created this benchmarks didn't try ie10 either...

And I can show you a bunch of other benchmarks where IE10 comes in last place. Really benchmarks don't mean crap in the real world.

This is, of course, until IE10 whereby all DNT requests will be ignored and more malware/advertising crap will spread!

n_K said,
This is, of course, until IE10 whereby all DNT requests will be ignored and more malware/advertising crap will spread!

someone here doesn't understand how DNT works (or rather doesn't)

n_K said,
This is, of course, until IE10 whereby all DNT requests will be ignored and more malware/advertising crap will spread!

LOL, you actually think malware writers will respect DNT?

I call BS. How come every time I use IE (rarely) I'll go to google images and the 3rd or 4th picture I click on redirects me to a malicious site? Nod32 pops up saying it blocked the connection. I can't ever remember this happening in FF, which I use 98% of the time.

Marshall said,
I call BS. How come every time I use IE (rarely) I'll go to google images and the 3rd or 4th picture I click on redirects me to a malicious site? Nod32 pops up saying it blocked the connection. I can't ever remember this happening in FF, which I use 98% of the time.

Thanks to your extensive knowledge and testing in a controlled environment, we can now verify that the above claim is false!

Marshall said,
I call BS. How come every time I use IE (rarely) I'll go to google images and the 3rd or 4th picture I click on redirects me to a malicious site? Nod32 pops up saying it blocked the connection. I can't ever remember this happening in FF, which I use 98% of the time.

I think the problem is that you're using Google Images.

Marshall said,
I call BS. How come every time I use IE (rarely) I'll go to google images and the 3rd or 4th picture I click on redirects me to a malicious site? Nod32 pops up saying it blocked the connection. I can't ever remember this happening in FF, which I use 98% of the time.

Sounds like you have malware, and that is your problem, not a fault of how IE works. Get your computer fixed and stop clicking 'YES' on the porn sites.

Marshall said,
I call BS. How come every time I use IE (rarely) I'll go to google images and the 3rd or 4th picture I click on redirects me to a malicious site? Nod32 pops up saying it blocked the connection. I can't ever remember this happening in FF, which I use 98% of the time.

So what you're saying is that your antivirus doesn't work with firefox.

Because the AV alerts you see doesn't mean that the AV just stopped an IE exploit, it just means that the page you visited contains a known exploit, even if this exploit doesn't affect IE. The AV just tells you that the site has been compromised or has been created with malicious intentions.
That doesn't mean IE is insecure or was about to be compromised.

What is worrying however is that your AV is unable to detect such potentially dangerous pages when you use firefox.

Enron said,
In before "RSS Labs is funded by Microsoft!"

Well, actually IE has very good anti-fishing features. While Chrome, Firefox and Opera are very bad on anti-fishing.

Enron said,
In before "RSS Labs is funded by Microsoft!"

I liked that you posted this because as I scroll down the comments section, your assumption is indeed true.

flexkeyboard said,

I liked that you posted this because as I scroll down the comments section, your assumption is indeed true.

Like predicting a fart is going to stink.

Enron said,
In before "RSS Labs is funded by Microsoft!"

So you can't even read (RSS?), how could we expect you to conceive then?

bviktor said,

So you can't even read (RSS?), how could we expect you to conceive then?

Article said RSS Labs. It has been corrected since then.

Enron said,
In before "RSS Labs is funded by Microsoft!"

Really funding doesn't equal lack of independence. The most important thing when doing research is transparency (i.e. the experiments need to be replicate by an outside 3rd party) and a peer review.

Drug companies fund med schools to perform research then it is reviewed by a 3rd party.

coth said,

Well, actually IE has very good anti-fishing features. While Chrome, Firefox and Opera are very bad on anti-fishing.

Opera pretty good on anti phishing provided you spelled it right. don't worry I got Natalie Portman's boys name wrong. Alef do'h it's Aleph. I go to IE and usually it's Virus hell. as for phishing, takes a brain for that. Very easy to spot. So whats the point. Chrome by far is the worst because they allow pop unders and those suck. at least with popups Opera if they make it thru it's a quick L and it's gone. But Opera is more for the powerful computers than other browsers. Chrome is best for older computers. Still I do use Chrome . Firefox never use it. Still use Flock (obsolete, dead) because of how the old Twitter feeds show up... If anyone is using IE make sure you have a great AV running. (Avast, not AVG) Paid for. don't know can't say.

coth said,

Well, actually IE has very good anti-fishing features. While Chrome, Firefox and Opera are very bad on anti-fishing.

Opera pretty good on anti phishing provided you spelled it right. don't worry I got Natalie Portman's boys name wrong. Alef do'h it's Aleph. I go to IE and usually it's Virus hell. as for phishing, takes a brain for that. Very easy to spot. So whats the point. Chrome by far is the worst because they allow pop unders and those suck. at least with popups Opera if they make it thru it's a quick L and it's gone. But Opera is more for the powerful computers than other browsers. Chrome is best for older computers. Still I do use Chrome . Firefox never use it. Still use Flock (obsolete, dead) because of how the old Twitter feeds show up... If anyone is using IE make sure you have a great AV running. (Avast, not AVG) Paid for. don't know can't say.