Microsoft's Internet Explorer 9 has achieved top scores in blocking socially engineered malware, according to comparative...
tests conducted by security research analyst NSS Labs.
Socially-engineered malware remains the most common security threat facing internet users, according to the test report, with recent studies showing users to be four times more likely to be tricked into downloading malware than being compromised by an exploit.
In testing, Internet Explorer 9 (IE9) blocked 92% of live malware threats with its SmartScreen URL reputation component and an additional 8% with its new Application Reputation component. This feature warns users when a program is more likely to be malicious.
Microsoft estimates Application Reputation will prevent more than 20 million infections a month, over and above existing URL reputation blocks.
According to the NSS Labs report, IE9 offers the best protection of any browser against socially engineered malware, blocking over seven times more threat than Safari 5, Chrome 10 and Firefox 4 and more than 18 times more than Opera 11.
IE8, which lacks IE9's application reputation technology, came in second place, blocking 90% of socially engineered malware.
Apple Safari 5 caught 13% of live threats, offering protection nearly identical to Chrome and Firefox, according to the NSS Labs research.
Mozilla Firefox 4 caught 13% of the live threats, 6% less than the 19% protection rate observed by NSS Labs in test conducted in the third quarter of 2010. This indicates either an overall drop in protection for Firefox or a regional weakness in Europe, the report said.
Google Chrome caught 13% of the live threats, but this was considerably higher than the 3% observed in the Q3 2010 test and a welcome improvement, the report said.
Opera 11 was the poorest performer, catching just 5% of the live threats, but providing a measurable amount of protection against socially-engineered malware for the first time, according to the NSS Labs report.
According to the EU's statistics office, Eurostat, almost a third of internet users in Europe were victims of malware infections in 2010, despite most having security software installed.
Microsoft statistics show that 1 in 14 executable downloads is malware. Microsoft's statistics show the social engineering component is increasing as security improvements in operating systems and websites force attackers to look for other vulnerabilities to exploit.
For this reason, Microsoft believes application reputation is the way to go, says Jeb Haber, principal program manager for Smartscreen. But, he says, still only a handful of security protections are using this approach.