Most popular web browsers are no match for socially engineered malware

Posted by Caitlin on April 9th, 2009

Though web-based malware is nothing new, its method of transmission often continues to evolve ahead of detection methods. According to Trend Micro, 53% of malware is currently delivered via Internet downloads, which indicates that social engineering techniques are being used to threaten to users' sensitive information. In response to this escalating problem, NSS Labs conducted the information security industry's first-ever comprehensive evaluation in early 2009 to determine how well certain web browsers were able to protect consumers against socially engineered malware.

As it turns out, there's a lot of room for improvement. The company's recently published report lists evaluation findings for the following 6 browsers:

• Apple Safari (version 3)
• Google Chrome 1.0.154
• Microsoft Internet Explorer (version 8, RC1)
• Microsoft Internet Explorer (version 7)
• Mozilla Firefox (version 3.07)
• Opera 9.64

After 12 days of testing, researchers found that Microsoft Internet Explorer 8 offered the most protection by far, detecting 69% of malware sites prior to user exposure. In second place was the Mozilla Firefox 3.07 browser, which only managed to catch 30% of malware sites. Next in line was Apple Safari 3, which detected 24% of socially engineered malware sites, then Google Chrome 1.0.154, which found a mere 16% of these sites. The poorest performers proved to be Opera 9.64, which protected users from only 5% of malware sites, followed by Microsoft Internet Explorer 7, with a disappointing 4% detection rate.

In addition, researchers discovered that only 7% of these malware sites were detected by all 6 of the test browsers, while 11% went completely undetected.

For consumers, the study and its results not only highlight the importance of throwing out old assumptions regarding the transmission of malware, but the continuing need for vigilance when it comes to securing personal data. Although no precaution is foolproof, the best approach is to stay up to date on the continuing evolution of identity theft tactics combined with effective Internet security software that will catch any threats that manage to slip past your browser.