NSS Labs Publishes Browser Security Group Test Results for Malware and Phishing Protection

Live Testing of Malicious URLs Reveals Stark Differences in Protection


CARLSBAD, CA--(Marketwire - August 13, 2009) - NSS Labs, a world leader in independent product analysis and certification, today published its second round of live browser security tests. Two separate tests measured protection against phishing and socially engineered malware across 5 browsers: Apple Safari 4, Google Chrome 2, Mozilla Firefox 3, Opera 10 Beta and Windows Internet Explorer 8.

Socially engineered malware is the most common and impactful threat on the Internet today, with browser protection averaging between 1% and 81%. Internet Explorer 8 caught 81% of the socially engineered malware sites over time, leading other browsers by a 54% margin. Safari 4 and Firefox 3 caught 21% and 27% respectively, while Chrome 2 blocked 7% and Opera 10 Beta blocked 1%.

Phishing protection over time varied greatly between 2% and 83% among the browsers. Statistically, Internet Explorer 8 at 83% and Firefox 3 at 80% had a two-way tie for first, given the margin of error of 3.6%. Opera 10 Beta, exhibited more extreme variances during testing and averaged 54% protection. Chrome 2 consistently blocked 26% of phishing sites, and Safari 4 offered just 2% overall protection. Firefox 3.5 crashing issues prevented it from being tested reliably.

The URLs sample set used in the test was representative of the phishing and socially engineered malware threats Internet users face every day. "In addition of comparing browsers among themselves, the test also benchmarked the browsers against cybercriminals," said Rick Moy, President, NSS Labs. "While the other browsers maintained or decreased protection between the two tests, Internet Explorer continued to improve its protection against cybercriminals."

The full text and analysis of these and other reports on browser security can be found at http://nsslabs.com/browser-security.

NSS Labs live testing methodology represents an accurate, real-world testing that can be performed on information security products.

--  Newly discovered malicious phishing and malware sites were added to
    the test, which repeated every four hours 24x7 for a minimum of 12 days
--  All five browsers tested URLs simultaneously
--  All sites were validated before, during and after via multiple methods
    

NSS Labs' transparent, scientifically repeatable process ensures the highest levels of independence, diligence and integrity. This test was initially performed for Microsoft engineering teams as an internal benchmark, and was subsequently released to the public.

About NSS Labs

NSS Labs was founded in 1991, and is a global leader in independent security and performance testing and certification. NSS Labs performs the most comprehensive, high-performance security validation in the industry. Proven methodologies reflect real-world traffic and usage conditions, and help information security professionals understand how products will work in their environments. NSS is a participating organization in the PCI Security Standards Council and a member of AMTSO. For more information, visit: www.nsslabs.com.

Contact Information: Contact: Rick Moy rmoy@nsslabs.com 760-412-4626