[Security] Internet Explorer dominates browser secruity as Google faces accusations
Internet Explorer 9 should be the go-to browser for organizations concerned about protecting machines from malicious downloads, according to a new study from NSS Labs: Microsoft's browser trounced rivals Chrome, Firefox, and Safari in the security company's more recent malware-blocking tests, a significant win considering that traditional malware remains among the most prevalent threats to users.
More important, does it matter if Google held out? To a degree, yes, in that Firefox and Safari do rely on Google's Safe Browsing API for identifying potential malware and warning users against accessing it. Thus, they understandably should want the best protection Google can provide.
But the best protection Google provides apparently ain't that great, if NSS Labs' testing is to be believed: Chrome's malware-blocking rate using Google's latest and greatest Safe Browsing upgrades is still a lowly 34.1 percent. Yes, that's better than Firefox 7's 3.6 percent block rate and Safari 5's 3.5 percent block rate, but it's tough to imagine the average IT security professional sleeping easy with machines running browsers that are just 34.1 percent effective at blocking malware.
That's NSS Labs' conclusion: "While NSS does not recommend switching browsers based on the results of these tests alone, if you currently have a free choice of browser, then Internet Explorer 9 offers the most comprehensive protection from these particular threats."
The report also discusses whether Google is somehow to blame for Firefox's and Safari's for respective low scores. Google rolled out its newest malicious-download protection in December, and it appears to help Chrome block malware downloads. During the tests, NSS Labs observed that Chrome, Firefox, and Safari offer nearly equal protection. However, with the technology implemented, Chrome fared considerably better in blocking malware downloads over the span of the testing.
The question, then, is why don't Mozilla and Safari use the feature? According to NSS, "It's an undocumented API call to block malware once download begins. This API is not utilized by Firefox or Safari, apparently due to lack of documentation and a proprietary format."
That's not so, according to Google. The company has insisted that it has been open about how the Safe Browsing feature works and has made the technology available to Mozilla. "Our understanding is that Mozilla is still waiting for more data from Google about the effectiveness of our new technology, and is considering those benefits against the limited circumstances when URLs are sent to Google for scanning," Google Chrome senior product manager Ian Fette wrote on ZDNet.
"Microsoft takes a similar approach in Internet Explorer that involves sending URLs to Microsoft," he added.
Privacy concerns indeed appear to be playing a role in Mozilla's hesitancy to adopt Google's latest security changes. "[Google's Safe Browsing team] has made phishing and malware detection services available to our users, and these are already implemented in Firefox," Johnathan Nightingale, Mozilla's director of Firefox engineering, told InfoWorld. "Their new services communicate more information back to Google about a user's browsing history, and we are still evaluating the merits of that approach."
[ Via infoworld ]