IE browser XSS flaw opens door to thieves and phishers
IE browser XSS flaw opens door to thieves and phishers

Microsoft's Internet Explorer 9 is the best browser for preventing web-based malware from executing, according to a NSS Labs test.

Windows Internet Explorer 9, Google Chrome 12, Mozilla Firefox 4, Apple Safari 5 and Opera 11 were tested against 1,188 malicious URLs, with IE9 blocking 96 per cent of the URLs when the reputation filter was enabled. It also blocked an additional 3.2 per cent once its application reputation filter was enabled.

In comparison, Chrome caught 13.2 per cent, Firefox and Safari caught 7.6 per cent, while Opera caught 6.1 per cent of the live threats.

The test spanned a period of 14 days from 27th May through to 10th June of this year. Throughout the course of the study, 55 discrete tests were performed every six hours without interruption for each of the five browsers.

According to NSS Labs, the ultimate determent of whether or not a malicious URL was included in this test was its participation in a malware campaign targeting users. From an initial list of over 5,000 new suspicious sites, 3,296 potentially malicious URLs were pre-screened for inclusion in the test and were available at the time of entry into the test. These were successfully accessed by the browsers in at least one run.

On average, 86 new URLs were added to the test set per day and it said that the mixture of URLs used in the test was representative of the threats on the internet.

In terms of the time taken to block the URLs, IE9 scored very highly with 86.2 per cent of URLs blocked within an hour, while Chrome only blocked 10.3 per cent, Opera blocked 8.4 per cent, Firefox blocked 7.2 per cent and Safari blocked 6.4 per cent. With the application reputation filter enabled, IE9 blocked 99.4 per cent of malicious URLs.