IE 9 Beats Other Browsers at Blocking Malicious Content

Orome1 writes with an article in Net Security. From the article: "Microsoft's Internet Explorer 9 has proved once again to be the best choice when it comes to catching attacks aimed at making the user download Web-based malware. This claim was made by NSS Labs in the recently released results (PDF) of a test conducted globally from May 27 through June 10 of the current year, which saw five of the most popular Web browsers pitted against each other. Windows Internet Explorer 9, Google Chrome 12, Mozilla Firefox 4, Apple Safari 5, and Opera 11 were tested with 1,188 malicious URLs — links that lead to a download that delivers a malicious payload or to a website hosting malware links."

Re:Who paid?

[Jeremiah+Cornelius]

You have a valid point about the sandbox - but the study doesn't really do security a justice, when comparing the browsers.

Malware is seldom a browser injection issue, but is instead vectored through plug-ins (I'm looking at YOU, Adobe!) which are privileged at a higher-level than the "sandboxed" container application.

Flash has been a real horrorshow. It was never designed - rather acquiring tacked-on and retro-fitted capability for dynamic content updating, video playback and scripting with user interactivity, etc.

I could deliver extended anecdotes about the 0-day flash and pdf exploits that I've witnessed, unfolding right in front of me... Suffice it to say, fully patched systems with browser sandboxes are not immune. :-)

The combination of security and privacy extensions that are developed for Firefox are, still, unmatched. Ghostery, AdBlock+ and BetterPrivacy will together prevent the opportunity to ever render many of the malicious, content delivered exploits. They also serve to screen and scrub the most pernicious of web-threats: covert bugging and monitoring of the browser by a third party.