Is Microsoft IE8 the Most Secure Browser

Since its release in March 2008 IE8 has been surrounded by criticism. The Windows Internet Explorer 8: Get the facts website launched by Microsoft in June 2008 to give its latest browser a thrust was met with nit-picking for bias reports. In its attempts to market IE8 as a superior browser Microsoft launched a Windows Internet Explorer 8: Get the facts website in june 2008. The site received much criticism due to its excessive biased reports. In July 2009, NSS Labs had conducted two separate browser security tests on IE8. Although Microsoft didn’t influence the test results but to clear the air over it we came across an interview by Amy Barzdukas, General Manager of Internet Explorer given to Ars technicia.

Let’s see what NSS Labs chose to test, probably the most important types of security threats

The most common and impactful security threats facing users today are socially engineered malware and phishing attacks. As such, hey have been the primary focus of our initial research. While drive-by downloads and click-jacking are also effective attacks and have achieved notable publicity, they represent a smaller percentage of today’s threats.

The most common and impactful security threats facing users today are socially engineered malware and phishing  attacks. They have been the primary focus

2nd test: Socially Engineered Malware Protection

This was NSS labs second iteration to scrutinize web browser protection against socially engineered malware. Results of the first test was published in March 2009. According to NSS Labs a socially engineered malware URL as a web page link that directly

a web page link that directly leads to a ‘download’ that delivers a malicious payload whose content type would lead to execution

The methodology used by NSS labs is described as below

It is based upon empirically validated evidence gathered during 12 days of 24×7 testing, performed every 4 hours, over 69 discrete test runs, each one adding fresh new malware URLs. Each product was updated to the most current version available at the time testing began, and allowed access to the live Internet.

Here are the summarized results of this report

In the first graph, it shows the percentage of malware URLs that each browser was able to successfully detect and prevent. NSS Labs started with 2171 potentially malicious URLs. Typically, at least 50 % of a browser’s total protection over the course of the test. While other bowsers added just 0 percent and 16 percent.

Test Results for Phising Protection Comparative Test Results

NSS Labs comprehensive test of web browser phishing protection. They defined the phishing URL as follows

The URL both falsely impersonates another entity and attempts to trick the user into disclosing personal information via a Web form.

Methodology for this test

This report is based upon empirically validated evidence gathered by NSS Labs during 14 days of 24×7 testing, performed every 4 hours, over 80 discrete test runs, each one adding fresh new phishing URLs. Each product was updated to the most current version available at the time testing began, and allowed access to the live Internet.

Have a look at the summarized results of this report

The first graph shows the percentage of phishing URLs that each browser was able to detect and block successfully. NSS Labs started the test with 856 potentially phishing URLs which was trimmed down to 593 URLs. The rest of them did not pass our validation criteria including those tainted by exploits.

In the second graph, it shows time taken by browser under test to block the threat once it was introduced into the test cycle. From the results it’s clear that although Firefox, Safari, and Chrome share the same SafeBrowsing API their results are not the quite different. This shows the impact of different implementations.

Interpretations for Microsoft

In March 2008, Microsoft released Internet Explorer 8 and claimed it to have made a significant progress, especially in the area of security. Since the company maintains the dominant position in terms of browsers market share, it the prime target for various Internet threats.

Interestingly, Microsoft’s IE6 had set high standards for browsing, which the newer versions have to compete with. In Barzdukas words,

our biggest competition, in many ways, is our own past version

It remains to see how well the latest version of IE does in the area of security. Given this, Microsoft seems to be waiting for Vista’s successor. As Barzdukas anticipates

We think that with Windows 7, we will see much more traction with those IE6 users moving on

A few months ago, the company released its own tests that showed IE8 loading many websites faster than two open source browsers, Firefox and Chrome. With the NSS labs report the company featured that third-parties also find IE8 to be a solid competitor.

For now Microsoft is concentrating on HTML5 seriously. The specification is being authored collaboratively by representatives of numerous companies and organizations that includes the major browser makers.

For the future, Barzdukas stated that Microsoft’s IE9 is in its early stages, taking a lot of feedback and that a plan is being hammered out.