Follow this blog:: RSS; Email Alert

Windows and Office

A study confirms Internet Explorer 9 is the safest web browser

October 5, 2012, 10:50 AM PDT

Takeaway: A study by NSS Labs shows that Internet Explorer 9 does a much better job of blocking malware web sites. So what are you going to do about it?

I get several pitches from researchers, marketers, and vendors during the course of a week touting some sort of interesting information about information technology. Many of the pitches aren’t worth much, but every once in a while one actually grabs my attention.

Early this week, I received information about a study by NSS Labs, which clearly showed that Microsoft Internet Explorer 9 was significantly better at blocking malware than any other browser tested. In fact, their study showed that no other tested browser even came close to challenging IE9.

Needless to say, those results struck me, not only as a bit odd, but also as the opposite of accepted conventional wisdom. So, I downloaded the report (PDF) and studied their methodology. To my surprise everything seemed to be on the up-and-up, with the results well-documented and the conclusions sound. Microsoft Internet Explorer 9 does a much better job of blocking malware sites - who knew.

So, what do we do now? Obviously, the study concentrated on just one security problem for which web browsers are susceptible - we can’t use it as the only criteria for choosing a web browser. However, the study does suggest that perhaps it is time information technology professionals reassess their web browser choices. When is the last time you took a close, objective look at your current web browser’s security capabilities?

Get IT Tips, news, and reviews delivered directly to your inbox by subscribing to TechRepublic’s free newsletters.

About Mark Kaelin

Mark Kaelin is a CBS Interactive Senior Editor for TechRepublic. He is the host for the Microsoft Windows and Office blog, the Google in the Enterprise blog and the iOS App Builder blog.

Quick Tip: Customize live tiles in the Windows 8 Start Screen

Review: Sublime Text 2 the premier text editor for programmers

Comments

Add Your Opinion

Join the conversation!

Follow via:: RSS; Email Alert

See All Comments

Staff Picks
Top Rated
Most Recent
My Contacts

2 Votes

+ -

Bar room brawl

awgiedawgie 8th Oct

That's what I envision if we got all you people physically in the same room. Everybody is so opinionated, and you all talk as if you believe that your opinion is the only right one. I saw at least one user who called others "idiots," and several comments said that the test results would have been drastically different using different settings, but I didn't notice any of them who actually had any test results to back up that opinion, but every one of them that I read seemed pretty certain of their opinions, even in the absence of hard data.

My opinion, based on my own experience, is that Chrome and Firefox are useless to me, because when I did try them out, I could not get them to do for me what IE was doing. That was a long time ago, and maybe now they are more versatile (I'm sure they must be), but IE does what I need, so I have no reason to switch. My son uses Chrome, and swears by it. He can't see why I don't use it, but at least we both respect the other's choice.

The test results in the article don't mean any more to me than any other tests have. The chances are slim to none that my operating environment matches any of the ones used for any of those tests. In my own experience - which is the only test I care about - the only time my security has been compromised in the past five years was caused by a corrupt Java update. Since all browsers can employ Java, it wouldn't have mattered much which browser I had been using at the time. And since I now have Java disabled, it can be as corrupt as it wants without bothering me.

Mark said it well - you should use what works - and IE works for me. But if it makes anyone feel better, you can call me an idiot if you want to. It won't hurt my feelings one bit.

View in thread

15 Votes

+ -

Mark, I'm sure you're much better at understanding those reports than I am,

Deadly Ernest Updated - 5th Oct

but I had a quick look at it and noticed a couple of things that concerned me about it.

They tested against a list of known suspicious URLs, and the test method seemed NOT to be testing the quality of the browser, but the database the browser accesses over the Internet to see if the website you're going to is listed as a malware site.

I have a major issue with the claim about the level of protection if that's the case, as a LOT of people turn off that site list checking system due to access problems because they do NOT have broadband and it takes up a lot of time on dial-up - rural area issue and I'm in a rural area with many clients out of town. I also have an issue with the MS site list as it will often list a site as suspicious if the owners of that site do not jump through certain hoops for Microsoft. I've often seen MSIE kick a known and trusted site back as being a security issue on a regular basis since they stopped paying Microsoft for security verification services. No malware on the site, but no current MS verification, so it gets a big no-no sign.

I wonder how this test would have come out if they created a new site with some malware and accessed it? I also wonder how it would have come out if they hit the same list of suites with the over the Internet URL checking turned off so the browser was left up to its own internal capabilities and not remote control.

I do know of people who've been hit with malware from site while using MSIE 9 and I've hit the same sites using Fire Fox and had no problems.

Edit to add - did they also test MSIE 9 for the known vulnerabilities in earlier versions of MSIE where it was used to launch into Windows itself? And did they test for the past known vulnerabilities where other MS products were used to launch into MSIE?

View in thread

11 Votes

+ -

Lets see how bright you are and how little you follow things in TR

Deadly Ernest 6th Oct

Col often stands up for Microsoft when the heavy anti-MS crowd get going because he's a MS Partner and working on their gear is the bulk of his livelihood. However, unlike some people who are little more than shills for MS, Col looks at things honestly.

The report in question claims to be about the browser when it has NOTHING to do with the safety or performance of the browser as it's all based on the browser's access to a MS maintained website of websites listed as not being nice - with the definition of not nice being very much based on if they pay MS to be listed as good. The process is often turned off due to false positives and the way it slows the hell out of anything but a high speed broadband connection.

View in thread

9 Votes

+ -

Why am I not surprised....

Gisabun 6th Oct

.... That someone would say NSS Labs was owned or paid by Microsoft.
You want people to use Chrome? Seen this? http://www.gfi.com/blog/research-web-browser-war-security-battle-in-2011/ [or are you going to say that Microsoft paid them as well].

View in thread

0 Votes

+ -

Browser Battles

janajaf 22nd Oct

Why all the hollering? Just use several different ones. I currently have IE9, Chrome and Firefox all ready to go and I use them all. I tend to keep Chrome as my main because it is fastest and seems actually to be very responsive to malware and bad websites. IE9 is a little goosier and very often doesn't tell the good from the bad so can interfere esp with email. Firefox is a little slower but seems equally to know good from bad. Since I have a number of different email clients that I use for different kinds of communications I use different ones on the 3 different browsers and thus can easily keep things separated.

No sense in being a fanboy of anything. Just keep searching for whatever is working best at any particular time. Always be highly suspicious of any weirdness on any one of them and then switch to another. And yes the name of the game is constant change. You cannot rely on anything that was great today being great tomorrow.

View in thread

0 Votes

+ -

I know what he meant, you know what he meant,

Tony Hopkinson 20th Oct

Anyone capable of understanding the argument knows what he meant.

Obtuse it is.

View in thread

0 Votes

+ -

That is irrelevant

th3_sniff@... 20th Oct

His claim was that the windows shell is Internet Explorer, which is false.
Explorer.exe has the windows shell in it (Taskbar, mostly), and many other stuff (any WinAPI dweller knows them).
Like I said, this is false. The fact that the windows shell had internet browsing capabilities in it, doesn't make Internet Explorer the windows shell.

Sort _yourself_ out

View in thread

Once logged in, adding contacts is simple. Just mouse over any member's photo or click any member's name then click the "Follow" button. You can easily manage your contacts within your account contacts page.

See all comments