Browser

A study confirms Internet Explorer 9 is the safest web browser

A study by NSS Labs shows that Internet Explorer 9 does a much better job of blocking malware web sites. So what are you going to do about it?

I get several pitches from researchers, marketers, and vendors during the course of a week touting some sort of interesting information about information technology. Many of the pitches aren't worth much, but every once in a while one actually grabs my attention.

Early this week, I received information about a study by NSS Labs, which clearly showed that Microsoft Internet Explorer 9 was significantly better at blocking malware than any other browser tested. In fact, their study showed that no other tested browser even came close to challenging IE9.

Needless to say, those results struck me, not only as a bit odd, but also as the opposite of accepted conventional wisdom. So, I downloaded the report (PDF) and studied their methodology. To my surprise everything seemed to be on the up-and-up, with the results well-documented and the conclusions sound. Microsoft Internet Explorer 9 does a much better job of blocking malware sites - who knew.

So, what do we do now? Obviously, the study concentrated on just one security problem for which web browsers are susceptible - we can't use it as the only criteria for choosing a web browser. However, the study does suggest that perhaps it is time information technology professionals reassess their web browser choices. When is the last time you took a close, objective look at your current web browser's security capabilities?

About

Mark Kaelin is a CBS Interactive Senior Editor for TechRepublic. He is the host for the Microsoft Windows and Office blog, the Google in the Enterprise blog, the Five Apps blog and the Big Data Analytics blog.

99 comments
janajaf
janajaf

Why all the hollering? Just use several different ones. I currently have IE9, Chrome and Firefox all ready to go and I use them all. I tend to keep Chrome as my main because it is fastest and seems actually to be very responsive to malware and bad websites. IE9 is a little goosier and very often doesn't tell the good from the bad so can interfere esp with email. Firefox is a little slower but seems equally to know good from bad. Since I have a number of different email clients that I use for different kinds of communications I use different ones on the 3 different browsers and thus can easily keep things separated. No sense in being a fanboy of anything. Just keep searching for whatever is working best at any particular time. Always be highly suspicious of any weirdness on any one of them and then switch to another. And yes the name of the game is constant change. You cannot rely on anything that was great today being great tomorrow.

Duke E Love
Duke E Love

I am sure Nana will be safer with IE

kevlar700
kevlar700

This study had a wider scope and declared the sandboxing and JIT hardening likely meant Google chrome was the most secure browser. That report got similar "funded by Google" criticism but with far less 'scope criticism' and rightly though a little would have still been justified. CSS3 and Html5 coverage is poor in IE and terrible in IE8, so the web is more beautiful in almost any browser but IE too.

Robynsveil
Robynsveil

...mind you, it probably won't take that long before they announce Microsoft had just found yet another massive security hole in IE9. Which they will patch. But which will not cause TechRepublic to renounce their stand on Browsers: "A study confirms Internet Explorer 9 is the safest web browser"

balu.mudhavathu
balu.mudhavathu

There are plenty of reports like this from NSS and MS for every release of IE, after couple of weeks we can see lot of targed vulunerabilities on IE.

firstaborean
firstaborean

Just a brief note: "Criteria" is the plural of "criterion." "We can’t use it as the only criteria" makes no sense. Would you say, "I took that short trip in my only cars?" Would you say of a woman, "She had only one husbands in all of her life?"

andrew232006
andrew232006

They only tested the blocklists. Should we depend on the blocklists? I certainly wouldn't with new malware sites popping up every second like weeds. I would think the majority of malware sites people interact from spam emails and IMs are recently created. Also, is chrome being penalized for not blocking a site that would infect IE? What would be relevant to me is the number of exploits out there that allow remote execution of code in the browsers tested. How many of those chrome/firefox/IE browsers were infected with malware from simply opening a malicious site? Based on my past experience, the vast majority of browsers infected(if not all) would be IE. And this study does nothing to contradict that experience. So I'm going to keep telling everyone I know not to use IE unless they have to.

Chashew
Chashew

I guess that the past does not apply here,some of you may not have been online the day/night IE got hit by a mass hijacker. I was and was the second one to report to Microsoft about the breach that almost trashed my machine. That said I can only guess who NSS Labs might be but to have only one test lab produce unquestionable results sounds like a hornswaggle. Sure in retrospect it has to be done to keep peoples faith up on a browser that is so widely used. But to be fair ...as old as IE is, don't you think that there would be zero security holes and bugs ? And IE would be at the very top in broad spectrum use, Again I am only guessing ...but. Adobe being the weak link on any browser may need a rethink/rebuild also in my books.

rickscr
rickscr

Too bad it doesn't render web pages properly too. Now that would be truly awesome.

awgiedawgie
awgiedawgie

That's what I envision if we got all you people physically in the same room. Everybody is so opinionated, and you all talk as if you believe that your opinion is the only right one. I saw at least one user who called others "idiots," and several comments said that the test results would have been drastically different using different settings, but I didn't notice any of them who actually had any test results to back up that opinion, but every one of them that I read seemed pretty certain of their opinions, even in the absence of hard data. My opinion, based on my own experience, is that Chrome and Firefox are useless to me, because when I did try them out, I could not get them to do for me what IE was doing. That was a long time ago, and maybe now they are more versatile (I'm sure they must be), but IE does what I need, so I have no reason to switch. My son uses Chrome, and swears by it. He can't see why I don't use it, but at least we both respect the other's choice. The test results in the article don't mean any more to me than any other tests have. The chances are slim to none that my operating environment matches any of the ones used for any of those tests. In my own experience - which is the only test I care about - the only time my security has been compromised in the past five years was caused by a corrupt Java update. Since all browsers can employ Java, it wouldn't have mattered much which browser I had been using at the time. And since I now have Java disabled, it can be as corrupt as it wants without bothering me. Mark said it well - you should use what works - and IE works for me. But if it makes anyone feel better, you can call me an idiot if you want to. It won't hurt my feelings one bit.

edwardtisdale
edwardtisdale

I do see many times people's opinions describe MS as inherently evil, but the above 2 can't just be blanketed into that description. The first comment has some points I'm glad were brought up. An MS list of malware sites I can believe that maybe, even though I haven't tested, assumes sites that they don't know about to be malware sites just because they themselves haven't tested them, and is sort of a form of keeping perfectly legitimate sites from being seen at all by IE users.

Sheldont
Sheldont

I advise everyone to use Fire Fox or Chrome. No matter which version of IE I have seen, I find it still has loads of problems. It sucks! Can MicroSoft put anything on the market that doesn't need updates every Tuesday?

klaasvanbe
klaasvanbe

Back at the end of the passed millennium a company that manufactured a duck formed bathroom cleaner called "WC eend" advertised this product with the same name on tv. Change the name to "Microsoft" and history repeats about a dozen years later. Using Safari for years and even the older versions are safer than Internet Explorer ever will be. When it comes to privacy Mozilla Firefox/Aurora tops all others. Let's hope version 10 gives some privacy and hack/root kit/etc. protection though I doubt it.

jocelynboyer
jocelynboyer

It is just a matter of time. And of course it is on one specific issue.

dfruk
dfruk

Ha Ha Ha Ha Ha Ha Ha Ha Ho Ho Ho Ho Ho Ho Ho Ho Ho ie9 safe don't make me laugh, plus you can't try it on a mac.

Kevin@Quealy.net
Kevin@Quealy.net

From everything I've seen IE has always been the most secure browser. I'm surprised it won this test by this much so that may be an outlier. But the fact that IE is more secure is not surprising.

pbug56
pbug56

So it may be better at blocking bad sites. But using it on a pc without massive amounts of ram doesn't do too well - IE 9 is a big memory hog, slobbering up ram like a huge friendly mutt! And it frequently messes up how it handles various web sites.

davidibaldwin
davidibaldwin

Yahoo email. I have a couple of customers that have to use Firefox because IE9 craps all over Yahoo email.

mapp.64
mapp.64

No matter what they say about IE, I will continue using and supporting other browsers: Firefox, Opera and maybe Chrome simply because I have the "freedom to choose", some even offer the source code so I can see they don't hide anything from me. I also dislike websites that are IE friendly since they don't respect my freedom to choose which browser I want to use. Don't trust Microsoft, period.

Deltoid
Deltoid

Reports like this are great if you're bored and want to stir things up around the office, but my favorite place to look for info about which browsers are the best/worst is the Pwn2Own competition at CanSecWest. Historically Chrome was the most secure with its sandbox architecture, but this year the compeition was won with two 0-day exploits, one for Chrome and one for IE, with second place going to a 0-day exploit for FF. One thing is for certain - no browser is really very safe and represents the best potential attack vector for exploiting a system. I also notice that this report is labeled "Part 1." I wonder when Part 2+ will be released?

gunsmoke234
gunsmoke234

IE9 may very well be the Safest browser, but it will avg. @ least once per day freezing up or just not responding. I have very little problems with Chrome.

civitelloi
civitelloi

Today I received this article in an email along with the one in the link below about keeping your network safe. 4: Switch your browser Not to stir up the mud, but the truth of the matter is simple: Internet Explorer is still an incredibly insecure browser. One of the best things you can do is migrate your users from IE to Firefox. Yes, Firefox may be getting a bit bloated, but it’s still far more secure than the Windows counterpart. http://www.techrepublic.com/blog/10things/10-things-you-can-do-to-improve-network-and-pc-security/3444?tag=nl.e101&s_cid=e101 How can two tech-republic articles completely contradict each other?

vernleblanc
vernleblanc

I also received an article today from Tech Republic "10 things you can do to improve network and PC security" by Jack Wallen where he claims IE is very insecure and you should use Firefox. See item #4 of the article. What does Tech Republic really believe.

joycehunter
joycehunter

The bigger problem with IE 9 for me is it doesn't respond long enough. All I get is Internet Explorer has stopped working... So whether it does a better job at blocking malware is moot.

BobAH
BobAH

IE 9. A couple things that i have noticed recently about IE9. First off, you have to running at least Windows 7 to use it. It will not run on XP which a huge number of people are still running. I don't have any Vista machines so I have not tried it there. Secondly, it is considerably slower to respond than Firefox or Chrome. It has issues with Flash Player. More importanly though, since this is a discussion about IE 9 blocking malware attacks and website attacks, it doesn't. I had two this morning that were malicious website attacks trying to tell me that I had a virus on my system and IE 9 did not block them. I then activated a plugin and it then did block the attack with the plugin. . Since the plugin is running on Firefox all the time, I have not noticed any attacks, and the plugin notifies when there is any attack.

Darren B - KC
Darren B - KC

Study schmudy. I've used Firefox, Chrome, and IE between home and office computers, each extensively and I can say with absolute confidence that IE is better overall at catching and blocking malware, hands down. No, I'm not a M$ fanboy because I refused to use IE for about 3 or 4 years at home, being a big supporter of Firefox. But I noticed plenty of occurances where I would get a malware warning through IE (on my office computer) on a webpage that my home computer, using Firefox, would browse to without any indication of a problem whatsoever. Pull up the Malwarebytes, run a scan, and sure enough, a new freakin' infection that my office computer didn't have! I've been running IE at home for a couple years now, and my malware infection rate is MUCH lower, almost to the point of nonexistence. Studies be damned... real world experience is where you find the facts.

Tony Hopkinson
Tony Hopkinson

Given, you've banned all other road users, fitted the training wheels properly, restricted the speed to 1 mph, and kitted the user in full body armor and gaffer taped them to it.

Robynsveil
Robynsveil

...the editor's choice? "So, what do we do now? Obviously, the study concentrated on just one security problem for which web browsers are susceptible - we can’t use it as the only criteria for choosing a web browser. However, the study does suggest that perhaps it is time information technology professionals reassess their web browser choices. When is the last time you took a close, objective look at your current web browser’s security capabilities?" Based on this study? If that's true, then why is the above post suddenly more pertinent? "Mark said it well - you should use what works - and IE works for me." Where did he say that? Not in the article, he didn't. He stuck it in with the rest of the Opinions, Opinions which weigh considerably less that the strong assertions made in the article, wherein he stated unequivocally that based on his assessment of their methodologies - which he pronounced as being on the "up-and-up" - IT professionals need to reassess their choice of browsers given the results of this study. Clearly he has a lot of confidence in the validity of the scientist's methods and altruistic motives. Unsurprisingly, then, this post made editor's choice. Just like an NSS Labs "study" warranted "A study _confirms_ Internet Explorer 9 is the safest web browser". This has gone far to restore my faith in Microsoft.

Tony Hopkinson
Tony Hopkinson

Some might have intimated that the 'erm study was weighted towards achieving a particular result.. Cynical of them I know, but the only other conclusion is that they they are idiots.

Tony Hopkinson
Tony Hopkinson

From everything you've seen.. You need to get out more...

Mark W. Kaelin
Mark W. Kaelin

We believe you should use what works. Jack believes you should not use IE, but this study suggests that perhaps IE is not as bad as once believed. We don't make that decision for you - you have to make it yourself.

Mark W. Kaelin
Mark W. Kaelin

I never took a stand on Internet Explorer - I am just suggesting that perhaps we should take another look. And TechRepublic is, and always has been, agnostic about web browsers, operating systems and everything else. We are just looking for what works best.

Mark W. Kaelin
Mark W. Kaelin

I have never said IE is the best browser. A study did, I reported it, and I asked what everyone thought. That is all.

Mark W. Kaelin
Mark W. Kaelin

I read the report. The methodologies used were sound. What was being tested was limited in scope and does not translate to normal practice. But, then again, the report specifically acknowledged that limitation. I merely asked when was the last time you, as an IT professional, took a serious objective look at Internet Explorer. Perhaps it is time to take another look. As to why it is Editor's Choice - because it was a call for some rationality and civility to the question. Something I would like to see. Too many people have decided Microsoft is terrible and can do no right that any time something positive is said about them, we get this religious war that really makes no sense. I have not stated any preference for any browser because my choice of browser is irrelevant. Yet, because there is a religious war going on, I have to be cast as being on one side or the other so there is something to contradict. I would really like to avoid that - none of this is about me or at least it shouldn't be.

Slayer_
Slayer_

The current version installs some sort of MS mouse software when you plug one in. Also, some MS wireless keyboards and mice actually crash some video games, wtf lol.

tedatwork
tedatwork

There most certainly is. PS: Went to get back to this article via my comments section and my comment was removed. wow...

Deadly Ernest
Deadly Ernest

for MSIE 9 as the methodology being used by NSS is comparing apples with oranges and is NOT doing a level playing field comparison as not all browsers rely on a white list the way MSIE 9 does.

Deadly Ernest
Deadly Ernest

as it should say MS URL White list is best of the lists. However, the report itself is at fault as it tests a white list on IE and the inherent anti malware on the others as they do NOT rely on a white list.

Tony Hopkinson
Tony Hopkinson

take a fresh look at IE. You are getting slaughtered, because you used this report as the justification for making the suggestion. And yes I read it. It said IE9 is safer behind a whitelist, than any other major browser with all of it's usual safety features off and without any alternative whitelist. Unsurprisingly many intelligent people are underwhelmed by this effort... It isn't about MS, well not for me, it's that this report you keep touting is useless.

Editor's Picks