Internet Explorer Beats Browser Rivals After Security Tests

Microsoft developers will be sharing high fives after a new report by NSS Labs placed Internet Explorer ahead of the browser pack when it comes to fighting click fraud.

Click fraud affects pay-per-click advertising when a person, automated script or program fraudulently registers a click on an ad in order to generate money from the scammer. Earlier this year, the Flashback botnet used thousands of computers to launch a click fraud scheme that Symantec estimated earned some $14,000 (£8,611) in a three-week period.

Security Tests

According to NSS Labs, the average lifespan of a click fraud URL was 32 hours, with more than 50  percent expiring with 54 hours. In its tests, the company compared Internet Explorer 9 (IE 9), Google Chrome 15-19, Mozilla Firefox 7-13 and Apple Safari 5 during a 175-day period. According to the report, Internet Explorer caught 96.6 percent of click fraud, compared to 1.6 percent by Google Chrome; 0.8 percent by Mozilla Firefox and 0.7 percent by Apple Safari.

With the growth of online advertising revenue, the profitability of click fraud, and the overall inability of leading browsers to protect end-users, there will be a major growth in click fraud in 2013, NSS Labs predicted.

“Given Chrome’s prominence and increasing market share, we predict ongoing increases in click fraud unless Google takes serious steps to improve its click fraud protection,” Dr. Stefan Frei, research director at NSS Labs, said in a statement.

When it comes to overall malware protection, Internet Explorer led the way as well, with a 94 percent block rate. This compares to 27.6 percent for Google Chrome, 5 percent for Firefox and 4.7 percent for Safari.

“Over 3,000,000 test cases were used in the data sampling captured via NSS Labs’ unique live testing harness,” according to the report. “An initial sample set of 227,841 unique and suspicious URLs entered the system; 84,396 were found active and malicious and met the criteria for entry into the test. In total 3,038,324 test runs were performed by the four browsers against these unique 84,396 URLS – resulting in over 750,000 [test] cases per browser.”

URL Blocking

Besides Chrome, Firefox and Safari also use Google’s Safe Browsing API for URL blocking. IE 9 on the other hand uses Microsoft’s SmartScreen technology. SmartScreen also works with Download Managers to block malicious downloads, the report notes. According to NSS Labs, the Safe Browsing API v2 includes functionality that has been integrated into Chrome, but not into Firefox and Safari. This functionality provides reputation services for executable files, or as Google describes them “malicious downloads,” the report notes.

“Of the three browsers using Google’s Safe Browsing API, Chrome is the only one to also utilise Google’s malicious download technology,” the report notes.

“The URL blocking performance of these three Safe Browsing browsers was consistent at around five percent,” the analysis continues. “Google’s malicious download protection proved to be almost five times more effective than URL blocking alone.”

Are you a security guru? Try our quiz!

Originally published on eWeek.