ANALYSIS BRIEF – September 2012 IS YOUR BROWSER PUTTING YOU AT RISK? PART 1 – GENERAL MALWARE BLOCKING Authors -‐ Bob Walder, Francisco Artes, Stefan Frei, Ken Baylor, Jayendra Pathak, Vikram Phatak Overview The ineffectiveness of Web browser security is one of the most common reasons for malware infection. Browsers offer a direct and unique route for infection, bypassing corporate protection layers and bringing malware deep into the corporate environment, often protecting it from detection using SSL. Browsers must provide a strong layer of defense from malware, rather than defer to operating system antimalware solutions. This series examines the effectiveness of leading browsers to block malware. The four leading browsers were tested against three million samples of real world malicious software. Major discrepancies were noted in their ability to block malware. Data represented in this report was captured over one hundred and seventy-‐five (175) days through NSS Labs’ unique live testing harness, and provides in-‐depth insight into the built-‐in protection capabilities of modern browsers, including Chrome, Firefox, Internet Explorer, and Safari. This series of papers will examine the ability of the four leading browsers to block each of the five main purposes of malware and malware monetization. Monetization of malware is achieved by multiple means, including click fraud, fake antivirus, account / password theft, bank/financial fraud, and gaming fraud. Collectively they account for billions of dollars worth of corporate and consumer theft per year, yet browsers vary widely in their ability to block malware, despite adverse effects on business and individual users alike. Tested Products • Apple Safari 5 • Google Chrome 15 -‐ 19 • Microsoft Internet Explorer 9 • Mozilla Firefox 7 – 13 Over 3,000,000 test cases were used in the data sampling captured via NSS Labs’ unique live testing harness. An initial sample set of 227,841 unique and suspicious URLs entered the system; 84,396 were found active and malicious and met the criteria for entry into the test. In total 3,038,324 test runs were performed by the four browsers against these unique 84,396 URLs – resulting in over 750,000 tests cases per browser.