by Lance Whitney October 12, 2011/CNET)
A new Web page that tests browser security has crowned Internet Explorer 9 the most secure among the five major players. The only catch is that the page itself comes from Microsoft.
Dubbed “Your Browser Matters,” the new page checks a browser to determine how well it fares against phishing attacks and other types of socially engineered malware. The page then assigns the browser a score based on a scale of 0 to 4.
Looking at the major browsers, Internet Explorer 9 received a perfect 4 out 4, while IE8 earned a 3. The latest versions of Firefox (7.0) and Google Chrome (14) took home scores of 2 and 2.5, respectively. And apparently Safari and Opera don’t even merit a grade since the page simply said it couldn’t give a score to either of those browsers.
Users can click on the “score” link to see exactly how and why the browser received its grade. Microsoft breaks down the security analysis into different questions, such as “Does the browser help protect you from websites that are known to distribute socially engineered malware?” and “Does the browser automatically block insecure content from secure (HTTPs) pages?” and then tells you if the browser got a yes or no for each one.
The page also serves as a promo for Internet Explorer by touting Microsoft’s SmartScreen technology, a feature introduced in IE8 that analyzes each URL to determine if it’s safe or secure. Next to the scores for each browser is a running total telling you how many attacks would’ve been blocked had you only been running a browser equipped with SmartScreen.
Beyond ranking the major browsers, Microsoft tries to explain how malware works, how different browser features are designed to protect you, and what steps you can take to better protect yourself. In the interest of fairness, Microsoft does provide links where people can download the latest versions of competing browsers, including Firefox and Chrome.
But since the page is generated by Microsoft rather than a third party, it’s only natural to be dubious about the results. In a blog published yesterday, Roger Capriotti, Microsoft’s director of Internet Explorer Product Marketing, even explained that the data used in grading the browsers comes from the company’s own Security Intelligence Report.
But Capriotti also stressed that the information is based on additional feedback from the Anti-Phishing Working Group (APWG), the Identity Theft Council, and the Online Trust Alliance (OTA). It’s important to note, though, that Microsoft is a member of the APWG and on the steering committee of the OTA. The company has also provided a document (PDF) detailing the methodology behind the browser testing.
“Security scores like this are often the subject of much scrutiny, and there is certainly no single test that can perfectly summarize all aspects of browser security,” admitted Capriotti. And though Microsoft naturally wants people to stick with Internet Explorer, Capriotti added that “we simply want people to protect themselves by knowing that a modern browser is the first line of defense online.”