A Comparative Analysis of Browser Security via Phishing Protections

Anthony Freed
By | November 30, 2012

Posted in: Network Security Trends

Browsers are no longer just a user's window to the Web, they are quickly becoming a surfer's first line of defense against an array of maladies, most specifically malicious phishing expeditions employing tainted URLs. A new study released by information security research and advisory company NSS Labs examines the four leading browsers - Apple Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox - and looks at how well they stand up to the onslaught of phishing operations permeating the Internet.

The research, titled 2012 Browser Security Comparative Analysis Report – Phishing Protection, reveals that browsers have improved significantly in their ability to detect phishing URLs with a better than 90% block rate overall (range spanned from 90% for Firefox 15 to 94% for Chrome 21), up from less than 50% over 2009 averages. The study also shows that browsers are detecting and blocking phishing URLs in just 4.87 hours versus the 16.43 hours measured in the 2009 report, and the credit for the improvement is given to the evolution of reputation-based blocking systems.

“Phishing has been a pernicious threat for several years and the variety of measures designed to mitigate the problem have yet to decrease the prevalence of such attacks. Recent advances in reputation-based blocking systems are reaching maturity and now afford consumers and enterprises significant protections against the less sophisticated attacks,” said Randy Abrams, Research Director at NSS Labs, in a press release discussing the findings.

The study reveals that browsers are fast becoming a user's primary line of defense in protecting against phishing attacks. The use of the reputation-based systems of detection have forced attackers to "create and rotate phishing URLs far more frequently" in order to be successful.

“Still, the availability of cheap and disposable domains allow criminals to rapidly change the location of phishing sites. The result is that even a site that is live for only a few hours can evade detection and ensnare enough unwary consumers to be a profitable criminal endeavor," said Abrams.

The most successful phishing operations are noted to be smaller, more concerted attacks such as those typical of a spearphishing campaign. The smaller number of targets allows the malicious URLs to remain undetected by reputation-based systems, and are usually employed by attackers against high value targets like government and financial institutions.

"Sophisticated spearphishing campaigns continue to be highly problematic to defend against. It is important that developers harden browsers to block not only phishing attacks, but also other threats, such as socially engineered malware and drive-by downloads as these remain popular and effective attack vectors for cybercriminals,” Abrams said.

Other key findings in the NSS report include:

  • Phishing continues to be one of the top attack vectors used by cybercriminals to gain access to systems and sensitive data, with the average number of phishing sites detected has been on the rise from under 40,000 per month in 2011 to over 50,000 per month in 2012

  • Blocking response times are critical, and the average uptime for sites linked to phishing attacks in 2012 decreased to 23 hours from a high of 73 hours in 2010. While all the browsers blocked over 83% of the phishing URLs used in testing by end of day one, it took 3 – 5 days for each to reach its maximum block rate

NSS also released a companion study titled Browser Security Comparative Analysis: Socially Engineered Malware, which revealed that Internet Explorer 10 with App Rep had a mean malware block rate of 99.1%, and Chrome with Google’s Malicious Download Protection had a mean block rate of 70.4%. Firefox and Safari paled in comparison with only 4.2% and 4.3% of malware blocked, respectively.

You May Also Be Interested In: