Filtering malicious URLs is an important part of the fight against phishing. Phishing starts with an email or other communication that persuades the user to visit a particular web page that then persuades the user to part with confidential information or account credentials. All four of the tested browsers (Chrome, Firefox, Internet Explorer and Safari) include a mechanism to recognize and block malicious URLs. It was the comparative efficiency of this mechanism that was tested in the latest report.
URL blocking is a two-part process. The first is an in-the-cloud reputation system that compiles a database of bad URLs. The second part resides within the browser. When the user wishes to visit a site it is first checked against the database. If the URL is considered dangerous it is blocked. If the URL is not considered dangerous, it is allowed and the user is unaware of the check.
A major problem for the browser vendors is the speed with which bad URLs come and go – on average lasting for just 23 hours before their instigators rotate the scam to a different URL. For this reason, NSS Labs checked both the efficiency of the browsers in detecting known bad URLs, and the speed with which they recognized new bad URLs. For the first part there is little difference between the browsers. Chrome 21 scored best by blocking 94% of bad URLs and Firefox 15 worst by blocking 90%. However, with a statistical margin of error of 2%, there is effectively nothing to separate the browsers.
There was, however, a greater distinction between the speed in which new bad URLs were included. Firefox took just 2.35 hours to block a new URL, while Internet Explorer took 6.11 hours.
Despite the effort put into conducting these test, NSS warns that bad URL detection rates “should not be given undue weight” in a browser selection process since the majority of phishing emails will fall on deaf ears – an HSBC customer will ignore a phish aimed at Bank of America customers. More important, because more dangerous, is the browser’s ability to block “socially engineered malware and drive-by downloads.” This was the subject of an earlier analysis published last month. In these tests, Internet Explorer had a 99.1% block rate, with Chrome second at 70.4%. “Safari 5 and Firefox 15 were a distant third and fourth, with 4.3% and 4.2% respectively.”
Nevertheless, says Randy Abrams, research director at NSS and co-author of both reports, “It is important that developers harden browsers to block not only phishing attacks, but also other threats, such as socially engineered malware and drive-by downloads as these remain popular and effective attack vectors for cybercriminals.”