Enhanced Protection with IE9’s SmartScreen Filter


A new research report from independent information-security research and testing organization NSS Labs shows that Internet Explorer 9 Beta protects the user from 99% of socially-engineered malware downloads.  According to NSS Labs, “With a unique URL blocking score of 94% and over-time protection rating of 99%, Internet Explorer 9 was by far the best at protecting users against socially-engineered malware.” 

The following graph compares the protection offered by various browsers against socially engineered malware attacks:

Chart - NSS Study shows IE9 SmartScreen Block rate for socially engineered malware is 99%

IEBlog readers may notice that IE8’s results have improved over the last year– continued investments in improved data intelligence have resulted in a 5% increase in effectiveness.

Internet Explorer 9 benefits from the same back-end investments, as well as other enhancements to the URL Reputation Service and the innovative new Application Reputation feature. Beyond flagging potentially-risky downloads, the Application Reputation feature helps reduce warning prompts when downloading software with an established reputation.

To date, IE8 and IE9 Beta have blocked 1.3 billion phishing and malware attacks and continue to block millions of attacks every day. We are committed to continually improving our intelligence systems and processes so we can continue to provide industry-leading protection from phishing and malware.

If you haven’t already, please download Internet Explorer 9 Beta and enjoy enhanced protection against socially-engineered malware.

-Eric Lawrence

Comments (28)

  1. Erwin Ried says:

    IE9 beta is for sure the most safe browser, but is buggy as hell:

    -You can actually click on release some button, try it: click drag then release over a link

    -Sometimes it hangs the windows composer (dwm). Maybe this happens because the flash player, but how can a browser be so integrated with the OS to hang such a vital component!

    -Like IE7 and IE8, randombly the browser acts as a massive resource hog, eating at least 1 gb of ram and 50% of cpu in my machine, it needs a better resource watchdog!

    Not bug, but usability

    -I like to keep my search terms so I can use it in another browser, the new combined url/search bar does not have a way to recover the search terms!

  2. Really says:

    Is it a research sponsored by Microsoft?

  3. M says:

    yeah it sure seems like it.

  4. mors says:

    I do wonder what kind of methodology NSS Labs uses that makes IE block 98% of threats, while Opera gets 0% having sources from phishtank, netcraft, AVG and previously thwate. Smells like rat.

  5. Mark Wisecarver says:

    The latest IE9 on Win7 64bit is awesome. Firefox on the same system uses more system resources than SQL Server.

  6. Denis Hoctor says:

    I smell some crap here. Keep your eye on competing with the feature set of the other vendorsand not the market angles that always come across to anyone in the know as ***.

  7. Bug says:

    Hey IE team, I am running WMP 10 using Microsoft App-V on Windows 7. It runs perfectly without any issues when IE8 is installed. When I install IE9, the embedded browser in WMP makes WMP crash.

  8. Bug says:

    Doesn't matter which version WMP I'm using, but with IE9 installed, the embedded browser crashes. When I uninstall IE9, WMP stops crashing when browsing Media Guide etc.

  9. Prior Semblance says:

    @Erwin

    Oh man that mouse release bug is so annoying, if thats what I've been experiencing.  I'll be selecting form elements while posting a comment or something and somehow click an ad on the top of the screen when I move the mouse.

  10. Loow says:

    oooh LoL, it doesnt matter about the malware protection but it DOES MATTER ONLY ON SPEED AND CPU, i hope IE9 use much LESS RAM at the CPU and it's not as slow as IE8 , thats what all matter's, the speed, how fast is IE9 compaire to IE8

  11. n0d says:

    MY Pc Laptop is getting worm and hot and it's working alot on CPU when i play online games with IE8, and i hope it will NOT get slow WORM with IE9… but it will go fast and quite…

  12. Max says:

    I constantly receive e-mail's with phishing links. I report them to Microsoft via "Report unsafe website", but they never block them. I can open link wich is 4 month old and the phishing site still opens, while other browsers block it. So phishing filter in IE is not best – it is worst and slowest!!!

    Ans yes, IE9 is extremly buggy. Sometimes I have to wait 30-40 seconds before it display page. And UI is ugly. Thoose flat matte buttons look horrible in Windows 7 where all other buttons are glossy. UI of IE9 looks like a cheap crap.

  13. Dumb Down says:

    IE TEAM, WHERE ARE THESE BUTTONS IN IE9 AND HOW DARE YOU REMOVE THEM!: img196.imageshack.us/…/ie9wtf.png

  14. Max says:

    They removed everything except content. In IE10 they will remove adress bar and back button, favorites button (no, really, why I should make 4 clicks to add website to favorites?), home button and page button. IE10 will look like Platform Preview. And IE11 will just display bigger and uglier IE logo after launch without any web-pages.

  15. Stilgar says:

    Enhanced protection is good but with the new unreadable text I'm already protected because there is no way I can read the text telling me to enter my password.

  16. Erwin Ried says:

    @Max: rolf

    In fact, I like the new UI, it is nicer and cleaner, I just want to for example click the magnify glass icon to get my search terms back! they are changing too much my browsing behaviour without that! with this IE9 beta MS makes me wish to switch to ff or chrome (I also use those, but my main browser is IE)

  17. johnnyq3 says:

    @Max

    When Opera, Google, and Mozilla do something similar they are hailed as revolutionary.  When IE does something, it is either hated or the feature is "too late".  The back and forward buttons are greatly used for browsing on any browser, as is the address bar.

  18. AndyC says:

    @mors: You can find out exactly what kind of methodology NSS Labs used by, you know, actually reading their full report. You can even try it out for yourself if you still don't believe Opera should get 0%.

    @IE team: This is excellent news, I've been saying for a long time now that the real problem with browser security is these kind of socially engineered attacks and it's good to see positive steps being taken to help the less computer literate from being tricked into running malicious software. Good job.

  19. Max says:

    @johnnyq3

    It was a joke. I'm using IE8 as my daily browser on my home pc and on my laptop. But I don't like the way they changed it in IE9. I love glossy icons. Just look at back and froward buttons in Windows Explorer. IE always looked same to Explorer and I liked it! Now it looks too simple. I love IE8 glossy logo, I love glossy icons. They look "real". Noe IE9 plastic logo looks like a cheap toy. That oversized back button wich is partly hidden behind page looks like a bug… And I can't use a browser without indicator for feed or webslice. I also use "send to one note" button. Now to get theese two buttons I should display a large, old, ugly bar for just two buttons. I don't like that they disabled the displaying title of web-page in window title. Some web-sites have large tites, and some languages have long words. Then this window title just uses space. It's absolutely useles.

  20. Kelvin says:

    These are great news… testing IE 9!

    Kelvin

    http://hellotecnologia.com

  21. DanielHendrycks says:

    MSFT, don't lie; it makes you look bad.

  22. James Honeywell says:

    From the report:

    "4.4 ABOUT THIS TEST

    This private test was contracted by Microsoft’s SmartScreen product team as an internal benchmark,

    leveraging our Live Testing framework. It has subsequently been approved for public release."

    So Microsoft does well in a test they paid for and presumably have specifically optimised for. Very impressive, I'm sure. I'm curious, why not make explicit mention of the fact that this is a test funded by Microsoft in the blog post? I'd like to believe that this blog is being used in the interests of transparency and not as an exercise in marketing.

  23. Max says:

    We've had this discussion here on the IE Blog several times.  If Microsoft paid for, commissioned, or requested the test to take place, even if performed by a 3rd party, the results are USELESS and instantly considered BIASED whether they are or not.

    We appreciate your efforts Microsoft, but please do not post ANY results from any reports that you commissioned and expect us to take them at face value.  More importantly, if you are going to post it, your FIRST line should be:

    ************************************************************************************************************

    Note: The following blog post discusses the results found in a study commissioned by Microsoft.

    ************************************************************************************************************

    Without this we absolutely can not take your posts seriously – ever.

    max

  24. Jamie says:

    @James Honeywell

    It would seem logical that Micrsoft payed for the report.

    Noone else will pay for a report that is likely to make IE outshine other browsers.

    Google would be happy to pay for such research if it was posible for them to outshine IE on this particular feature.

    At Least Microsoft has hired an indepent research company to do the research on a feature. Of course they already knew before this feature wil make their  browser shine in such a comparison. They are not likely to publish reports that make them look worse thasn the compettition.

    But it is still better than the far less independant browser speed tests that are published all the time which are mostly directly associated to a browser(engine) developer.

  25. trustme says:

    Non è vero!

    Prima di tutto il test risale a Settembre 2010, e il meccanismo di reputazione di Internet Explorer 9 di sicuro non poteva influenzare il test allora (ma neanche adesso).

    Poi il test è sponsorizzato da Microsoft e guarda caso Internet Explorer è primo. E poi se leggete il report vedrete che la metodica è fallata, perchè questi della NSS hanno scelto i siti da testare in base a dei "loro criteri" mah!?!

    Solito marketing made Microsoft!

  26. Chris says:

    I don't care if they funded it, just the obvious that they should have the beta versions of other browsers in there as well, as firefox 3.6 is basically ancient.

  27. hAl says:

    @Chris

    The report is from test in oktober so naturally the data will be older.

    Fruther more, non of the other browsers has reporter any significant progress in filtering social engineering attacks in their latest browser version. Newer browser versiosn are not likey to do better that the version did in oktober.

    Only IE9 has a newly introduced feature on trusted downloads for combatting social engineering attacks. That gives it significant improvement over IE8.

    So it seems fairly ok for Microsoft to ask NSS labs to compare IE9 with the current browser at the time of the test.

    If other browser intrduce improvements in their browsers against social engineering they will launch their own numbers on how these improve their security.

  28. electronics says:

    get electronic components from http://www.hqew.net and http://www.partinchina.com