Google Chrome shows best anti-phishing detection, test finds

But rivals not far behind

The most popular web browsers detect and block phishing attacks at least 90 percent of the time with Google's Chrome marginally the best performer, an NSS Labs report has found.

The testing firm pitted Google Chrome 21, Mozilla Firefox 15, Apple Safari 5 and Internet Explorer 10 (on Windows 8) against 2,291 unique phishing URLs in a realtime test, finding that Chrome reached a 94 percent catch rate over a ten-day period.

Internet Explorer 10 (the only browser not to use Google's SafeBrowsing API) came second on 92 percent, Safari third on 91 percent with Firefox in last place on 90 percent.

Conclusion: the browsers are very similar in their basic ability to block phishing sites and hugely improved on the pretty poor performance - around 47 percent - found to afflict the same browsers during a similar assessment by NSS Labs in 2009.

They did vary far more when it came to the average time to block URLs, with Firefox and Safari hitting 79.2 percent and 76.9 percent respectively for 'zero hour' detection of phishing attacks leaving IE10 and Chrome lagging on only 55.9 percent and 53.2 percent.

Second conclusion: while browsers are nearly identical in their ability to spot phishing URLs, some take longer to reach that performance than others. Firefox was also the quickest to add a phishing site to its block list, doing so in 2.35 hours compared to over five hours for the others.

Three of the four, Firefox, Chrome and Safari, use Google's SafeBrowsing API while IE10 uses Microsoft's own SmartScreen.

"Looking back to 2009 when the best browser blocked 83% and the worst a mere 2%, it is obvious that all of the tested vendors have made significant strides in their abilities to block phishing attacks," note the researchers.

"Going forward, the challenge will be to bring down the response time, especially for targeted brands with the largest consumer bases."

The firm makes clear that phishing websites are only one of the malevolent forces that browsers must defend against; a fuller picture must also take into account of threats such as drive-by malware.

NSS Labs carried out such a test in October and found much less impressive results for some browsers.

According to Anti-Phishing World Group (APWG) figures, the number of unique phishing websites has hovered around 50,000 per month during 2012, even if the average lifespan of each has decreased markedly since 2009 to just under a day.

Join the CSO newsletter!

Error: Please check your email address.

Tags AppleapplicationsGooglesecuritysoftwaremozilla

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts