Nov. 29, 2012 at 3:26 PM ET
Google's Chrome Web browser rated the highest when it comes to spotting and blocking phishing — attempts to get users' personal data like passwords and credit card information — according to a new study.
Over a 10-day period, information security research company NSS Labs compared Chrome, version 21, against Internet Explorer 10, Firefox 15 and Safari 5, all of which did relatively well.
Firefox, at the lowest, caught phishing attempts 90 percent of the time; Chrome, at the highest, 94 percent.
Firefox, however, was the quickest at spotting malicious websites, or URLs, blocking them 2.35 hours after they went up, NSS Labs said, "while while all other browsers ranged from 5.38 to 6.11 hours."
"Although Firefox and Safari performed well in phishing response times, separate NSS Labs testing shows they lag behind Internet Explorer and Chrome in blocking socially-engineered malware," wrote study authors Randy Abrams, Orlando Barrera and Jayendra Pathak.
"In overall malware testing, Internet Explorer blocked over 99.1 percent of malicious downloads, while Chrome was a distant second blocking only 70.4 percent, followed by both Firefox and Safari blocking less than 6 percent."
The Austin, Texas-based company isn't looking to declare a winner among the four major browsers.
Considering the study's margin of error of about 2 percent, "there is little difference in the average block rate of the browsers and one must consider other factors, such as socially engineered malware blocking capabilities, for qualitative differences in the security effectiveness of the browsers," the authors wrote.
Still, they said, phishing continues to be one of the top tools of cyber criminals: "While the number of reported phishing attacks peaked in 2009, the average number of phishing sites detected has been on the rise from under 40,000 per month in 2011 to over 50,000 per month in 2012."
Because of that, "seconds count in the war on phishing," they wrote. "The new challenge" for Web browsers is to "quicken blocking response times. With phishing sites now rotating at a much faster pace, it is critical for browsers to identify and block sites more rapidly."
Two years ago, 73 hours was "the average uptime for sites linked to phishing attacks." This year, it's 23 hours, NSS Labs said.
"The availability of cheap and disposable domains allow criminals to rapidly change the location of phishing sites," said Randy Abrams, NSS Labs research director, in a statement. "The result is that even a site that is live for only a few hours can evade detection and ensnare enough unwary consumers to be a profitable criminal endeavor."