We see them regularly – tests which try to quantify which browser is “safest”, whether it be IE or FF or Chrome or whatever.
The hardest thing to protect a user against, I think, is “social engineering”. You see, in the end we all have the choice to ignore warnings being displayed our software, and if a malware distributor can convince a victim to ignore any warnings that they may be seeing, then it’s game over.
Anyway, Fred Pullen posted on the IE blog back on the 22nd about an NSS analysis which makes things look very good for IE, and for Chrome.
Image Source: http://blogs.windows.com/ie/b/ie/archive/2013/06/21/internet-explorer-10-provides-safer-browsing.aspx
It’s an interesting comparison; you can see that IE10 gains most of it’s protective behaviour from “URL reputation”, Chrome from “Download Protection”. “Application reputation” had only a small part to play.
It’s obvious that Firefox, Safari and Opera need to do something to address the deficiencies in their protections, although, I admit, I’m surprised at how effective “URL reputation” is as implemented by Microsoft for IE10.
Chrome have been taking steps in recent times to tighten things up with regards to apps too. For example, disabling silent extension installs and later announcing that they would start identifying software that violates Chrome’s standard mechanisms for deploying extensions, flagging such binaries as malware.