Three months ago, Microsoft published some statistics pulled from Internet Explorer 9's SmartScreen Filter anti-phishing and anti-malware tool which led the IE9 team to conclude that the browser cuts malware threats by 95%. Today, research firm NSS Labs released a study that backs up Internet Explorer 9's internal statistics, and gives IE9 a block rate of 96.2%, putting it far ahead of Chrome 12, Firefox 4, Safari 5, and Opera 11.
NSS used the same "live testing" methodology it debuted in 2009, and has used for bi-annual tests since that time. In addition to traditional threat detection rates, it uses a metric called "time to defense" which measures the time between when a security vendor first classifies a potential new threat and when protection to that threat is added to consumer products.
From the Study (.pdf available here):
Windows Internet Explorer 9 caught 99.2% of live threats: 96% with the SmartScreen URL reputation and an additional 3.2% with Application Reputation. URL Reputation, which is included in IE8, and Application Reputation, which is new to IE9, are the two components that make up IE9's SmartScreen Filter. IE9 with SmartScreen offers the best protection of any browser against socially engineered malware. Protection against malware matched our previous findings from the Q2 2011 European test and Q3 2010 global test as well as the Q3 2011 Asia-Pacific test.
Google Chrome 12 caught 13.2% of the live threats, considerably more than the 3% observed during the Q3 2010 global test. This improvement tracks to an enhancement in SafeBrowsing so that, according to Google, "Chrome now warns you before downloading some types of malicious files."
Apple Safari 5 caught 7.6% of the live threats. Protection offered was near identical to that of Firefox.
Mozilla Firefox 4 caught 7.6% of the live threats, far fewer than Internet Explorer 9. Results were 11.4% less than the 19% protection rate observed in our Q3 2010 global test, indicating an overall drop in protection for Firefox.
Opera 11 caught 6.1% of the live threats, providing considerably less protection against socially-engineered malware than the other browsers tested.