A number of browsers that have recently been released including Firefox 3 and Opera 9.5, as well as the upcoming IE 8, benefit from blocking features to protect your PC from malware. We find out just what they offer.

The web is a minefield of malware. Invisible code is regularly slipped into vulnerable websites and acts as direct path for crooks who want to sneak malware infections through your browser and on to your PC, and any site whether large or small can fall foul of hackers.

However, the latest web browsers are fighting back. Firefox 3, Opera 9.5 and, soon Internet Explorer 8 too, benefit from new security features that block known malware sites.

Mass assaults online

"The bad guys are putting a lot of effort into mass hacking," says Roger Thompson, chief research officer with antivirus maker AVG Technologies. "They routinely hack 20,000 to 40,000 sites in a day" with automated tools, he says.

The browsers have their work cut out for them, to be sure. In May, a report from ScanSafe that looked at data from its corporate customers, found that their risk of encountering exploits and hijacked websites skyrocketed by 407 percent from the same period in 2007. ScanSafe also found that just over two-thirds of all web-based malware attacks came via compromised websites.

The new features in the latest browsers work much as existing antiphishing filters do. In Firefox 2, Mozilla uses Google's blacklist of known phishing sites. If you mistakenly click a link to a URL on that list, you'll see a warning instead of the site. Firefox 3 also blocks the display of pages on Google's list of known malware sites.

Firefox 3 grabs the most recent blacklist about every 30 minutes, according to spokesperson Johnathan Nightingale, and checks the sites you visit against that local list. Firefox 2 has an option to always check sites you visit against Google's online list so as to catch the very latest entries, but Firefox 3 provides no such option.

NEXT PAGE: Opera girds itself

  1. Web browsers that help block malware
  2. Opera girds itself

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

A number of browsers that have recently been released including Firefox 3 and Opera 9.5, as well as the upcoming IE 8, benefit from blocking features to protect your PC from malware. We find out just what they offer.

Opera girds itself

Opera 9.5 works in a similar fashion, but with some key differences. It adds malware-site blacklists from Haute Secure to the phishing blacklists from Netcraft and Phishtank that the previous version used. Haute's list includes sites on Google's list, those the company discovers, and sites that Haute's users have submitted.

According to Christer Strand, an engineer at Opera who worked on the new feature, when you first visit a domain, the browser pulls down a sublist of any blacklisted pages or links within that domain from the latest online-stored lists. It then checks pages you visit against that small downloaded list. Opera doesn't save anything about who is visiting what domains, Strand says.

Although you can find these features in the latest Opera and Firefox now, you'll have to wait for Internet Explorer 8's similar feature. Austin Wilson, director of Windows client product management, says that IE 8's beta 2, due out in August, will employ a feature dubbed SmartScreen to block malware sites.

Wilson says Microsoft will use lists of such sites from different company partners, as it does now for the browser's antiphishing protection, but he isn't yet saying who those partners will be.

Instead of downloading all or part of the blacklist to your PC, IE 8 will check every page you visit against the online malware blacklist, Wilson says. Unlike IE 7's phishing protection, which checks for blacklist matches and also attempts to identify phishing sites at the time you visit based on a page's characteristics (such as whether it sends log-ins off to another domain), SmartScreen will only compare against a blacklist for malware sites.

Wondering about Apple's Safari? The current browser doesn't block any malicious sites, phishing or malware, and the company is tight-lipped about whether it plans to add such features.

No silver bullet

While these new features will help combat rampant site infections, they won't single-handedly stomp out web-based malware any more than antiphishing measures do for that type of threat. For one thing, blacklists are inherently reactive: a site must first be identified and added to a list before it will be blocked. Even the fastest such process can leave a window of opportunity for criminals to nail victims before the blacklists catch up, just as with virus signatures. And of course, crooks still have other methods, such as email and IM, to ply their nefarious trade.

"In most cases viruses spread so rapidly, and through so many methods, it's not sufficient to only employ browser protection," says Opera's Strand.

His advice for surfers? "You really need an antivirus [program] no matter what browser you're using."

  1. Web browsers that help block malware
  2. Opera girds itself

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews