New browsers fight the malware scourge

Wilson says Microsoft will use lists of such sites from different company partners, as it does now for the browser's antiphishing protection, but he isn't yet saying who those partners will be.

Instead of downloading all or part of the blacklist to your PC, IE 8 will check every page you visit against the online malware blacklist, Wilson says. Unlike IE 7's phishing protection--which checks for blacklist matches and also attempts to identify phishing sites at the time you visit based on a page's characteristics (such as whether it sends log-ins off to another domain)--SmartScreen will only compare against a blacklist for malware sites.

Wondering about Apple's Safari? The current browser doesn't block any malicious sites, phishing or malware, and the company is tight-lipped about whether it plans to add such features.

No Silver Bullet

While these new features will help combat rampant site infections, they won't single-handedly stomp out Web-based malware any more than antiphishing measures do for that type of threat. For one thing, blacklists are inherently reactive: A site must first be identified and added to a list before it will be blocked. Even the fastest such process can leave a window of opportunity for criminals to nail victims before the blacklists catch up, just as with virus signatures. And of course, crooks still have other methods, such as e-mail and IM, to ply their nefarious trade.

"In most cases viruses spread so rapidly, and through so many methods, it's not sufficient to only employ browser protection," says Opera's Strand.

His advice for surfers? "You really need an antivirus [program] no matter what browser you're using."