Renowned cybersecurity consultancy NSS Labs this week published two Web Browser Security Comparative Reports on socially engineered malware (SEM) and phishing attacks. The reports consider the relative security of a number of browsers with respect to the aforementioned security threats.
While conventional attacks using vulnerabilities and exploits in the operating system or application software are still used routinely, due to increased vigilance from vendors on this matter attackers have started gravitating towards exploiting the user in order to carry out their nefarious activities. These types of attacks are hard to counter as they rely on the user willingly providing their information to the attacker.
In this regard, the security of the OS is not particularly relevant and the report found that there was no significant difference between users on an open platform like Windows 10 and closed platforms like Windows 10 S or Chrome OS. Thus, the brunt of the work in protecting against such attacks would fall on the browser's ability to block, for example, phishing URLs when a user is trying to open them.
NSS Labs stressed the importance of securing browsers against possible avenues of attack, stating:
“Web browsers are the primary interface used to consume information and are among the most common entry point for attackers. Enterprises are increasingly adopting a bifurcated browser strategy to reduce exposure to emerging threats. Our test findings provide valuable insights that empower informed decision making and help both enterprises and users minimize risk for a secure browser experience."
In the company's testing of 36,120 different instances involving the access of 1,136 suspicious URLs over a 23-day period, the company found Edge to provide significantly more protection than its Google- and Mozilla-made alternatives. The new browser from Microsoft blocked 92.3% of phishing URLs on average, in comparison to 74.6% and 61.1% for Chrome and Firefox, respectively.
Edge was also found to have a faster reaction in response to new phishing URLs, boasting a profoundly better zero-hour protection rate of 81.8% than the 58.6% and 50.7% achieved by Chrome and Firefox.
While Chrome is, due to its relative maturity, an overwhelmingly more popular choice among desktop users and offers far more features, if phishing attacks are your primary concern, you may wish to switch to Edge for its better protection. The Microsoft browser has struggled to gain traction since its launch and sports a pitiable collection of extensions in comparison to the thousands populating the Chrome Web Store. However, Microsoft is said to be experimenting with an Insider program for Edge that could significantly increase the cadence at which the browser is updated, possibly allowing it to achieve feature parity with its competition.