As operating systems and browsers become more and more secure malicious actors are finding it increasingly more worthwhile targeting the unchanging weak link in the chain, the user, using techniques such as phishing and spear phishing to trick users into willingly giving up their important data and credentials. This may not just compromise the user, but a whole company network, making phishing protection an important security priority.
NSS Labs, a global leader and trusted source for independent fact-based cybersecurity guidance, today announced the release of its Web Browser Security Comparative Reports. The reports reveal how effective web browsers are at protecting users from socially engineered malware (SEM) and phishing attacks.
They found being on a locked down OS did not confer any additional protection against phishing. No significant differences were observed between the Edge browser running on Windows 10 or Windows 10 S and between the Chrome browser running on Windows 10 and Chromebook.
As can be seen from the graphic above, this meant students were more protected on a Windows 10 S machine than a Chromebook, with both devices, due to their nature, already offering robust protection against other forms of malware.
NSS Labs tested 36,120 test cases that included 1,136 unique and suspicious URLs over a 23 day period in August/September 2017 and found during the test, the Microsoft Edge browser blocked an average of 92.3% of phishing URLs; Google Chrome blocked an average of 74.5% of phishing URLs; and Mozilla Firefox blocked an average of 61.1%of phishing URLs.
Importantly the Edge browser was also fast in identifying new phishing URLs. Microsoft Edge provided the highest zero-hour protection rate at 81.8%, and over time maintained a 24.2% lead over Chrome.
While Chrome fans and Microsoft critics will find it easy to dismiss these findings, NSS Labs note they did not receive funding from either party.
“Web browsers are the primary interface used to consume information and are among the most common entry point for attackers,” said Jason Brvenik, Chief Technology Officer at NSS Labs. “Enterprises are increasingly adopting a bifurcated browser strategy to reduce exposure to emerging threats. Our test findings provide valuable insights that empower informed decision making and help both enterprises and users minimize risk for a secure browser experience.”
It seems if the protection of your users is one of their your priorities, it makes a lot more sense to use Edge than Chrome.