A series of benchmark tests performed by NSS Labs, a US-based independent network, and security testing organization, reveals that Microsoft Edge detects malware and phishing attacks much better than both Google Chrome and Firefox, despite losing over 40 million of users in the last month.
The organization performed two sets of tests, one for detecting socially-engineered malware (SEM), and one for detecting phishing attacks. The first test ran for 14 days (from September 26 to October 9) while the second for 12 days (from October 1 to October 12).
Researchers used the latest versions of today’s three major browsers, Google Chrome 53.0.2785, Mozilla Firefox 48.0.2, and Microsoft Edge 38.14393.0.0, all running on Windows 10 Enterprise version 1607.
NSS Labs subjected each browser to the same malicious URL and tested if the browsers detected any malicious activity, and how much time it took them to mark the link as dangerous.
During the socially-engineered malware (SEM) tests, NSS Labs tested how browser built-in defenses, such as Microsoft’s SmartScreen and Google’s Safe Browsing API (also used in Firefox), reacted to cleverly designed web pages that used popups or fake notifications that lured users into downloading applications such as fake Adobe Flash Players, Windows updates, and fake system optimization toolkits.
Edge is better at detecting malicious downloads
Tests showed that Microsoft Edge was able to pick up on 99% of all links that NSS Labs testers had thrown at it. On the other hand, Chrome detected only 85.8% all threats, while Firefox blocked only 78.3%.
NSS Labs credits the better results to Microsoft technologies that have been developed in the past years, such as SmartScreen URL Filtering and SmartScreen Application Reputation (App Rep).
Tests also showed that SmartScreen also outperformed Google’s Safe Browsing API when it came to zero-hour protection, meaning new threats, seen for the first time.
Edge showed a 98.7% detection rate for never-before-seen malware, while Chrome detected only 92.8% of all threats, and Firefox only 78.3%.
On average, it took Edge about 10 minutes to detect new malware threats, while Chrome needed 2 hours and 39 minutes, and Firefox needed around three hours and 45 minutes.
NSS Labs also highlights that Firefox’s detection rate has picked up compared to past test results. The organization credits this positive improvement to a new feature Mozilla added in Firefox in August, called Download Protection.
Tests for detecting phishing threats consisted of NSS Labs researchers subjecting phishing URLs to each browser every six hours until the browser picked up on the malicious link, at which point researchers introduced new links in the tests.
Again, Edge came on top after catching 91.4% of all phishing links during the 12-day test. Chrome came second once with an 82.4% detection rate, and Firefox third, after detecting 81.4% of all URLs.
Putting aside the phishing URLs that went undetected, it took on average around 56.4 minutes for Edge to identify phishing URLs, while both Chrome and Firefox took well over an hour.
NSS Labs has been carrying out these tests for many years. As early as 2012 and 2013, Microsoft’s SmartScreen technology has been fairly apt at detecting malware, outperforming for years Google’s Safe Browsing API.
While vulnerabilities and zero-days in Internet Explorer have branded the aging browser as insecure, these tests show that when it came to everyday threats such as malicious malware downloads and phishing threats, IE, and now Edge, are far superior to both Chrome and Firefox.
Unfortunately for Microsoft, building a popular browser takes more than fast and accurate malware detection features. Factors such as startup speed, memory usage, an add-on ecosystem, and a simple UI also matter.
Despite better security features, Edge lost millions of users in the past month
A recent study of the browser market by Computerworld shows that in the last month alone, the “super-secure” Edge has lost over 40 million users to Chrome and Firefox, despite the two ranking lower on NSS’ tests.
While the Computerworld study is bad news for Microsoft, it’s also good news for Mozilla, who during the past year has lost a massive amount of users.
In fact, for a few months during the summer, for the first time in a decade, Safari had overtaken Firefox to become the third most used browser.
Both NSS Labs studies are available for download via the organization’s website.