Microsoft’s Edge browser — the company’s under-the-radar replacement for Internet Explorer — is less than a year old, and may not have the same name recognition as Firefox or Chrome.
But when it comes to stopping socially engineered malware (SEM), ransomware and phishing attacks, Edge turns out to be the best bet for end users, according to a new NSS Labs browser study.
NSS put those three web browsers through global tests (running between Sept. 26 and Oct. 9), to compare how they stood up against today’s most-prevalent cyberattacks, with each browser subjected to the same set of social malware. Nearly 221,000 SEM attacks and 79,000 phishing threats were recorded. The results: the Edge browser blocked 99% of SEM samples. Google Chrome blocked 86%, while Firefox blocked 78%.
“When considering browser security, users should minimize risk by selecting browsers with higher malware block rates, consistency of protection, and early protection against new threats,” the NSS report reads. “The average SEM block rate is a key metric against which browsers are tested. Consistency of protection, the amount of time required to add protection for new threats, and zero-day protection are also important metrics … .”
Part of the reason Edge outperformed Chrome and Firefox was its ability to protect users against sites that posed threats, and do so quickly, according to NSS: during the test period, Edge demonstrated a 99% zero-hour protection rate for malware, and blocked 6% more malware than Google Chrome, and 20% more than Firefox. “By the end of the seventh day of testing, Microsoft Edge was maintaining a 3.6% lead over Google Chrome and a 17.4% lead over Mozilla Firefox,” the report reads.
Edge took an average of less than 10 minutes to block any new SEM, during the NSS test, while in took Google Chrome 2.7 hours and Firefox 3.8 hours to do the same.
“Users who are able to identify social engineering attacks rely less on technology for protection against such attacks,” the NSS report concludes. “Technology will sometimes fail, but those users who can identify social engineering attacks will remain protected, regardless of the method used to attempt social engineering.”