Microsoft is heavily pushing their Windows 10-exclusive browser, Edge. Ads built into Windows 10 are now claiming that Edge is “safer” than Chrome and Firefox. How did Microsoft determine that, and is it really true?
Microsoft’s claim is based on a report by NSS Labs, a business that sells threat intelligence and risk mitigation guidance to companies. The report tested 304 examples of Socially Engineered Malware (SEM) and phishing pages. They found that SmartScreen, a security feature in Edge, blocked 99% of the SEM samples. Chrome blocked 85.8%, and Firefox blocked 78.3%.
SmartScreen Is Just Part of the Picture
To understand what this means, you need to understand how SmartScreen works. Microsoft SmartScreen was first introduced in Internet Explorer 7 as “Phishing Filter,” and has been improved upon in each release since. Chrome and Firefox have similar warnings, but nothing quite like the bright red pages in Edge. These features check web pages and applications against lists of known good and bad items. So NSS Labs’ test essentially found that when it comes to malware and phishing pages, Microsoft has better lists.
But SmartScreen is only one part of a browser’s security. While tools like SmartScreen are helpful, they should hardly be your only line of defense. You should still be using a good antivirus program in conjunction with something like MalwareBytes to protect yourself if something slips through, or if something comes from another attack vector. Those programs often come with their own blockers, too, as shown below.
So yes, Edge may “block 21% more Socially Engineered Malware,” but that doesn’t mean it’s 21% more secure, or that security is even quantifiable. There’s a lot more going on in modern web browsers to keep you safe.
The Other Security Features That Matter
With that in mind, let’s talk about some of the other security features you’ll find in modern browsers, and how Edge stacks up to Chrome and Firefox.
Microsoft Edge and Google Chrome have both fully implemented sandboxing tech. Sandboxes break up each component of the browser—tabs, windows, and plugins, for example—into individual processes. These processes are prohibited from interacting with each other or with outside processes, making it much more difficult for malicious code to spread across your computer.
Splitting a browser into several processes can also improve performance with modern multi-core processors, though it comes at the expense of higher RAM usage.
Firefox, on the other hand, launched in 2004, when the concept of sandboxing was very new. Right now, it only sandboxes media plugins, but Mozilla is working on Electrolysis, a project to make Firefox multi-process and sandbox the browser. Unlike Internet Explorer, though, which was able to introduce sandboxing in version 10, Firefox had to worry about maintaining compatibility with almost 13 years of extensions, which is why this transition has been so slow.
So when it comes to sandboxing, Edge definitely has an edge (pun intended) over Firefox, but it’s on pretty level ground with Chrome.
Ever wonder why your browser updates so often? Developers are constantly patching to fix security flaws. Of course, only users who install the updates are protected. Automatic updates help ensure that most people run current, protected versions of the web browser.
Google Chrome is the poster child for automatic software updates. They are installed quickly and quietly when users close the web browser. Firefox introduced a similar silent updates feature in 2012.
Microsoft Edge updates automatically as well, although those patches are delivered through Windows Update. (This is one of the big reasons you shouldn’t turn off automatic Windows updates.) There’s one downside to Edge’s approach, though: Windows updates generally come at a slower rate than Chrome or Firefox’s browser-only updates, and you must restart your computer for Edge’s updates to take effect. Microsoft has said that in the future, they will start delivering some Edge updates through the Windows Store, which will help ensure Edge users stay up to date.
All three major web browsers feature some sort of privacy mode (InPrivate on Edge, Incognito on Chrome, and Private Browsing on Firefox). When the privacy window is closed, all history, cookies, and cached data is removed, leaving nothing behind on your computer. However, this doesn’t prevent websites or advertisers from tracking you.
Firefox has a clearer advantage in this area. In 2015, Firefox introduced Tracking Protection, which removes known tracking elements from pages visited in Private Browsing.
In addition, the Tor Browser is based on Firefox’s source code, and adds new privacy and security features to help protect the anonymity of its users. Because it uses the same code base, it’s possible to port changes back from TOR to Firefox. Called the “uplift” program, the two teams started working closely together in 2016. First Party Isolation is the first anti-tracking feature brought from Tor to Firefox, with more in the pipeline.
It’s also worth noting that unlike Google and Microsoft, Firefox does not make money from tracking users or selling targeted ads. The larger companies are incentivized not to improve your privacy.
The Bottom Line
Right now, Google Chrome and Microsoft Edge have very similar security features. The claim that Edge is “safer” than Chrome merely comes from the fact that Microsoft keeps a better list of bad websites than Chrome does, though if you’re protecting yourself well with antivirus and anti-malware software, you should be pretty safe.
Mozilla Firefox is behind the other two large browsers, but is on track to catch up in 2017. It is, however, currently better at protecting your privacy, so at least it has its own advantages.