Socially engineered malware (SEM) is among the most prominent and impactful security threats facing users today. SEM uses a dynamic combination of social media, hijacked email accounts, false notification of computer problems, and other deceptions to encourage users to download malware.

To protect against malware, leading browser vendors provide cloud-based reputation services, which scour the Internet for malicious websites and then categorize content accordingly, either by adding it to blacklists or whitelists, or by assigning it a score. A web browser requests reputation information about a specific URL, and if results indicate that the website is “bad,” the browser redirects the user to a warning message explaining that the URL is malicious. If a website is determined to be “good,” the browser takes no action and the user remains unaware that a security check was just performed.

To evaluate a browser’s effectiveness in protecting against SEM, NSS’ testing focused on block rates, consistency of protection, and early protection against new threats.

The following products were evaluated:

• Google Chrome: Version 60.0.3112.113
• Microsoft Edge: Version 40.15063.0.0
• Microsoft Internet Explorer: Version 11.483.15063.0
• Mozilla Firefox: Version 55.0.3

NSS clients can also download the Web Browser Security Comparative Report on Protection Against Phishing. As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.