🅭

Most of alternate web browsers don’t have fraud and malware protection

There are a lot of web browsers to choose from; each one with all sorts of unique and interesting features! Before falling in love with a new web browser, you should be aware that many web browsers don’t come with fraud/phishing and malware protection services. You should seriously reconsider your choice if you’ve fallen for one of the browsers that have taken a relaxed approach to keep you safe on the web.

According to the Safe Browsing Transparency Report from Google, there are a whopping 1.1 million unsafe websites identified as either spreading malware or trying to extract passwords and personal information (“phishing.”) 64 million people run into these websites and are warned about their malicious nature by the Google Safe Browsing service every week!

Whether you identify as a computing novice or a very advanced user, we all need some help to stay safe with these numbers!

All the most popular web browsers – Firefox, Google Chrome, Safari, Microsoft Edge — all come with built-in fraud and malware protection. These protection methods work by either periodically downloading lists of bad addresses, or checking every address their user visits against an online service. If a match is found, the browser will present the user with a big and usually aggressively red warning page. Many of the lesser-known web browsers don’t include any such blocklists or online services.

Some of the alternate browsers that don’t come with any built-in protection include the Internet Explorer shell (sometimes called Trident shell) type browsers like Avant Browser, BriskBard, and Maxthon, as well as Chromium and WebKit based browsers like GNOME Web, PlayStation 4 Browser, Sleipnir, Midori, QupZilla, and Konqueror.

Some of the alternative browsers do come with fraud and malware protection built-in, such as Brave, Opera, Vivaldi, and Yandex.Browser. Opera and Vivaldi use the Google Safe Browsing service just like Firefox, Google Chrome, and Safari. Yandex.Browser uses its own Yandex Protect service, but there isn’t a lot of published information about the service. Brave uses data from Spam404 and Disconnect.me.

In my own very limited testing, Yandex Protect seems to source the same data sources as Google Safe Browsing, but is slower to update and offer an equivalent level of protection. However, you’d have to be very brave to use Brave browser. Whereas Google Safe Browsing will block 1.1 million unsafe websites, Brave’s system is only aware of some 0,0073 million (7300) websites.

It’s interesting to see that none of the Internet Explorer shells use the Microsoft SmartScreen Filter service that comes built-in to Internet Explorer. From my quick investigation, there doesn’t seem to be an official API for enabling the service programmatically. The service can still be enabled by toggling the user preference for their instance of Trident. I’ve found no details online nor in the Windows Terms of Service about whether Microsoft grants usage rights to third-party browsers to turn on their SmartScreen Filtering Service by default.

All of these browsers (including the ones built on Internet Explorer) could implement the Google Safe Browsing service, PhishTank, or a handful of other services free of charge. The APIs and terms of service for these services are fairly straightforward. It would seem like the biggest barrier to adoption is that they don’t consider it a priority to help protect their customers from malware and fraudulent websites. That lack of commitment to keeping their customers safe doesn’t bode well for the level of attention to other security measures.

The Tor Browser, based on the Firefox browser, offers an option for using built-in phishing protection from the Google Safe Browsing service. This option is enabled by default in Firefox but disabled by default in the Tor Browser. The option was disabled in the Tor Browser some 11 months ago pending a full audit of the implementation.

Google Safe Browsing and PhishTank can be used as an online service, or by periodically downloading lists of known fraudulent websites that addresses that users try to visit can be checked against. The latter is better for privacy and performance as it doesn’t transmit any information about which websites users visits to the service provider.

What consumers can do to protect themselves

If you’ve fallen in love with one of the many lesser-known alternative web browsers out there, then you should learn about their commitment to security. You should install an anti-virus and malware protection program on your system, as you don’t necessarily have the same level of built-in security measurements as users of more popular web browsers enjoy.

You can use a protection service like OpenDNS that offer some level of protection against phishing and malware. OpenDNS offers network-level protection, but it wouldn’t be as granular nor effective as software-based protection. However, it’s thousands and thousands of times better than having no protection at all.

Software advertised with phishing and malware protection capabilities that are external to the browser (such as some anti-virus software) wouldn’t necessarily keep you protected. These programs don’t have access to what is going on in the browser when you’re communicating over encrypted channels (HTTPS) nor do they see unencrypted traffic at an early enough stage to fully keep you out of harm’s way.

If your newfound love for alternative browsers has fallen on a browser which is based on one of the existing browsers, it may support extensions developed for its ancestor. After looking into the Netcraft toolbar, I probably wouldn’t recommend relying on an extension based phishing protection service alone without a thorough investigation of its capabilities.

Feeling overwhelmed and unsure of what to do? Firefox, Google Chrome, Internet Explorer, Microsoft Edge, Opera, Safari, and Vivaldi are some good options that all come with malware and phishing protection built-in. You can consider switching to one of these browsers.