Edge – Chrome download – Malware! Say what?
I happened upon an article reference posted by a fellow MVP on Facebook a few days ago that gave me pause to stop and think a bit. Indeed, he announced the article as a Conversation Starter. The article itself, “Stop Using Microsoft Edge To Download Chrome -- Unless You Want Malware”. WOAH! Hold the phone here a minute, you’re telling me that Edge is going to give me malware if I ask it to download Chrome? Sorry, that does not compute, maybe you should explain that.
As it turns out, it’s not so much Edge, but Bing on the firing line. In the article, searching for a Chrome download using Edge and Bing resulted in a link to a phishing site, GoogleOnline2018.com. The article goes on to explain that other browsers also came up with this link when using Bing, but Edge was the only one that would allow you to visit the link without putting up a big red This is a phishing site page first, like both Chrome and Firefox did. So, we have two problems here. The first is that Bing allowed a phishing site to show up in search results and the second is that Edge didn’t recognize this site as such and warn users about it.
So, what to make of all this? Well, first of all, hijacking a search engine is absolutely NOTHING NEW. I’ve personally seen it happen with all browsers and all search engines – someone comes up with a new scam, some users don’t look closely enough, click the link, and get burned, others notice the problem and report it, the search engine folks then ban the site and put in controls to prevent it from coming back…and the process repeats, over and over again with new scam methodologies. This sort of thing is not going away any time soon and the onus is on the person clicking the mouse. I’ve personally not found Bing to be any better or worse at this than Google or Yahoo, for example.
Then we have Edge and its failure to report the site as unsafe. Is this systemic or just bad timing? As a test, I decided to click a known bad link in a scam email I received a few weeks ago, purportedly from the Navy Federal Credit Union, insisting my credentials are out of date and my account will be suspended until I update my Information…mind you, I DO NOT have any form of account with them. So, I go ahead and click the link with Edge as my default browser and this is what I get:
This is the very same warning page the article author complained did NOT come up for him using Edge, so, the answer appears to be bad timing. Edge will show this page, just like Chrome and Firefox, as soon as the Edge /IE smart filter has the dubious site in its database.
The long and short of the issue is regardless of which browser and search engine you use, you still need to make use of the grey stuff between your ears. Automatic filters and malicious site detection methods have gotten substantially better and continue to improve, but there will ALWAYS be a lag between the creation of bad stuff and its detection/elimination by search engines and browser filters, so you MUST think before you click. ALL browsers will show you the full URL of any hyperlink you park your mouse cursor over, make it a habit to check this. If the hyperlink says Google, but your browser says the destination is really http://stealyourstuff.ru, by golly, it might be best to NOT go there and to report it instead.
That’s it for today, be sure to check back next week for more good info and remember, take a minute to think before you click that link.