Google recently released the schedule of its new approach in handling, or rather singling out, malicious websites from the genuine ones. For years, digital experts are on the mission to “look for the padlock” but that will have to change now.
Last July, the search giant has started to tell apart insecure URLs from those that are secure in its market-dominant Chrome and mark them unsafe. The aim? Encourage all website owners to adopt digital certificates and encrypt the traffic of all their pages. IT Security services experts are all singing praises to Google’s campaign, and their designed end-game.
As Google constantly changes how its Chrome browser flags malicious websites, it wouldn’t come as a surprise if other browsers start doing the same. We’ve rounded up what the Big Four—Chrome, Mozilla’s Firefox, Apple’s Safari, and Microsoft’s Edge are working on to keep up with the prevailing problem of malicious sites and security breaches.
At present, Apple’s browser has the traditional way of using the signage: It displays a small padlock icon in the address bar when a page is secured by a digital certificate, and the traffic between the Mac and site server is encrypted.
If no padlock can be found, that only means that the site does not encrypt traffic. The latest versions of the browser, however, take additional measures in certain circumstance. In the event that you happen to be in an insecure site, Safari prompts a warning in red texts in the address bar that displays as Not Secure and then changes to Website Not Secure. The website Not Secure warning also displays if the certificate is out-of-date or illegitimate. Malicious or insecure websites are those that are not locked down with a certificate and encryption, and attempts to ask you to enter your info into log-on fields or those programmed to require credit card numbers.
Chrome makes use of the typical padlock to mark HTTPs sites. Additionally, it also does not call out unencrypted traffic at first glance in the address bar. Chrome has tagged websites that detects passwords or credit card details over HTTP connections as “NOT secure” using text in the address bar. Chrome has been doing this since 2017. Since then, insecure websites are marked with texts that read Not Secure preceding the URL in the address bar. Shortly after, Chrome made use of the green Secure text from the address bar for the HTTPS pages and show the small padlock sign. This is a nod to a secured website. For those that are not, a small red triangle will appear along with the text Not Secure in the address bar.
Mozilla’s browser is almost getting to the same style as that of Chrome’s—tagging all sites sans encryption with a noticeable marker. Though at the moment, FireFox displays a padlock with a red strike-through line when the user reaches an HTTP page that has a username+password log-on combination. When you place the cursor in one of the fields, it adds a warning that reads This connection is not secure. Logins entered here could be compromised. Another version of FireFox uses the traditional green padlocks for secured websites, while regular HTTP pages are unmarked.
Edge shows a padlock icon in the address bar when the page is protected by a digital certificate, and also if there’s traffic between the Windows 10 PC and server is encrypted. If no padlock is indicated, the site does not encrypt traffic, relying on HTTP instead. In order to get the entire picture of it all, the user must click on the icon – an i with a circle – and read the text in the ensuing pop-up: “Your connection to this website isn’t encrypted. This makes it easier for someone to steal sensitive information like passwords.”