Windows Defender Browser Protection for Google Chrome first look

Martin Brinkmann
Apr 19, 2018
Updated • Apr 19, 2018
Google Chrome, Google Chrome extensions
|
20

Microsoft published the new security extension Windows Defender Browser Protection for Google Chrome yesterday which adds another link vetting mechanism to Chrome to protect users against phishing and other malicious types of sites.

Google Chrome protects users against malicious and deceptive sites already but Microsoft believes that its technology offers better protection against phishing attacks than Google's does.

The company cites a 2017 study by NSS Labs in which Microsoft Edge blocked 99% of all phishing attacks while Chrome and Firefox blocked only 87% and 70% of all attacks respectively.

Windows Defender Browser Protection

microsoft windows defender chrome

Microsoft published the extension for Google Chrome exclusively but it installs in other Chromium-based browsers as well albeit with some issues. In Vivaldi, for instance, it did not display the extension icon. The missing icon does not mean that the extension's checking of sites does not work, but that you can't interact with the icon directly.

Initial user reviews indicate, however, that the extension does not work on Chrome OS right now.

Windows Defender Browser Protection adds an icon to Chrome's main toolbar when it is installed. You can interact with the icon, but the only options that it provides is to enable or disable the protection, and to click on links to open the privacy statement, give feedback to Microsoft, or open "learn more" links.

The browser extension adds its capabilities to Chrome without interfering with the browser's built-in protection against deceptive sites which means, at least in theory, that the protection won't get worse after installing Microsoft's extension for Chrome. I don't really know what happens if Microsoft's extension and Google's built-in protection are triggered on the same page, though. My best guess is that Chrome's built-in functionality will kick in then but that remains to be tested.

Closing Words

Windows Defender Browser Protection brings the phishing protection that Microsoft uses for Edge to Google Chrome and therefore also to non-Windows systems. I'm not sure why Microsoft would bring one of the few advantages that Edge has over Google Chrome to the competing browser but the most likely explanation is that Microsoft gets additional data out of it that it will process, and that the collected data trumps giving up that advantage.

The extension has no privacy policy of its own which makes it impossible to tell which data Microsoft collects and how the company processes the data.

Now You: do you use extra security extensions in your browser?

Related articles

Summary
software image
Author Rating
1star1star1star1stargray
2.5 based on 11 votes
Software Name
Windows Defender Browser Protection
Software Category
Browser
Landing Page
Advertisement

Previous Post: «
Next Post: «

Comments

  1. chesscanoe said on March 21, 2019 at 12:01 pm
    Reply

    I deleted Windows Defender Browser Protection 1.6.5 and installed 1.6.5.1 manually on 2019-03-21. Running Windows [Version 10.0.17763.379] and Chrome Version 73.0.3683.86 (Official Build) beta (64-bit).

  2. Ben said on March 21, 2019 at 8:18 am
    Reply

    doesn’t do ANYTHING while Malwarebytes and Avast work ok

  3. Ian said on May 26, 2018 at 4:45 am
    Reply

    I wish that Microsoft would release the Windows Defender Browser Protection extension to Mozilla Firefox and to Opera.

  4. Kevin said on April 19, 2018 at 7:54 pm
    Reply

    I would be suspicious of this. When GWX/KB3035583 came out, the description of the update simply read that it “resolves issues in Windows”. But it did much more than that; undesirable things, like constantly bombard the user with pop-up nags to get Windows 10. Of note is that KB3035583 says absolutely nothing about Windows 10 in the name or description presented to the user before install. See for yourself.

    http://www.onlineconsultingservices.ca/assets/images/OCS_-_how_to_hide_Windows_10_KB3035583_nag_screen_update.jpg

    The above demonstrates that Microsoft are not above using Trojan-horse tactics to get what they want. As such, I will be suspicious of anything they produce from now on, especially if they claim to be trying to help or protect me.

    1. Mola Ram, CEO Microsoft said on April 20, 2018 at 3:08 am
      Reply

      They’ve been doing this and worse since they started. Most of you probably don’t remember the bad old days of Microsoft when it would sabotage competing software running on Windows to push it’s own shoddy standards (Internet Exploder, ActiveX, hotmail, etc) onto the internet. Mozilla and others had to sue Microsoft to get them to stop.

      Microsoft, Google, Apple, Amazon, Twitter, AT&T, Facebook, Cisco, Level 3, Verizon, Yahoo, McAfee are just some of the US tech companies engaging in espionage for the US government and for profit.

      1. Richard Allen said on April 20, 2018 at 6:37 pm
        Reply

        Just to be clear, It’s more than just US tech companies/government that are sitting at the buffet table. ;)
        “https://en.wikipedia.org/wiki/Five_Eyes#Other_international_cooperatives”

  5. Richard Allen said on April 19, 2018 at 6:15 pm
    Reply

    I’ve never felt the need to use extra security extensions in my browsers other than the two I currently use, uBO and No-Script Suite Lite. With most everyone I know I have at some point cleaned their systems and they all ended up having 300 to 1000+ malware objects, viruses, pups, and bs extensions. So, for some people having extra protection is a good thing and it’s needed. That said, Everyone I know I have enabled the safebrowsing function in their browser of choice but most importantly I have setup a content blocker for them, just a simple config with a few key subscription lists. Bada boom bada bing! No more phone calls! :)

    Safebrowsing in Chrome and Firefox can not be relied upon without some form of real-time protection, be it a content blocker and/or separate security software, like maybe the paid version of Malwarebytes or something similar. No one I know can stay infection free it they were only relying on their browsers safebrowsing function. Over the years I have too often read about websites delivering malicious ads, for days, and “safebrowsing” was ineffective.

  6. John Doe 101 said on April 19, 2018 at 5:39 pm
    Reply

    Hi,..

    Chromium based Browsers allow an Addon called Policy Control, it let’s you on/off decide, what is to do,like Location/Javascript and many other Options.

    So that Addon is a good way to go to Security and Privacy + uBlock Origin on a Sitebasedrule.

  7. chesscanoe said on April 19, 2018 at 4:22 pm
    Reply

    I run the paid Avast Internet Security on Windows 10 x64 Home 1709, and it optionally installs an Avast Chrome security extension which i initially refused, but at a later time accepted. I subsequently noted Ublock got an error as indicated by a Chrome taskbar warning icon and no show of Chrome’s vertical ellipsis ( 3 vertical dots). I disabled Ublock to fix, but have not had time to investigate further.

    1. Richard Allen said on April 19, 2018 at 6:38 pm
      Reply

      You’re freaking my out!

      You disabled uBlock Origin for an anti-virus browser extension? LoL, sorry. What was the error in the browser console? Control+Shift+J will open the console in Windows. Were you blocking CSP reports with uBO?

      I’ve personally never used a paid anti-virus program or a browsers safebrowsing function. Fact is, I’ve been using the all powerful (sarcasm) MSE since Win7 was released and I haven’t seen a single malware object for over 10 yrs, that was back in my Win XP days and that was probably before I started using ABP in FFv3.

  8. Anonymous said on April 19, 2018 at 3:57 pm
    Reply

    This was one of the few things Edge did better than other browsers. When a touch-friendly UI is shipped with Chrome in the future at that point it doesn’t seem like there would be that many reasons left to use Edge. Will Microsoft just leave the browser on the back-burner like other pet projects such as Groove Music?

    If the answer is “yes” then it would be a beneficial since that would mean more resources being devoted to other parts of the OS, something many users would agree with.

    This is important since Microsoft has recently been pushing its engineers from other built-in apps to work on Edge exclusively, something very few people actually want.

  9. basicuser said on April 19, 2018 at 3:15 pm
    Reply

    I use 13 security add-ons in Pale Moon in addition to several system wide filters. While the article is interesting it would more informative to know the percentage of sites falsly blocked.

  10. Pierre said on April 19, 2018 at 3:14 pm
    Reply

    Caution !
    I broke my Opera dev (54) trying to install this extension
    Or more exactly I broke the extension “install Chrome extensions” needed to install extension from Chrome store : the icon is grey (impossible to uninstal)
    and the list of extensions is empty (blank)
    The only way to fix it : uninstall entirely Opera dev
    I don’t dare to install it elsewhere
    You should not recomend it

  11. Dwight Stegall said on April 19, 2018 at 1:53 pm
    Reply

    Works in Iron Browser for Windows too https://www.srware.net/

  12. Jessica said on April 19, 2018 at 1:49 pm
    Reply

    Hopefully they’ll put out a Firefox extension soon! (should be painless with the WebExtensions API) :)

  13. Salty Labs said on April 19, 2018 at 11:59 am
    Reply

    “The company cites a 2017 study by NSS Labs in which Microsoft Edge blocked 99% of all phishing attacks while Chrome and Firefox blocked only 87% and 70% of all attacks respectively”

    NSS Labs is doing for a long time now Microsoft sponsored studies, basically take this 2017 Biased study with a truckload of salt, to say the least.

    Google NSS Labs & Microsoft or more specific for the arstechnica’s post from 2009 with the tittle:

    “Microsoft-sponsored reports find IE8 most secure browser (Updated)”
    Microsoft has sponsored two reports by NSS Labs that test web browser security

  14. Sebas said on April 19, 2018 at 9:52 am
    Reply

    Have installed it, and disabled Google safebrowsing for the moment. Enabled strict site isolation.

    The Malwarebytes for Chrome extension is another alternative. Google Chrome seems a bit snappier with MS smartscreen, what this extension is all about, although I can not prove that. It does have has a good reputation, so I for one am interested to try it out.

    Platform: Windows 7 64 bit. MS is already collecting a lot of data on Windows 7, even with Application Experience and the like disabled in Task Scheduler, so will not make much difference for me.

    Martin, I am still waiting on your mail giving an IBAN to donate either money or Albert Heijns cereals:-)

  15. CLM said on April 19, 2018 at 9:09 am
    Reply

    Yeah i did read the article more than once, however i cannot really find an answer to my question!

    How do you delete the unique ID? Is it possible! (about your last comment in the article above!)
    And Is there a way to disable calling home function that is clearly posted on their privacy policy page?

    Just wondering cause there is no hits on it on start page or DDG…!

    Also no need to install vivadi browser on you system,

    *create a folder called Vivadi and create another folder called Vivadi 1.14 (it doesn’t need to be the same folders names)

    *get the exe and extract it with 7zip or winrar, to the folder Vivadi 1.14,

    *create a file called stp.viv and and copy it next to the exe launcher! inside Vivadi 1.14,

    The first time you start the browser it will create a User Data folder inside the Vivadi folder,

    Note even though there is no installation or register modifications, the browser does create a folder called Vivavdi in your local data and it keeps crash reports in it, you can change the seniority to limit its access!

  16. CLM said on April 19, 2018 at 8:26 am
    Reply

    Sorry but MS is playing a desperate game, and cannot be trusted! (just another way to get your browser data!)

    Martin
    i have a question regards Vivaldi on you article “Vivaldi browser and privacy” you mentioned ….”It is easy enough to delete the ID though”

    How do you disable calling home completely on that browser, no hits on the subject anywhere?

    1. Martin Brinkmann said on April 19, 2018 at 8:42 am
      Reply

      Vivaldi assigns the ID to the installation profile. So, if you install Vivaldi anew, a new ID is generated and used. Note that I have not verified this but Vivaldi’s privacy policy suggests that this is the case.

      Here is a link to the article: https://www.ghacks.net/2018/01/30/vivaldi-browser-privacy/

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.