Windows Defender Browser Protection for Google Chrome first look
Microsoft published the new security extension Windows Defender Browser Protection for Google Chrome yesterday which adds another link vetting mechanism to Chrome to protect users against phishing and other malicious types of sites.
Google Chrome protects users against malicious and deceptive sites already but Microsoft believes that its technology offers better protection against phishing attacks than Google's does.
The company cites a 2017 study by NSS Labs in which Microsoft Edge blocked 99% of all phishing attacks while Chrome and Firefox blocked only 87% and 70% of all attacks respectively.
Windows Defender Browser Protection
Microsoft published the extension for Google Chrome exclusively but it installs in other Chromium-based browsers as well albeit with some issues. In Vivaldi, for instance, it did not display the extension icon. The missing icon does not mean that the extension's checking of sites does not work, but that you can't interact with the icon directly.
Initial user reviews indicate, however, that the extension does not work on Chrome OS right now.
Windows Defender Browser Protection adds an icon to Chrome's main toolbar when it is installed. You can interact with the icon, but the only options that it provides is to enable or disable the protection, and to click on links to open the privacy statement, give feedback to Microsoft, or open "learn more" links.
The browser extension adds its capabilities to Chrome without interfering with the browser's built-in protection against deceptive sites which means, at least in theory, that the protection won't get worse after installing Microsoft's extension for Chrome. I don't really know what happens if Microsoft's extension and Google's built-in protection are triggered on the same page, though. My best guess is that Chrome's built-in functionality will kick in then but that remains to be tested.
Closing Words
Windows Defender Browser Protection brings the phishing protection that Microsoft uses for Edge to Google Chrome and therefore also to non-Windows systems. I'm not sure why Microsoft would bring one of the few advantages that Edge has over Google Chrome to the competing browser but the most likely explanation is that Microsoft gets additional data out of it that it will process, and that the collected data trumps giving up that advantage.
The extension has no privacy policy of its own which makes it impossible to tell which data Microsoft collects and how the company processes the data.
Now You: do you use extra security extensions in your browser?
Related articles
- Configure Windows Defender Exploit protection in Windows 10
- Configure Windows Defender Network protection in Windows 10
- Set Windows Defender Antivirus blocking to high on Windows 10
- Windows Defender Antivirus: Controlled Folder Access
- Windows Defender ATP support in Windows 7 and 8.1
I deleted Windows Defender Browser Protection 1.6.5 and installed 1.6.5.1 manually on 2019-03-21. Running Windows [Version 10.0.17763.379] and Chrome Version 73.0.3683.86 (Official Build) beta (64-bit).
doesn’t do ANYTHING while Malwarebytes and Avast work ok
I wish that Microsoft would release the Windows Defender Browser Protection extension to Mozilla Firefox and to Opera.
I would be suspicious of this. When GWX/KB3035583 came out, the description of the update simply read that it “resolves issues in Windows”. But it did much more than that; undesirable things, like constantly bombard the user with pop-up nags to get Windows 10. Of note is that KB3035583 says absolutely nothing about Windows 10 in the name or description presented to the user before install. See for yourself.
http://www.onlineconsultingservices.ca/assets/images/OCS_-_how_to_hide_Windows_10_KB3035583_nag_screen_update.jpg
The above demonstrates that Microsoft are not above using Trojan-horse tactics to get what they want. As such, I will be suspicious of anything they produce from now on, especially if they claim to be trying to help or protect me.
They’ve been doing this and worse since they started. Most of you probably don’t remember the bad old days of Microsoft when it would sabotage competing software running on Windows to push it’s own shoddy standards (Internet Exploder, ActiveX, hotmail, etc) onto the internet. Mozilla and others had to sue Microsoft to get them to stop.
Microsoft, Google, Apple, Amazon, Twitter, AT&T, Facebook, Cisco, Level 3, Verizon, Yahoo, McAfee are just some of the US tech companies engaging in espionage for the US government and for profit.
Just to be clear, It’s more than just US tech companies/government that are sitting at the buffet table. ;)
“https://en.wikipedia.org/wiki/Five_Eyes#Other_international_cooperatives”
I’ve never felt the need to use extra security extensions in my browsers other than the two I currently use, uBO and No-Script Suite Lite. With most everyone I know I have at some point cleaned their systems and they all ended up having 300 to 1000+ malware objects, viruses, pups, and bs extensions. So, for some people having extra protection is a good thing and it’s needed. That said, Everyone I know I have enabled the safebrowsing function in their browser of choice but most importantly I have setup a content blocker for them, just a simple config with a few key subscription lists. Bada boom bada bing! No more phone calls! :)
Safebrowsing in Chrome and Firefox can not be relied upon without some form of real-time protection, be it a content blocker and/or separate security software, like maybe the paid version of Malwarebytes or something similar. No one I know can stay infection free it they were only relying on their browsers safebrowsing function. Over the years I have too often read about websites delivering malicious ads, for days, and “safebrowsing” was ineffective.
Hi,..
Chromium based Browsers allow an Addon called Policy Control, it let’s you on/off decide, what is to do,like Location/Javascript and many other Options.
So that Addon is a good way to go to Security and Privacy + uBlock Origin on a Sitebasedrule.
I run the paid Avast Internet Security on Windows 10 x64 Home 1709, and it optionally installs an Avast Chrome security extension which i initially refused, but at a later time accepted. I subsequently noted Ublock got an error as indicated by a Chrome taskbar warning icon and no show of Chrome’s vertical ellipsis ( 3 vertical dots). I disabled Ublock to fix, but have not had time to investigate further.
You’re freaking my out!
You disabled uBlock Origin for an anti-virus browser extension? LoL, sorry. What was the error in the browser console? Control+Shift+J will open the console in Windows. Were you blocking CSP reports with uBO?
I’ve personally never used a paid anti-virus program or a browsers safebrowsing function. Fact is, I’ve been using the all powerful (sarcasm) MSE since Win7 was released and I haven’t seen a single malware object for over 10 yrs, that was back in my Win XP days and that was probably before I started using ABP in FFv3.
This was one of the few things Edge did better than other browsers. When a touch-friendly UI is shipped with Chrome in the future at that point it doesn’t seem like there would be that many reasons left to use Edge. Will Microsoft just leave the browser on the back-burner like other pet projects such as Groove Music?
If the answer is “yes” then it would be a beneficial since that would mean more resources being devoted to other parts of the OS, something many users would agree with.
This is important since Microsoft has recently been pushing its engineers from other built-in apps to work on Edge exclusively, something very few people actually want.
I use 13 security add-ons in Pale Moon in addition to several system wide filters. While the article is interesting it would more informative to know the percentage of sites falsly blocked.
Caution !
I broke my Opera dev (54) trying to install this extension
Or more exactly I broke the extension “install Chrome extensions” needed to install extension from Chrome store : the icon is grey (impossible to uninstal)
and the list of extensions is empty (blank)
The only way to fix it : uninstall entirely Opera dev
I don’t dare to install it elsewhere
You should not recomend it
Works in Iron Browser for Windows too https://www.srware.net/
Hopefully they’ll put out a Firefox extension soon! (should be painless with the WebExtensions API) :)
“The company cites a 2017 study by NSS Labs in which Microsoft Edge blocked 99% of all phishing attacks while Chrome and Firefox blocked only 87% and 70% of all attacks respectively”
NSS Labs is doing for a long time now Microsoft sponsored studies, basically take this 2017 Biased study with a truckload of salt, to say the least.
Google NSS Labs & Microsoft or more specific for the arstechnica’s post from 2009 with the tittle:
“Microsoft-sponsored reports find IE8 most secure browser (Updated)”
Microsoft has sponsored two reports by NSS Labs that test web browser security
Have installed it, and disabled Google safebrowsing for the moment. Enabled strict site isolation.
The Malwarebytes for Chrome extension is another alternative. Google Chrome seems a bit snappier with MS smartscreen, what this extension is all about, although I can not prove that. It does have has a good reputation, so I for one am interested to try it out.
Platform: Windows 7 64 bit. MS is already collecting a lot of data on Windows 7, even with Application Experience and the like disabled in Task Scheduler, so will not make much difference for me.
Martin, I am still waiting on your mail giving an IBAN to donate either money or Albert Heijns cereals:-)
Yeah i did read the article more than once, however i cannot really find an answer to my question!
How do you delete the unique ID? Is it possible! (about your last comment in the article above!)
And Is there a way to disable calling home function that is clearly posted on their privacy policy page?
Just wondering cause there is no hits on it on start page or DDG…!
Also no need to install vivadi browser on you system,
*create a folder called Vivadi and create another folder called Vivadi 1.14 (it doesn’t need to be the same folders names)
*get the exe and extract it with 7zip or winrar, to the folder Vivadi 1.14,
*create a file called stp.viv and and copy it next to the exe launcher! inside Vivadi 1.14,
The first time you start the browser it will create a User Data folder inside the Vivadi folder,
Note even though there is no installation or register modifications, the browser does create a folder called Vivavdi in your local data and it keeps crash reports in it, you can change the seniority to limit its access!
Sorry but MS is playing a desperate game, and cannot be trusted! (just another way to get your browser data!)
Martin
i have a question regards Vivaldi on you article “Vivaldi browser and privacy” you mentioned ….”It is easy enough to delete the ID though”
How do you disable calling home completely on that browser, no hits on the subject anywhere?
Vivaldi assigns the ID to the installation profile. So, if you install Vivaldi anew, a new ID is generated and used. Note that I have not verified this but Vivaldi’s privacy policy suggests that this is the case.
Here is a link to the article: https://www.ghacks.net/2018/01/30/vivaldi-browser-privacy/