Slashdot Mirror
Microsoft Ports Edge Anti-Phishing Technology To Google Chrome (bleepingcomputer.com)
An anonymous reader writes: Microsoft has released a Chrome extension named "Windows Defender Browser Protection" that ports Windows Defender's -- and inherently Edge's -- anti-phishing technology to Google Chrome. The extension works by showing bright red-colored pages whenever users are tricked into accessing malicious links. The warnings are eerily similar to the ones that Chrome natively shows via the Safe Browsing API, but are powered by Microsoft's database of malicious links —also known as the SmartScreen API.
Chrome users should be genuinely happy that they can now use both APIs for detecting phishing and malware-hosting URLs. The SmartScreen API isn't as known as Google's more famous Safe Browsing API, but works in the same way, and possibly even better. An NSS Labs benchmark revealed that Edge (with its SmartScreen API) caught 99 percent of all phishing URLs thrown at it during a test last year, while Chrome only detected 87 percent of the malicious links users accessed.
Chrome users should be genuinely happy that they can now use both APIs for detecting phishing and malware-hosting URLs. The SmartScreen API isn't as known as Google's more famous Safe Browsing API, but works in the same way, and possibly even better. An NSS Labs benchmark revealed that Edge (with its SmartScreen API) caught 99 percent of all phishing URLs thrown at it during a test last year, while Chrome only detected 87 percent of the malicious links users accessed.
bright red is the traditional colour for danger and stop.
Is there any point in installing this extension on a mac?
They just want your browsing history and other data in exchange for their awful product. No thanks!
I bet APK will claim this effort by Microsoft is unnecessary and that a custom hosts file is all anyone needs to protect themselves. It's really quite pathetic how he pretends his hosts file engine is the cure to just about any type of maliciously behavior online. I dread the thought of the performance loss associated with thousands upon thousands of lines in my hosts file. No thanks! I'll use Microsoft's phishing protection any day over APK's rubbish!
To me it just seems that Microsoft realised that they are losing battle with Chrome and that stops them from freely harvesting browsing data so they decided to smuggle their piece of code into Chrome so that they can start spying again under a false pretext of security.
Though I commend their effort to improve Chrome's phishing protection, this may also be used to track users' browsing habits and show better "interest-based ads," as vaguely hinted at in the extension's privacy policy.
Thanks but no thanks.
APK sure doesn't like any criticism of his hosts file engine or the suggestion that hosts files aren't the solution to all malware and other malice. He'll probably do some name calling, particularly the absurd 'anonymous "ne'er-do-well' comment that he loves to trot out. It's really quite pathetic. I bet he got beat up in school for calling the other kids "ne'er-do-wells" and thought he was cool for it. LOL!
Because Windows users have become inured to the color blue.
Aw. :-( Here, let me fix that for you! :-)
Because Tacos taste have become baked to the taste lettuce.
There, fixed! :-) No need to thank me! :-)
Comment removed based on user account deletion
For Andorians, blue means danger.
#DeleteFacebook
MS has released a custom version of Linux, ported Ubuntu, Debian, and Kali Linux to Windows 10, ported .NET to Linux and MacOSX (not mono), and added Linux support to Visual C++ Roselyn compiler,
Now they are working on helping competing browsers.
What's going on?
Calling this a “port” of Windows Defender's “anti-phishing technology” is an extreme exaggeration, I suspect. Weighing in at only 295KiB total, this Chrome extension is apparently little more than a keyhole portal interface from the Chrome browser to the underling Windows Defender installed on your system platform.
So for those not running Chrome atop Windoze (like on Linux or MacOS or such), I suspect this Chrome Extension is merely a 295KiB no-op / placebo / bloatware.
I imagine the author of the Bleeping Computer® article (Catalin Cimpanu) may have been spoon-fed some verbiage from Microsoft in an undisclosed, backchannel press release of some sort. Sadly, this makes him look a bit like a breathless, sycophantic shill for The Big Blue Borg. *smirk*
I challenge anyone installing this extension on a non-Windows platform to demonstrate even a single URL that:
a) Windows Defender blocks on a Windoze box, but which...
b) Chrome's native built-in malware prevention tool (once enabled) does not catch on a non-Windoze box, but that...
c) Chrome on a non-Windoze box w/ this “Windows Defender Browser Protection” extension enabled does catch.
I venture that such an instance does not exist, unless this extension somehow leverages Microsoft's database of hinky URLs w/o using a locally underlying Windows Defender installation. In that case, I conjecture it could only do so by phoning home to Microsoft to check the URL against a remote on-line database... but that would then raise a massive privacy tsunami about remotely communicating what URLs you're visiting to some dark-site server somewhere in Redmond, WA. If so, let the tin-foil hat parade commence.
Or am I just being overly skeptical?
Error: NSE - No Signature Error
Chrome users should be genuinely happy that they can now use both
LMFAO, so preemptively defensive.
An NSS Labs benchmark revealed that Edge (with its SmartScreen API) caught 99 percent of all phishing URLs thrown at it during a test last year, while Chrome only detected 87 percent of the malicious links users accessed.
You will have to forgive me if I consider this a worthless statistic... you know microsoft have a history if "beating everyone else" in their own hand crafted benchmarks only to be utter shit in reality (especially when talking about browsers).
Their software is the buggiest, least configurable, non-standards compliant out there.
Why would anyone in their right mind attach a Microsoft extension to a non-Microsoft browser?
That plugin has every ounce of telemetry they could squeeze into it.
They couldn't gather telemetry from Chrome without giving users a good reason (SECURITY!) to install a plugin.
The SmartScreen API isn't as known as Google's more famous Safe Browsing API
This. Microsoft is extending something to chrome that chrome arguably never needed. its appearance and function is completely foreign to most chrome users. At best, this is another clumsy Microsoft attempt to speed past the ballmer dynasty similar to their Linux subsystem for Windows. At worst, this is Microsoft pissing in Googles Cheerios and pushing browser war brinkmanship.
Good people go to bed earlier.
The NSS Labs failed to mention the problem Windows Defender had with allowing machines to be taken over. But sure, it'll make all machines more secure, right?
Crazy Americans. Real tacos don't have lettuce.
For Windows users ÃPK Hosts File Engine 10++ SR-1 32/64-bit https://www.google.com/search?source=hp&ei=ZYrPWpW_H-ykggel7JLwBg&btnG=Search&q=APK+site%3Astart64.com/
Ads/script/malware rob speed/security/privacy/bandwidth.
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivir + less security bugs/complexity & faster vs. av/addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirect (99++% of ISP DNS != patched vs. it) + DNS tracking & lighten DNS load & resolve faster via local RAM!
* Viâ what u NATIVELY have in a FASTER kernelmode IP stack (does more w/ less).
APK
P.S. - ... & as I vector thru "CyberSpace", it puts my GHOST in the machine w/ ~30 programs I've done since 1996 online... apk
Just say no to anything Microsoft wants to install in your browser. I can only imagine installing this extension and then in a few months see prompts in Chrome asking me to try Edge because its safer.
So now they're checking other browsers for what sites you visit.
The extension works by showing bright red-colored pages whenever users are tricked into accessing malicious links
Happens all the time for me. Google some Excel problem, find a link that sounds like the right thing, and even points to a microsoft.com domain...
Click it, and end up with an ad for Surface, Windows 10 or Edge.
But I really don't think the add-on would catch even a single one of them.
APK if that was making you look good just how awful are you on a regular day. Every time you say someone or something made you look good it is after you lost an argument and then decided to spaz out. Small children are able to construct arguments better than you as well as being able to write a more cogent sentence. Yet every time someone someone points out your deficiencies and predicts your response you will then go and confirm every bad thing every thing they said about you.
Dumbshit, your security guide isn't worth the electrons used to transmit it. All you did was take an existing good guide that tells people how to secure their system and put it in your own words. The CIS benchmarks tell people exactly how meet said benchmark, so what did you do there that didn't already exist? The answer is nothing, so maybe you should stop pretending that your efforts on that were worth anything or even relevant.
You didn't get paid, you submitted an article in an attempt to win a meager prize from dodgy pay website likely run by people as dumb as you. I guess you are going for quantity instead of quality here. Convenient that one would have to pay to examine your work there, you must be so pleased that no one can see it.
Face it APK your work is useless and your touted accomplishments are on par with the various statements about the amazing feats of of the leaders of North Korea. You proclaim your own greatness by saying absurd things to try and cover up for the fact that you are a small weak insecure individual who hasn't actually done anything notable.
We understand that you don't like it when people bring up the truth about you. You always get angry and confirm everything you are trying to deny, while making your self look foolish and making ever grander claims that are easily refuted. Finally you start calling people names because you believe that ensures your will win the argument. Maybe you can list more of your accomplishments that amount to nothing so we can all bask in the failure that is APK.
You tried to put words in my mouth I never stated, just like BarbaraHudson & like "it", you LOSE https://slashdot.org/comments.pl?sid=5714547&cid=47947205/ loser.
(Please - make me laugh some MORE @ you & show us WHERE I SAY "hosts do it all/cure all"? You can't, loser! I never did that & actually PROVED I go for & DO layered security... & My guide goes way, Way, WAY beyond CIS TOOL too)
* No wonder you "hide" behind UNIDENTIFIABLE anonymous posts - I'd strongly wager I've HANDED YOU YOUR ASS so many times, you have to hide from that fact too!
APK
P.S.=> Newsflash - I only used CIS Tool (who took suggestions from ME on 2 errors they made in that program no less) to make it easy as possible for folks - but I wrote guides that PRE-DATE CIS tool by nearly a decade before it on NTCompatible.com (1997-1998) also on how to secure Windows so, YOU LOSE AGAIN, loser... apk
You said I say "hosts cure all" etc. & I proved otherwise (+ I did so YEARS before to another loser too) https://it.slashdot.org/comments.pl?sid=12003589&cid=56462109/ & all you have is your "hiding" behind UNIDENTIFIABLE anonymous posts, lies I prove you tell, & abused 'downmods' to HIDE your fuckups!
* Thanks for making ME laugh & yes, LOOK GREAT vs. a loser with egg on his face like you...
APK
P.S.=> What is it LIKE being a reprehensible pussy loser "ne'er-do-well" DO-NOTHING zero like you? Better yet, don't tell me - it MIGHT be contagious, lol... apk
Wildcards/heuristics addons + dns do create FALSE POSITIVES - hosts specifics don't!
Hosts do FAR MORE vs addons for FAR less, natively (via DNS benefits of speedup via hardcodes OR avoiding bug ridden DNS (partial list only) https://news.slashdot.org/comments.pl?sid=9007355&threshold=-1&commentsort=0&mode=thread&pid=51969075/
Hosts work SO WELL vs. DNS issues CHINA even copied me: Imitation IS the sincerest form of flattery http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/
Crippled by default BLOATED addons = usermode slower + operate long AFTER hosts making them redundant/useless bloat!
My prog updates automatically IF you set it so
I'VE PROVEN hosts cripple or block TONS of botnets & malware in posts here for YEARS now too.
Lastly - YOU did a better solution YOURSELF? Hell no, lol!
APK
P.S.=> I also dusted you on your lie https://it.slashdot.org/comments.pl?sid=12003589&cid=56465701/
See subject: Vs. your lie https://it.slashdot.org/comments.pl?sid=12003589&cid=56465777/ & hosts superiority https://it.slashdot.org/comments.pl?sid=12003589&cid=56465983/ vs. your bs!
To wit: Addons do less than hosts & are crippled by default (adblock) & DNS is BUG RIDDLED to high hell - both also use TONS more & DNS isn't native to workstation OS (host are, in kernelmode operation, faster vs. both of them).
"4 billion Chinese can't be wrong" (take a read there, you'll "get it" (perhaps not - you're too STUPID to live & aren't capable of creating solutions YOURSELF (as I have & do))).
APK
P.S.=> You are a "ne'er-do-well" but I offer you to PROVE OTHERWISE showing us all YOU have done ANYTHING of the likes I have in security (both in widely used guides for it I did I was PAID for no less & in a security program like my hosts engine) - you can't - you ARE a "ne'er-do-well" loser & UNIDENTIABLE jealous little punk... apk
See subject: Vs. your lie https://it.slashdot.org/comments.pl?sid=12003589&cid=56465777/ & hosts superiority https://it.slashdot.org/comments.pl?sid=12003589&cid=56465983/ vs. your bs!
Addons use more & do less vs. hosts & = crippled by default (adblock)!
DNS is BUG RIDDLED to high hell (shown in 2nd link above, partial list only too)
Addons & DNS use TONS more resources!
DNS + addons aren't native to workstation OS (host are, in kernelmode operation, faster vs. both of them). They're ILLOGIC logic "Bolting on 'MoAr'" inefficient stupidity vs. hosts!
Wildcards or heuristics create FALSE POSITIVES - hosts specifics don't!
APK
P.S.=> You are a "ne'er-do-well" but I offer you to PROVE OTHERWISE showing us all YOU have done ANYTHING of the likes I have in security (both in widely used guides for it I did I was PAID for no less & in a security program like my hosts engine) - you can't - you ARE a "ne'er-do-well" loser & UNIDENTIABLE jealous little punk... apk
See subject: You LOSE again as always & yes I caught you lying about me & when you can say (as I can) you fixed issues in CIS tool, then talk.
* Heck (pats self on back) I even got PAID to write security guides for Windows (quite unexpectedly in fact). My guide, again, goes way, Way, WAY BEYOND CIS tool guidance too!
(That last part's (fixing a highly esteemed program) is clearly beyond a DO-NOTHING zero "ne'er-do-well" like yourself - doing good things others notice is UTTERLY BEYOND losers like you, lol... & you KNOW it (prove otherwise - you can't... hahahaha!)
APK
P.S.=> No small wonder you have to post as UNIDENTIFIABLE anonymous douche - I've obviously floored you SO MANY TIMES you don't DARE post using your "registered 'luser'" FAKE NAME (for your FAKE wasted life, lol) vs. me while you constantly stalk me, lol... apk
I see that retard Alexander Peter Kowalski is still around spamming.
1. While it is true in that hosts won't actually produce any false positives it will produce lots of false negatives and those go unnoticed until your system is proper fucked. This is also a critical failing as in security false negatives are the killers while false positives are easily dealt with. Since hosts can only do exact matches it is extremely easy to circumvent and can be done so by a few lines of code. All that is needed then is a DNS entry that redirects all subdomains to the same destination. This produces a number of domain names that needs to be entered exceeds the number of fundamental particles in the visible universe. However any malicious script has to do is generate them at random and use them.
2.Let's take NoScript for example, it will stop an entire category of attacks, those based on scripts, which is something that hosts can never claim. Yes you get false positives, but you know what I can selectively allow just those I want. The added benefit is that I avoid those false negatives that APK just doesn't understand and my system is much better protected. If we look at another popular add on uBlockOrigin it does a better job of stopping ads than the throwaway hosts engine could ever do. The reason is the same mentioned above because it is capable of blocking all subdomains.
3. The Chinese didn't copy you, no matter how much you say they did doesn't make it true. You offer evidence that is an article that doesn't mention you or your work and toss in a bunch of wild speculation which amount to no evidence at all. The article describes something that works completely different from how your program works. The only thing that they have in common is as you have described elsewhere "favorites" which is something that is trivially implemented, and obvious. The most likely explanation why the Chines solution shares this feature is that it is so obvious that they thought it up independently.
4. Since we have already proven that add ons are more effective the first part of your statement is false. Now moving on to the second part there really isn't a difference speed wise between usermode and kernel mode as the processor runs just as fast in both. Since the hosts file can't be guaranteed to be sorted all lookups must be done linearly while other tools have the advantage that they can (I don't know if they do) have a sorted list to operate off of. This offers a substantial speed up over anything that could be done with a hosts file of any reasonable size. Now if you don't have a large hosts file you will get a lot of misses and have to go out to DNS anyway. This means that hosts is slower. But wait it gets better something like no script actually has a chance of stopping things before hosts is ever involved because it can stop scripts from making requests because they aren't even running.
5. About fucking time, but why does it still require any user interaction at all?
6. Long after the attacks have happened but the infections still happened, the code persisted on the machines, and resources were wasted. Hosts doesn't do anything other than stop outbound communication that is dependent hostname lookups in a way that is easily circumvented.
7. The standby statement you go to when you realize that you have run out of BS so now you demand that someone provide proof that they can do better than some throw away toy problem that could be created by someone in their first windows admin class.
Infection doesn't happen if the source is blocked in hosts & IF infected it's crippled unable to talk to its C&C stupid!
* & WTF is a "false negative"?
APK
P.S.=> Not only did I catch you in a COMPLETE LIE saying I said 'hosts cure all' (I never have & I never said that - nothing does) https://it.slashdot.org/commen... BUT you YOURSELF have never done a DAMN THING that's better than my hosts engine (since you're an unskilled jackass talker who STALKS me by UNIDENTIFIABLE anonymous posts like the WORM you are (which means I've dusted you SO BADLY under your registered 'luser' account here so many times you HAVE TO HIDE vs. me, lol))... apk
See subject: NoScript creates false positives,operates in slower usermode + hosts work before noscript does by FAR & hosts use less resources + messagepassing overheads!
Hosts block threats/ads before slower usermode noscript that increases browser overheads in messagepass & resources making it USELESS & REDUNDANT!
My hosts prog's use of hardcodes in hosts protects & speeds you up where you spend most time avoids DNS issues & I did it 1st + only hosts prog that does & I did it LONG BEFORE the Chinese!
It's why CHINA did imitate part of what I do in my hosts program - fact!
(Learn to read closely hypocrite http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/
APK
P.S.=> Addons do ZERO vs. DNS failings (see chinese above for 1 part only) in redirect poisoning & being down - hosts DO... apk
"there really isn't a difference speed wise between usermode and kernel mode as the processor runs just as fast in both" - by UNIDENTIFIABLE Anonymous Coward who HIDES from me on Friday April 20, 2018 @06:57AM (#56470229)
See subject STUPID: Kernelmode hosts not only start before addons BUT hosts gets CPU use time preference in queue dumbass!
E.G. - WHY DO YOU THINK YOUR KEYBOARD or MOUSE GETS INSTANT RESPONSE even in heavy loads vs. other tasks dumbell? Driver driver kernelmode cpu queue pref = why STUPID!
(NOW I KNOW I AM SPEAKING TO AN UNIFORMED IMBECILE IN YOURSELF, lmao!)
Hosts can also be updated/edited by users EASILY - try that w/ regex vs. hosts format for MOST folks dumbo - you'll lose there too!
APK
P.S.=> Addons don't do a FRACTION of what hosts do (dns level stuff alone shows that much) but they are slower & LIMITED in range of efficacy vs. host... apk
See subject - This is how STUPID you are on process scheduling (kernelmode vs. usermode) https://it.slashdot.org/comments.pl?sid=12003589&cid=56472075/
* RoTfLmAo!
CLUE again STUPID - hosts AVOID dns & its many security failings! Hosts get precedence by default (especially lately, Windows used to set the buggy cache below OVER hosts but a recent install here shows it is as I say now in the registry - MS got SMART) over remote DNS (slower) OR local DNS bolted on buggy bloat OR the faulty w/ large hosts files BUGGY dns slower usermode cache https://www.bishopfox.com/blog... (is that patched yet? NOT that I know of)
APK
P.S.=> Also again - WTF is a "false negative"? apk