Microsoft Ports Edge Anti-Phishing Technology To Google Chrome

An anonymous reader writes: Microsoft has released a Chrome extension named "Windows Defender Browser Protection" that ports Windows Defender's -- and inherently Edge's -- anti-phishing technology to Google Chrome. The extension works by showing bright red-colored pages whenever users are tricked into accessing malicious links. The warnings are eerily similar to the ones that Chrome natively shows via the Safe Browsing API, but are powered by Microsoft's database of malicious links —also known as the SmartScreen API.

Chrome users should be genuinely happy that they can now use both APIs for detecting phishing and malware-hosting URLs. The SmartScreen API isn't as known as Google's more famous Safe Browsing API, but works in the same way, and possibly even better. An NSS Labs benchmark revealed that Edge (with its SmartScreen API) caught 99 percent of all phishing URLs thrown at it during a test last year, while Chrome only detected 87 percent of the malicious links users accessed.

Does it track me?

[skoskav]

Though I commend their effort to improve Chrome's phishing protection, this may also be used to track users' browsing habits and show better "interest-based ads," as vaguely hinted at in the extension's privacy policy.

Thanks but no thanks.

Re:Windows Defender for macOS?

[mcl630]

What does your choice of OS have to do with phishing links?

This is just a portal, not a port.

[IHTFISP]

Calling this a “port” of Windows Defender's “anti-phishing technology” is an extreme exaggeration, I suspect. Weighing in at only 295KiB total, this Chrome extension is apparently little more than a keyhole portal interface from the Chrome browser to the underling Windows Defender installed on your system platform.

So for those not running Chrome atop Windoze (like on Linux or MacOS or such), I suspect this Chrome Extension is merely a 295KiB no-op / placebo / bloatware.

I imagine the author of the Bleeping Computer® article (Catalin Cimpanu) may have been spoon-fed some verbiage from Microsoft in an undisclosed, backchannel press release of some sort. Sadly, this makes him look a bit like a breathless, sycophantic shill for The Big Blue Borg. *smirk*

I challenge anyone installing this extension on a non-Windows platform to demonstrate even a single URL that:

a) Windows Defender blocks on a Windoze box, but which...
b) Chrome's native built-in malware prevention tool (once enabled) does not catch on a non-Windoze box, but that...
c) Chrome on a non-Windoze box w/ this “Windows Defender Browser Protection” extension enabled does catch.

I venture that such an instance does not exist, unless this extension somehow leverages Microsoft's database of hinky URLs w/o using a locally underlying Windows Defender installation. In that case, I conjecture it could only do so by phoning home to Microsoft to check the URL against a remote on-line database... but that would then raise a massive privacy tsunami about remotely communicating what URLs you're visiting to some dark-site server somewhere in Redmond, WA. If so, let the tin-foil hat parade commence.

Or am I just being overly skeptical?

Chrome users should be genuinely happy

[tomxor]

Chrome users should be genuinely happy that they can now use both

LMFAO, so preemptively defensive.

An NSS Labs benchmark revealed that Edge (with its SmartScreen API) caught 99 percent of all phishing URLs thrown at it during a test last year, while Chrome only detected 87 percent of the malicious links users accessed.

You will have to forgive me if I consider this a worthless statistic... you know microsoft have a history if "beating everyone else" in their own hand crafted benchmarks only to be utter shit in reality (especially when talking about browsers).

Re:Data suckage++

[MachineShedFred]

Really. How does Windows telemetry get my data when I'm running Ubuntu?

Yeah, that's the point of making a Chrome extension - to penetrate the non-Windows market for data harvesting. Just waiting for someone to scope the packets that get phoned home to Microsoft when this is installed.