Skip to main content

Microsoft Windows Defender extension offers Chrome users extra protection

alexeyboldin/123RF

If you’re a Chrome user, you’ll have one more choice this week for defense against phishing while you’re on the internet. Even though Microsoft and Google compete in a number of areas — Windows 10’s Microsoft Edge browser is a direct competitor to Chrome — Microsoft is making nice with its frenemy by releasing its Windows Defender Browser Protection extension for Chrome browsers.

Although solutions already exist for Chrome — Google, for its part, displays a bright, red screen whenever you visit a website suspected of phishing or scam — Microsoft claims that Windows Defender for Chrome is superior and can stop more threats. When the company highlighted the merits of its Microsoft Edge browser, it noted that Windows Defender is 99 percent effective at thwarting threats. Chrome was effective at just 87 percent of the time, and Firefox had a 70 percent effective rate. In theory, with Windows Defender available as an extension and working in Chrome, Chrome users should benefit from the same level of protection as Microsoft Edge.

With Windows Defender engaged at the browser level, if you visit a malicious website, the screen will flash red, alerting you to navigate away. “The extension alerts you about known malicious links, and gives you a clear path back to safety,” Microsoft said. Microsoft maintains a list of known or suspected malicious sites that is constantly updated as part of Windows Defender.

The good news is that if you use Windows Defender, you’ll still benefit from Google’s anti-phishing protection. “The new extension doesn’t appear to disable Chrome’s own checking (or at least, it doesn’t seem to be doing so for me), so at the very least isn’t likely to make you less safe, and with phishing being as widespread as it is, the extra protection probably doesn’t hurt,” Ars Technica reported.

A report published by the Federal Bureau of Investigations revealed that phishing scams cost American businesses roughly $500 million per year, according to Forbes. Tripwire found that 76 percent of organizations have experienced a phishing attack in 2017. On the consumer side, the Anti-Phishing Working Group reported that more than 1.2 million attacks were recorded in 2016, a 66 percent increase from the year prior.

Given that Google’s Chrome browser is far more popular than Microsoft’s Edge offering, making Windows Defender more widely available will have broader reach and more impact. According to W3Counter‘s March 2018 report, Chrome commanded a browser market share of 60.6 percent, while Microsoft’s Internet Explorer and Edge browsers had a 7.6 percent market share.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Chrome is making a key change to protect you from phishing
Google Chrome with pinned tabs on a MacBook on a table.

Phishing campaigns -- where a fraudulent website or email is made to look like it comes from a legitimate source -- have caused a huge amount of destruction, leading to untold numbers of virus infections and money lost through scams. Google has just rolled out a powerful way to fight phishing in its Chrome browser, however, and it could help you avoid falling victim.

As part of Chrome’s 15th-anniversary update, Google will be pushing its Enhanced Safe Browsing feature to all users in the coming weeks. This checks website URLs against a list of malicious sites stored on Google’s cloud servers, all in real time. If a match is found, the website is blocked and a warning is displayed to users.

Read more
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more