Wednesday 25 April 2018

Computerworld/Gregg Keizer: Microsoft boosts anti-phishing skills of Chrome, the IE and Edge killer

Computerworld 

News Analysis
Microsoft boosts anti-phishing skills of Chrome, the IE and Edge killer
The company has released an add-on for Chrome – dubbed 'Windows Defender Browser Protection' – that effectively gives up a major asset in its own Edge browser.

By Gregg Keizer

Senior Reporter, Computerworld  Apr 23, 2018 5:02 AM PT
phishing hack scam malware binary code
Thinkstock

Microsoft has ceded a major asset of its Edge browser to rival Google by releasing an add-on that boosts Chrome's phishing detection skills.

The Redmond, Wash. company had little choice, according to one analyst. "Phishing is a huge problem, and people are going to use the browser they use," said Michael Cherry of Directions on Microsoft. "They're doing this to protect the Windows ecosystem."
[ Related: How to replace Edge as the default browser in Windows 10 — and why you should ]

Dubbed "Windows Defender Browser Protection" (WDBP) the free extension can be added to Chrome on Windows or macOS, and after a post-launch fix, Chrome OS as well. Like the defenses built into Edge, the add-on relies on Microsoft's SmartScreen technology that warns users of potentially malicious websites that may try to download malware to the machine or of sites linked in email messages that lead to known phishing URLs.

Microsoft keeps a constantly-changing list of these likely bad destinations on its servers, that list generated in part from telemetry sent by SmartScreen users.

At least that's what it appears WDBP does: Microsoft has not documented the extension's operation beyond some general information on its site and in the description on the Chrome Web Store. In the latter, Microsoft said: "If you click a malicious link in an email or navigate to a site designed to trick you into disclosing financial, personal or other sensitive information, or a website that hosts malware, Windows Defender Browser Protection will check it against a constantly updated list of malicious URLs known to Microsoft." That is SmartScreen.
wdbp for Chrome
Microsoft

Microsoft now offers its SmartScreen anti-phishing and anti-malware technology to users of rival Chrome, a move one analyst described as "self defense."

In its online pitch for WDBP, Microsoft cited 2017 research from NSS Labs, which pegged Edge as the browser best able to block phishing and socially-engineered malware attacks, sniffing out 99% of all attempts while Chrome and Mozilla's Firefox found 87% and 70%, respectively. Those two rivals each relied on Google's Safe Browsing API.

Which raises an obvious question. Why has Microsoft ceded one of the few advantages of its own Edge to a competitor's browser?
[ Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now offering a 10-day free trial! ]

Cherry believes Microsoft was faced with the devil's choice: Protect the majority of Windows users or only those running Edge (or the obsolete, legacy Internet Explorer). "Edge has not caught on," Cherry noted, referring to its low usage statistics on Windows 10. "But if people fall for phishing, they're not going to point a finger at the browser, which is just an application. They're going to ask [Microsoft] 'Why didn't you protect Windows?' This is just a self-defense move."
More like this

    Top web browsers 2018: Firefox's share slips post-Quantum
    Windows 10 Redstone: A guide to the builds
    What's in the latest Chrome update?
    Video
    Mingis on Tech: The lowdown on Android security

Edge, which is approaching its third-year launch anniversary, has been unable to attract a sizable audience. The latest data from analytics vendor Net Applications put Edge's share of all browsers at just 4%, and its share on Windows 10 only at 13%. Meanwhile, Chrome was the preferred choice of 61% of the world's online population.

There are other reasons for Microsoft's sharing largess.

With Edge and IE accounting for only a slice of Internet users - Net Applications put it as a combined 18% during March - Microsoft was not getting the amount of telemetric data, crucial to SmartScreen, that it once received. "The simplest explanation of Microsoft's motivation for offering SmartScreen on Chrome is that it gives the company visibility on the bad stuff encountered by the 60% of the market that uses Chrome," wrote John Dunn in a post to a blog maintained by security company Sophos. "This, in turn, helps Microsoft's Office 365 Exchange email service offer better protection to compete with Google's rival G Suite."

True. Microsoft has baked SmartScreen into more than just Edge and Internet Explorer. Its Outlook.com web-based email service and Outlook email client - the latter an important part of Office 365 - as well as its Exchange email server, all turn to SmartScreen to fight phishing and malware.

With a shrinking share of the browser market - at Edge's introduction in mid-2015, Internet Explorer owned 53% - Microsoft may have realized it was not getting enough data from browser users to fuel SmartScreen. That rationale plays to Microsoft's focus, which is on the enterprise; without sufficient data for SmartScreen, business tools such as Outlook and Exchange might lose the ability to correctly detect malicious URLs.

Windows Defender Browser Protection can be downloaded from Google's Chrome Web Store.
Related:

    Browsers Security Windows Microsoft Google

Senior Reporter Gregg Keizer covers Windows, Office, Apple/enterprise, web browsers and web apps for Computerworld.
Follow

5 tips for working with SharePoint Online
You Might Like
Shop Tech Products at Amazon
Sponsored Links

    INSTANTLY dtSearch® TERABYTES of FILE+EMAIL+DB+WEB DATA; reviews & evals

    Online Master of Science in Information Systems at Northwestern University

Computerworld The Voice of Business Technology
Follow us

    Browsers Cloud Computing Computer Hardware Consumerization of IT Data Centers Emerging Technology IT Leadership Internet Mobile Networking Operating Systems Security Software Vertical Industries

    News Features Reviews Blogs Opinions Insider Shark Tank Slideshows Video Newsletters Computerworld Events Resources/White Papers

    About Us Contact Privacy Policies Editorial Beats Advertising Careers at IDG Ad Choices E-commerce Affiliate Relationships

Copyright © 2018 IDG Communications, Inc.
Explore the IDG Network
descend

No comments: