Chrome anti-phishing protection… from Microsoft!

Microsoft has made its SmartScreen anti-phishing API available to Chrome browser users through an extension called Windows Defender Browser .

If this makes you do a doubletake, we’ll repeat it:  from this week Chrome users will, for the first time, be able to protect their browsing using not only Google’s own Safe Browsing technology but Microsoft’s too.

Once installed, there’s not much to the extension beyond being able to turn its protection on or off and send Microsoft feedback on the current version (v1.62).

Technologically, it’s a different matter. From the moment it’s installed, Chrome users will potentially see warnings from two different systems designed to tell them about malicious links, pop-ups, malware downloads, and of course, phishing URLs.

These pages will both be coloured red and probably indistinguishable bar the fact they reference either Google or Microsoft.

Why might Microsoft want to be so generous to users of a rival browser?

Hitherto, there’s been a bit of a gulf in integrated browser protection with Chrome, Firefox, Apple’s Safari, Opera and Vivaldi using Google’s Safe Browsing technology and only Microsoft’s Windows 10 browser, Edge, and legacy Internet Explorer versions using SmartScreen.

For users, these function like a second browser-specific layer of protection that supplements whichever anti-malware software (e.g. Sophos Home) they have installed.

Testing last year by NSS Labs suggested that Microsoft’s platform had a noticeable edge over Google when it came to malware download detection and blocking phishing URLs.

We speculated at the time that this might be explained by the sheer volume of malware and phishing attacks that Microsoft must detect through its large base of Windows users.

Having both detection platforms on the same browser would at least set up a fair comparison of their effectiveness in future tests.

The simplest explanation of Microsoft’s motivation for offering SmartScreen on Chrome is that it gives the company visibility on the bad stuff encountered by the 60% of the market that uses Chrome (Edge is around 4%). This, in turn, helps Microsoft’s Office 365 Exchange email service offer better protection to compete with Google’s rival G Suite.

It also reminds Chrome users that Microsoft is out there even if not many of them use Edge as the number of people on its predecessor, IE, slowly dwindles.

Ironically, for anyone accessing Gmail and G Suite via Chrome, this has a hidden benefit – installing Defender Browser Protection means these users are being protected from phishing attacks before email reaches their inboxes via Google’s platform and, after that, courtesy of both Google and Microsoft (the reverse is already true for on Chrome).