Serious Discussion I Tried Every Free Antivirus Software and for Me Microsoft Defender Give Me the Fastest Browsing Experience, Do You Feel the Same?

[Andy Ful]

Network Protection can be enabled on Windows Home (via PowerShell or known applications). It is a web filtering based on the blacklist. For example, the malicious script embedded in the website will be blocked only if it is already on the Microsoft URL blacklist.

 

[lokamoka820]

I love it when Edge shows a nag that tries to convince the user to change the settings.

This nag is the reason why I stopped using Edge. For me it is the king of nag.

 

[Ink]

Network Protection can be enabled on Windows Home (via PowerShell or known applications). It is a web filtering based on the blacklist. For example, the malicious script embedded in the website will be blocked only if it is already on the Microsoft URL blacklist.

Do you recommend this for the average Home user, or is Browser content-blocker or DNS-based protection better?

 

[Andy Ful]

Do you recommend this for the average Home user, or is Browser content-blocker or DNS-based protection better?

Defender's Network Protection is quite similar to SmartScreen in Edge but works for all applications (independently of the web browser) - it is intended to fight phishing and malware.
I am unsure about the right terminology, but DNS-based protection and browser content blockers can block content that is not malicious (for privacy reasons, children's protection, etc.), so they can be often applied independently of Network Protection.

 

[RoboMan]

Network Protection can be enabled on Windows Home (via PowerShell or known applications). It is a web filtering based on the blacklist. For example, the malicious script embedded in the website will be blocked only if it is already on the Microsoft URL blacklist.

Does this work the same way it works for enterprise version?

 

[monkeylove]

You can choose from browser security add-ons.

Others say HTTPs scanning provides additional security.

Finally, for gaming several programs have gaming mode or similar.

 

[Andy Ful]

Does this work the same way it works for enterprise version?

It works in the way I posted, on Windows Home with built-in Microsoft Defender. No idea how exactly it works with paid versions of Microsoft Defender.

 

[Oldie1950]

ChatGPT says about network protection:
Network Protection in Windows 11 is a security feature that is part of the Windows Security Center and aims to protect the network from various types of threats. Here are some of the main features and tasks of Windows 11 Network Protection:

Internet Threat Protection: Network protection can prevent users from accessing potentially dangerous or malicious websites. This is done by checking URLs and blocking those that are detected as unsafe.

Firewall protection: Network protection includes Windows Firewall, which monitors and controls incoming and outgoing network traffic. It can block or allow access to the network based on predefined rules.

Attack detection and mitigation: By monitoring network traffic, network protection can detect unusual behavior that could indicate an attack and take appropriate action to mitigate the attack.

Application monitoring: Network protection can prevent unwanted or malicious applications from connecting to the Internet and exfiltrating data or downloading malware.

Network Isolation: In enterprise environments, network protection can help isolate networks to prevent the spread of malware and protect sensitive data.

User notifications: When a threat is detected, Network Protection notifies the user and provides recommendations on how to remediate the threat.

These features help increase the security of the system and data on the network by proactively responding to threats and controlling network access.

I make no guarantees that ChatGPT is telling the truth.

 

[Andy Ful]

ChatGPT uses a wider meaning of Network Protection. In Windows, several features are enabled by default and do not require Microsoft Defender.
The feature mentioned by me is Microsoft Defender's feature called "Network Protection".
It can be tested on Windows 10+ (all versions) as follows:

The screen is from my testing Virtual Machine with Windows 11 Home and enabled Microsoft Defender Network Protection.
One can also test it by using a third-party web browser and visiting a testing URL:

SmartScreen Test

See also: Network Protection - Microsoft Defender Testground

 

[Jan Willy]

With Andy's ConfigureDefender it's easy to activate Network Protection. An alternative can be Adguard for Windows (desktop). It has the module Browsing Security. AFAIK it's based on Google Safe Browsing.

Edit: View the explanation on Browsing security | AdGuard Knowledge Base

 

[SeriousHoax]

Network Protection can be enabled on Windows Home (via PowerShell or known applications). It is a web filtering based on the blacklist. For example, the malicious script embedded in the website will be blocked only if it is already on the Microsoft URL blacklist.

But in my tests, it doesn't block everything that is blocked by SmartScreen on Edge. Also, it uses CPU when I'm downloading something like games from steam, something from torrents. Constant 5-8 % CPU usage in those scenarios for me with almost zero benefit. So, I turned it off.

An alternative can be Adguard for Windows (desktop). It has the module Browsing Security. AFAIK it's based on Google Safe Browsing.

I think they use the same API but the blacklist is different. Google Safe Browsing is better in most cases.

 

[Andy Ful]

But in my tests, it doesn't block everything that is blocked by SmartScreen on Edge.

Network Protection often blocks elements of the website without blocking the website. It is more granular compared to SmartScreen.
To properly test Network Protection, you must use the URL to the website's malicious element. If you use the URL to the website, it will be blocked by SmartScreen but not necessarily by Network Protection.

 

[SeriousHoax]

Network Protection often blocks elements of the website without blocking the website. It is more granular compared to SmartScreen.
To properly test Network Protection, you must use the URL to the website's malicious element. If you use the URL to the website, it will be blocked by SmartScreen but not necessarily by Network Protection.

Yeah, but still the effectiveness is low compared to third-party products with web-filtering.
Not you Andy, but in case anyone didn't know, Network Protection doesn't filter Edge since Edge already has SmartScreen, but it will filter everything else including other browsers.
But one thing I noticed that Microsoft Defender's real-time protection doesn't scan installed browser's cache. It seems sometimes javascripts loaded by the browser has to be saved in browser's cache on the disk. Even if that javascript is detected by Microsoft Defender's signature, it doesn't get detected by its real-time protection. It will be detected if you scan the cache folder. Now if I do the same test but instead of browsers installed on their default location, I try a portable browser that is installed somewhere else, then Microsoft Defender's real-time protection detects the malicious javascript on the browser cache folder in real time and prevents the execution of the script.
I did this test many months ago and got the same result for Edge, Chrome and Firefox. MD doesn't detect if installed on the default location, MD detects if installed in a non-default location. In my case, it was on portable browsers on my HDD.
BTW, MD won't detect even in portable browsers if you run this in Private/Incognito mode since in that case, nothing touches the disk, everything is temporarily loaded in memory. Only products with HTTPS scanning can detect in Private/Incognito mode.

 

[Andy Ful]

But one thing I noticed that Microsoft Defender's real-time protection doesn't scan installed browser's cache.

I think that it is an intentional behavior to avoid web browser slowdowns. Microsoft assumes that such files are executed by the web browser in a sandbox. When a malicious script wants to connect with a malicious website, the SmartScreen URL filtering is triggered. This is not a sophisticated protection but a compromise between security and usability.

 

[SeriousHoax]

I think that it is an intentional behavior to avoid web browser slowdowns. Microsoft assumes that such files are executed by the web browser in a sandbox. When a malicious script wants to connect with a malicious website, the SmartScreen URL filtering is triggered. This is not a sophisticated protection but a compromise between security and usability.

Yeah, that's what I assumed also. I just remembered it today so thought I should share.