AIProtection vs Built-in Web Browser protection

iFrogMac

Senior Member
Hey all,
I was curious as to what the thoughts were of AIProtection vs the built in protection of the web browsers today.
I did some reading of some older threads here regarding if people recommended AIprotection, and the main verdict was yes. However, those threads were a year to several years ago, and browser developers have gotten a lot more aggressive with including that sort of protection in the browser directly.
On one of the threads I read through the site: www.wicar.com was suggested as a test site to make sure things were working,. Well, I went to the site after enabling AIProtection, and the browser's built in protection caught the links before the trend micro integration did.
I mainly use Safari, and Firefox, and I only saw the Trend Micro protection after disabling the browser's built in protection.

Any web browsing I would do here is most likely going to be on an Apple device, so I'll have Firefox, or Safari as my browser. I have Windows, and Linux in virtual machines, but still the same browsers, and, because of them being isolated VMs e.g. no sharing between the guest and host, if something were to happen in one, it would most likely just require a restore from a backup of the VM. I do have Chrome, and Edge as well, but I don't use them hardly at all.

The router seems to be functioning without issue with AIProtection on, haven't noticed any slowdowns, or any other unusual behavior. I have kept traffic analyzer off, as there are still reports of that causing issues, and for the time being, I don't need the feature. I mainly wanted to try the AIprotection to see if would give me anything over the browser's built in protection. As mentioned though, while the router would offer whole network protection, i only browse from the one iMac, and IF I needed the phone for something, because it's an iPhone, it has the same built in protection as the Mac does.

Thanks for any thoughts on this
 

OzarkEdge

Part of the Furniture
Hey all,
I was curious as to what the thoughts were of AIProtection vs the built in protection of the web browsers today.
I did some reading of some older threads here regarding if people recommended AIprotection, and the main verdict was yes. However, those threads were a year to several years ago, and browser developers have gotten a lot more aggressive with including that sort of protection in the browser directly.
On one of the threads I read through the site: www.wicar.com was suggested as a test site to make sure things were working,. Well, I went to the site after enabling AIProtection, and the browser's built in protection caught the links before the trend micro integration did.
I mainly use Safari, and Firefox, and I only saw the Trend Micro protection after disabling the browser's built in protection.

Any web browsing I would do here is most likely going to be on an Apple device, so I'll have Firefox, or Safari as my browser. I have Windows, and Linux in virtual machines, but still the same browsers, and, because of them being isolated VMs e.g. no sharing between the guest and host, if something were to happen in one, it would most likely just require a restore from a backup of the VM. I do have Chrome, and Edge as well, but I don't use them hardly at all.

The router seems to be functioning without issue with AIProtection on, haven't noticed any slowdowns, or any other unusual behavior. I have kept traffic analyzer off, as there are still reports of that causing issues, and for the time being, I don't need the feature. I mainly wanted to try the AIprotection to see if would give me anything over the browser's built in protection. As mentioned though, while the router would offer whole network protection, i only browse from the one iMac, and IF I needed the phone for something, because it's an iPhone, it has the same built in protection as the Mac does.

Thanks for any thoughts on this

One protects the browser; one protects the network. Not all protection is created equal. Use both, compare their results, and decide for your use case. The usual approach to security is multiple layers, not one or the other, except where they might conflict.

OE
 
Last edited:

bbunge

Part of the Furniture
You have done your research. Good! I have used AiProtection for years and it does catch some things from time to time. Currently, though, it is suspected in causing some issues with increased RAM use. As I say suspected but not proved yet. I have reset my AX86U and am starting off with basic settings. I will add features back on one at a time and watch for problems. AiProtect and QOS use the Trend Micro database so will likely be the last I turn on.
 

iFrogMac

Senior Member
One protects the browser; one protects the network. Not all protection is created equal. Use both, compare their results, and decide for your use case. The usual approach to security is multiple layers, not one or the other.

OE
I'll do that, I was mainly looking at the malware protection. The other thing, I wanted to mention is, I went back and read through your install notes again in more detail, and changed some of my settings per suggestions. The router has been extremely stable since.
I think part of the challenges of security I have is, some things don't apply to Macs as they would to Windows, some things apply to both. For example, malware and fraud sites apply to any platform because it's usually done through the browser. However factors like viruses are more for windows users, even though there are threats for the Mac, Linux, etc. They're just different, and usually not as many. So, since most of these consumer devices are targeted to the average person who most likely will be running a windows computer of some sort, and have have very little knowledge of security, etc sometimes I find it hard to know what applies to my own setting, and what doesn't
I watch "Security Now" with Steve Gibson, and also use his tools on GRC.com to check, such as the UPNP exposure test, and other shields up tools. I also check other things that I know apply to my setup that he makes suggestions about, or if I see something in passing online, I'll read it, and then see if it will help me as well, or if it doesn't apply.
As far as the current topic, I'll watch how the local browser and network protection work together to see if I see any difference with it on, than what I experienced before I got these options through the router.
 

iFrogMac

Senior Member
You have done your research. Good! I have used AiProtection for years and it does catch some things from time to time. Currently, though, it is suspected in causing some issues with increased RAM use. As I say suspected but not proved yet. I have reset my AX86U and am starting off with basic settings. I will add features back on one at a time and watch for problems. AiProtect and QOS use the Trend Micro database so will likely be the last I turn on.
Here is a screenshot of my memory usage with the default AIProtection options enabled, which is all 4 settings. Before I enabled them ram was about 40 to 45% used. Doesn't seem like a huge gain, unless it's too much for what the features do.
Screen Shot 2022-06-28 at 9.22.33 AM.png
 
Last edited:

Tech Junky

Very Senior Member
@iFrogMac

A router is supposed to be a router not a UTM. If you can avoid using "features" it will lead to better performance over the long term. AS you've already deduced the browsers today off the same protection as the TM feature does w/o overloading the CPU / RAM of the router.

Since you're already playing with VMs you could setup a VM for IDS/IPS and route traffic through it if that's your concern. Something along the liens of pfSENSE / snort / etc. You'll get more functionality out something like this vs the dumb router trying to mimic something it's not.
 

heysoundude

Part of the Furniture
I am of the same opinion as @OzarkEdge that security (and privacy) need to be approached as a multi-layered defence. (@Tech Junky makes a few good points in their post as well)

As such, I'm running the Merlin firmware on my Asus router, and that allows me to use scripts such as diversion to block ads, and unbound to have a network rDNS server. I've also fooled around with WireGuard and believe it to be a significant addition to any arsenal.

then it comes to browsing - if you've got MS Edge, that should be your default AFAIC. I'm using (and am migrating network users to) either that, or Brave on desktops and mobile devices...and the number of blocked ads etc continues to climb, even with diversion in place at the network level on my router. And let me tell you, you DO notice a significant difference in terms of intrusiveness when I'm not on my home network - my network isn't noticeably slower or more problematic, but those ads are EVERYWHERE.

If you're worried about running out of memory on your router, the same scripts I mentioned involve setting up a USB drive that includes a swap to enhance the RAM on the router so that it stays as speedy/snappy/responsive as possible. you might consider giving it all a spin to see if it fits/works with your stated objectives...and if it doesn't, you can easily go back to stock Asus firmware.

I hope you give these things a think and maybe even try them out. you may be pleasantly surprised at the results, short and long term.
 

Tech Junky

Very Senior Member
@heysoundude

Agree w/ the invasive ads. I run pihole w/ curated lists and it's horrifying when not on my network to see all of the crap that's out there unfiltered.

Code:
-rw-r--r-- 1 root   root          97 Jun  7 10:53 list.100.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          88 Jun 26 04:36 list.101.urlhaus.abuse.ch.domains.sha1
-rw-r--r-- 1 root   root          85 Jun 19 04:36 list.102.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root          85 Jun  7 10:53 list.103.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root          93 Jun  7 10:53 list.104.justdomains.github.io.domains.sha1
-rw-r--r-- 1 root   root          93 Jun  7 10:53 list.105.justdomains.github.io.domains.sha1
-rw-r--r-- 1 root   root          93 Jun  7 10:53 list.106.justdomains.github.io.domains.sha1
-rw-r--r-- 1 root   root          93 Jun  7 10:53 list.107.justdomains.github.io.domains.sha1
-rw-r--r-- 1 root   root          97 Jun  7 10:53 list.108.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          97 Jun  7 10:53 list.109.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          84 Jun  7 10:53 list.10.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root          97 Jun 26 04:36 list.110.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          97 Jun 26 04:36 list.111.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          97 Jun 26 04:36 list.112.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          97 Jun  7 10:53 list.113.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          97 Jun 26 04:36 list.114.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun 26 04:35 list.11.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          83 Jun 26 04:36 list.120.dbl.oisd.nl.domains.sha1
-rw-r--r-- 1 root   root          85 Jun  7 10:53 list.12.blocklist.site.domains.sha1
-rw-r--r-- 1 root   root          84 Jun 26 04:35 list.13.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.14.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.15.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          89 Jun 26 04:35 list.16.zerodot1.gitlab.io.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.17.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.18.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          84 Jun 26 04:35 list.19.phishing.army.domains.sha1
-rw-r--r-- 1 root   root          95 Jun 26 04:35 list.1.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.20.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.21.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          81 Jun 26 04:35 list.22.gitlab.com.domains.sha1
-rw-r--r-- 1 root   root          85 Jun  7 10:53 list.23.blocklist.site.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.24.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.25.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.26.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.27.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          81 Jun 26 04:36 list.28.github.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.30.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun 26 04:36 list.31.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          91 Jun  7 10:53 list.32.winhelp2002.mvps.org.domains.sha1
-rw-r--r-- 1 root   root          84 Jun  7 10:53 list.33.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.34.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          84 Jun  7 10:53 list.36.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root          90 Jun 26 04:36 list.37.someonewhocares.org.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.38.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun 26 04:36 list.39.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          80 Jun  7 10:53 list.3.sysctl.org.domains.sha1
-rw-r--r-- 1 root   root          87 Jun  7 10:53 list.40.paulgb.github.io.domains.sha1
-rw-r--r-- 1 root   root          81 Jun 26 04:36 list.41.adaway.org.domains.sha1
-rw-r--r-- 1 root   root          84 Jun 26 04:36 list.44.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root          83 Jun 19 04:36 list.45.pgl.yoyo.org.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.46.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun 26 04:36 list.47.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          81 Jun 26 04:36 list.48.github.com.domains.sha1
-rw-r--r-- 1 root   root          81 Jun 26 04:36 list.49.github.com.domains.sha1
-rw-r--r-- 1 root   root          86 Jun  7 10:53 list.4.s3.amazonaws.com.domains.sha1
-rw-r--r-- 1 root   root          84 Jun  7 10:53 list.58.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root          86 Jun  7 10:53 list.5.s3.amazonaws.com.domains.sha1
-rw-r--r-- 1 root   root          95 Jun 26 04:35 list.6.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.70.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.83.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          91 Jun  7 10:53 list.85.hostfiles.frogeye.fr.domains.sha1
-rw-r--r-- 1 root   root          91 Jun  7 10:53 list.86.hostfiles.frogeye.fr.domains.sha1
-rw-r--r-- 1 root   root          98 Jun 26 04:36 list.87.www.github.developerdan.com.domains.sha1
-rw-r--r-- 1 root   root          83 Jun 26 04:35 list.8.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.90.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun 26 04:36 list.92.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          91 Jun 26 04:36 list.93.osint.digitalside.it.domains.sha1
-rw-r--r-- 1 root   root          87 Jun  7 10:53 list.94.s3.amazonaws.com.domains.sha1
-rw-r--r-- 1 root   root          84 Jun  7 10:53 list.95.v.firebog.net.domains.sha1
-rw-r--r-- 1 root   root          84 Jun  7 10:53 list.96.bitbucket.org.domains.sha1
-rw-r--r-- 1 root   root          84 Jun 26 04:36 list.97.phishing.army.domains.sha1
-rw-r--r-- 1 root   root          81 Jun 26 04:36 list.98.gitlab.com.domains.sha1
-rw-r--r-- 1 root   root          96 Jun  7 10:53 list.99.raw.githubusercontent.com.domains.sha1
-rw-r--r-- 1 root   root          95 Jun  7 10:53 list.9.raw.githubusercontent.com.domains.sha1

Running the curated lists that auto update helps keep the telemetry at bay. Adding these lists are easy to do and take the manual need out of the picture though I still manually add things as they appear. 50%+ of the traffic outbound is being blocked based on these lists and I know it's higher than what's reported because I've filtered out known hosts from being reported on the dashboard. Before that the number was closer to 90%.

1656423718521.png


pihole is low impact when it comes to resource use and it's free.

 

iFrogMac

Senior Member
I am of the same opinion as @OzarkEdge that security (and privacy) need to be approached as a multi-layered defence. (@Tech Junky makes a few good points in their post as well)

As such, I'm running the Merlin firmware on my Asus router, and that allows me to use scripts such as diversion to block ads, and unbound to have a network rDNS server. I've also fooled around with WireGuard and believe it to be a significant addition to any arsenal.

then it comes to browsing - if you've got MS Edge, that should be your default AFAIC. I'm using (and am migrating network users to) either that, or Brave on desktops and mobile devices...and the number of blocked ads etc continues to climb, even with diversion in place at the network level on my router. And let me tell you, you DO notice a significant difference in terms of intrusiveness when I'm not on my home network - my network isn't noticeably slower or more problematic, but those ads are EVERYWHERE.

If you're worried about running out of memory on your router, the same scripts I mentioned involve setting up a USB drive that includes a swap to enhance the RAM on the router so that it stays as speedy/snappy/responsive as possible. you might consider giving it all a spin to see if it fits/works with your stated objectives...and if it doesn't, you can easily go back to stock Asus firmware.

I hope you give these things a think and maybe even try them out. you may be pleasantly surprised at the results, short and long term.
Thank you, I'll take your suggestions into consideration. I mainly provided the screenshot above for @bbunge since they were stating seeing issues with AI Protection enabled. Personally, I haven't seen any performance issues. I was mainly curious about setting up protection on the computer vs network since the computer would be the main entrance for threats. I haven't discarded trying Merlin's firmware either. I'm simply of the opinion that I would rather not use third party firmware unless I have a specific need. That way, if I have issues and need to call support, I won't have to go through a reset and re-flash before getting support. The only stock firmware I didn't like was Netgear's. Everything else has met my needs fairly well. The only reason I switched from TP-Link to Asus is mainly just the guarantee of receiving updates and fixes longer, and the more advanced options available. Functionally, they performed about the same in my setup.
 
Last edited:

heysoundude

Part of the Furniture
1656424673528.png

That's what Brave has blocked (I've never believed their time savings) on my desktop since ~Feb, behind Diversion. my phone says 46k, 1.41GB and 38min
>4GB is NOT insignificant bandwidth...that's a 2hr film at HD+ resolution

1656424891390.png


so things do indeed slip through...and the numbers would likely be more impressive with pixelserv activated...
For reference, that ~1.9MM ads blocked is probably over 3-4yrs (last I can recall doing a full reset/reconfig of my router)
 

iFrogMac

Senior Member
View attachment 42247
That's what Brave has blocked (I've never believed their time savings) on my desktop since ~Feb, behind Diversion. my phone says 46k, 1.41GB and 38min
>4GB is NOT insignificant bandwidth...that's a 2hr film at HD+ resolution

View attachment 42249

so things do indeed slip through...and the numbers would likely be more impressive with pixelserv activated...
For reference, that ~1.9MM ads blocked is probably over 3-4yrs (last I can recall doing a full reset/reconfig of my router)
I went in and checked the status of each setting on my router to see if t's caught anything since it's been on. So far the only things listed were the tests done through www.wicar.com. So the good news is, it's working, but hasn't caught any real threats outside the tests.
 

Tech Junky

Very Senior Member
Yeah, each query adds up when you consider all of the content associated with each DNS ping. Blocking JS though by default is a quick remedy to most of these intrusions as well. Stop the scripts before they pull content reduces some of this clutter as well.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top