NordVPN’s Threat Protection is a suite of tools designed to make your online activities safer and free of annoyances. Threat Protection sits at the crossroads between antivirus and an adblocker.
It comes in two flavors: Threat Protection and Threat Protection Lite (a stripped-down version). The former runs on Windows and macOS computers, while the latter runs on mobile devices and Linux computers.
This post provides an overview of Threat Protection on mobile and desktop, how to use it, and whether or not we recommend it.
NordVPN’s Threat Protection summary
Coming from one of the most established commercial VPN providers, NordVPN’s Threat Protection is a welcome add-on to its VPN service. It enhances your privacy and security by filtering out potentially malicious traffic. The antivirus can scan your downloaded files for malware and viruses.
Its mobile (and Linux) version, Threat Protection Lite, only provides DNS filtering to fend off malicious traffic and block ads. But despite its reduced feature set, it’s still effective at keeping your web surfing clean and free of annoyances and offers some measure of protection against malware.
In our testing, it worked very well, although its antivirus engine doesn’t seem as capable as a dedicated antivirus program. Still, it comes at no extra cost to NordVPN users, and while it may not be perfect, it does add an extra layer of security to your online activities.
Threat Protection pros and cons
Pros:
- Provides extra security at no extra cost to NordVPN subscribers
- Has antivirus capabilities
- Can block ads, malware, and viruses
- Scans downloaded files for anything malicious
- Works on desktop and mobile
Cons:
- Mobile version only includes DNS filtering
- Linux only supports Threat Protection Lite
- Antivirus engine is not as comprehensive as dedicated antivirus software
How does Threat Protection work?
Threat Protection comprises the following features:
- Malicious domain blocking
- Phishing domains blocking
- Ad blocking
- Malicious links blocking
- Phishing links blocking
- Tracker blocking
- Malware scanning of downloaded files
Threat Protection Lite includes a subset of those features:
- Malicious domain blocking
- Phishing domains blocking
- Ad blocking
NordVPN‘s Threat Protection (not Threat Protection Lite) works by transparently proxying your connection to inspect the URLs for trackers, malware, and ads. If it detects any of the above, it drops the connection; if it doesn’t, it lets it through unimpeded. The graphic below from NordVPN’s website illustrates this:
Threat Protection Lite, on the other hand, is a DNS-based service commonly referred to as DNS blackholing. This works by referencing your DNS requests against a blocklist of ads and malware domains. If any match, they’re dropped. If they don’t, they go through.
Threat Protection is more comprehensive than Threat Protection Lite, given its antivirus and file-scanning features. However, because there are more technical limitations on mobile devices, features that require lower-level access to the operating system are more difficult or impossible to implement.
Still, both provide you with enhanced privacy and security online, and I recommend enabling Threat Detection on both desktop and mobile devices.
Using Threat Protection on Desktop
To use NordVPN’s Threat Protection on desktop:
- Sign up for NordVPN and purchase a subscription. Then, download and install the NordVPN app. Once downloaded and installed, launch the NordVPN app and sign in. I’ll be doing this on macOS.
- Click the Threat Protection icon on the left side of the app. The Threat Protection page is displayed.
- There are two sections on the Threat Protection page: Threat Protection and DNS filtering. Enable both by toggling each feature’s switch to On.
- Threat Protection is now enabled. We can access the Settings tab to fine-tune how Threat Protection will work.
- I want everything enabled, so I’ll leave things as they are, but you can turn on or off whatever suits your needs here. You can also reset Threat Protection’s activities by clicking the Reset button (mine is greyed out because I haven’t done anything yet – i.e., nothing has been blocked yet).
Now that we’ve enabled and configured Threat Protection, let’s try out its different features.
Web Protection
Web Protection is Threat Protection’s Ads, malware, and tracker blocker. It actively blocks threats and annoyances as you browse the web.
Web Protection includes the following:
- Malicious URL blocker
- Web tracker blocker
- Ad blocker
- URL trimmer (it shortens long URLs by removing unhashed tracking parameters)
- DNS filter
If I select the Web Protection tab, I can see it has blocked three trackers so far: The Web Protection tab does not list connection attempts blocked by DNS filtering, only those blocked by the Web Protection proxy.
I can click on the listed items to obtain more details.
I can choose to allow connections by clicking on the blue shield to the right.
Both Web Protection and DNS filtering block ads, trackers, and malware. But it’s still worth enabling both on desktop as they each work differently, and one might catch things the other missed.
Here’s a screenshot of an ad-laden website with Web Protection Off:
And here’s the same page with the feature enabled.
File Protection
File Protection scans the files you download for anything malicious, like an antivirus program.
File Protection includes the following:
- Virus scanner
- Double-extension detector: a lot of malware uses fake browser extensions
- Cloud-based threat detection: an opt-in feature that uploads files to the cloud for more in-depth scanning when it can’t determine whether a file is malicious or not locally
I tested the antivirus on my Mac against malware samples from from the European Institute for Computer Anti-Virus Research (EICAR), and it worked well:
Things weren’t as smooth with Threat Protection’s scanning of downloaded files. We downloaded a compressed OPNsense ISO installer. As soon as the download was complete, File Protection scanned the file.
Unfortunately, it alerted us that the file couldn’t be scanned, without any details as to why.
Clicking the entry for more details didn’t provide much more information.
During our testing, this happened with more than one download.
We finally got a successful scan when downloading a .html file.
This was a bit disappointing. Other antivirus programs were able to scan all of the files that File Protection could not.
Threat Protection doesn’t claim to be a full-fledged antivirus, so that might explain it. Hopefully, as the feature matures, it will get better file-scanning capabilities. It still remains useful.
App vulnerability scanner (Windows only)
The Windows app has an extra feature not found in its macOS counterpart: App vulnerability scanning.
With the feature enabled, Threat Protection will automatically scan your installed programs for any software vulnerabilities that could be exploited by malicious actors. If any are found, you’re immediately notified so you can decide whether or not to uninstall the app(s) in question.
Now, let’s look at Threat Protection Lite on mobile.
Using Threat Protection Lite on mobile
To use NordVPN’s Threat Protection Lite on mobile:
- Sign up for NordVPN and purchase a subscription. Then, download and install the NordVPN app. Once downloaded and installed, launch the NordVPN app and sign in. I’ll be doing this on an iPhone.
- Click the Account icon on the bottom right side of the app. The Settings page is displayed.
- Select Threat Protection Lite. The Threat Protection Lite page is displayed.
- Click the TURN ON button.
- You’re prompted to reconnect if the VPN is on when enabling Threat Protection Lite. Click Reconnect.
- Threat Protection Lite is now enabled.
Because Threat Protection Lite is limited to DNS filtering, there are no additional settings to configure. With the feature enabled, malware, trackers, and most ads should be blocked automatically.
Let’s test out the feature by loading a website that normally displays a lot of ads.
Here’s what it looks like with Threat Protection Lite disabled:
And here’s the same page with the feature enabled:
Do I recommend using Threat Protection?
Absolutely. It’s a great feature – and if you’re already a NordVPN subscriber, you can enable Threat Protection at no extra cost. It isn’t perfect, particularly in regards to its antivirus functionality, but NordVPN doesn’t claim to offer a full-fledged antivirus client.
With Threat Protection, you’ll get an ad-free browsing experience and significantly lower your odds of downloading viruses or malware onto your device. Again, the feature is included in your NordVPN subscription by default. You’re under no obligation to use it, but if you ask me, you should.
NordVPN’s Threat Protection is highly recommended.
You can find information about Threat Protection on NordVPN’s website.
