Advice Request A Browser Extension that prevents Malware?

[SearchLight]

I am using WD+ConfigHIGH+SWH+VS+BDTrafficLight+UbO. I use Windows Firewall.

I have been wondering about malware that can insert or download itself through my browser when I land on a website that I would not be aware.

I use three browsers, FF, Google Chrome, and the new Edge, all up to date.

I know that a good AV or Extension like BDTL will block a malicious website before one gets there. Is there an extension that can block the type of malware that I describe? I may be misunderstanding browser malware in regard to how they work but I was wondering if it is in the realm of sandboxing but then it would be an additional program leading to bloat and potential conflicts. In essence, overkill?

If anyone can clarify the concept, and make a recommendation, I would appreciate it. Maybe I am overthinking it.

 

[ForgottenSeer 85179]

Your setup is even overpowered.
Stay with new Edge only and you're best protected.

The only thing that i would add is NextDNS which has a great security protection called threat-intelligence-feeds

 

[Kongo]

NoScript maybe if you take that as an option. Malwarebyte's addon also has a nice approach of blocking malicious content. It doesn't necessarily block the whole page where the infected resource is laying on, it just blocks the infected part itself. Sorry for my broken english, hope you get what I'm trying to say here

NextDNS actually is a good option as security123 already said above

 

[ForgottenSeer 85179]

You can also use Edge in Application Guard mode which is Edge in a VM for maximum protection.

 

[Evjl's Rain]

This is what I use based on my thinking:
- Chromium browser: Google Safebrowsing = 1 engine
- Bitdefender trafficlight = 1 engine
- Windows Defender Browser Protection = 70-80% strength of Microsoft Edge's Smartscreen = 0.7-0.8 engine
=> I have 2.7-2.8 engines in 1 browser and they perform very smoothly

Comments:
- Firefox: uses Google Safebrowsing but with ~30-minute delay of database compare to Google Chrome/Chromium -> weaker = ~2.5 engines
- Edge: only has Smartscreen, no way we can add Google Safebrowsing = 2 engines
- NextDNS: uses Google Safebrowsing + its own database -> not much gain if you have Safebrowsing but it can protection outside browser
- Other Malware blocking DNS-s: Neustar and Cleanbrowsing -> they have their own databases and they are good. You might consider them but if you want max. speed, use your fastest DNS
- Besides browsers, after you download something and execute them, Windows will check the file with Windows Smartscreen (different from Edge's smartscreen but shares some similarities, based reputation/rating/prevalence of a file) -> another strong layer

Because of all things I wrote above, I choose Chromium-based browser (with Google Safebrowsing) + Trafficlight + WDBP -> Windows Smartscreen -> Antivirus

Sandboxing is only when you really want to run a file but your browser, extensions, AV or Smartscreen say it's potentially malicious. Running it in sandbox or VM to determine its safety

 

[Moonhorse]

Chromium edge download protection is overpowered to be honest, just enable reputation based filter wich is new thing..it will disallow downloads that may execute malicious stuff

Firefox itself is not that advanced, but i dont think drive by malware does exist if you have ''ask download location'' enabled and ublock to avoid basic low tier adware,malware

Trafficlight is ok for firefox, maybe malwarebytes extension is more agressive to block downloads thought as it is blocking some legit downloads whenever i have used that

 

[Arequire]

Even if a payload does successfully download and try to execute, chances are VS is just going to block its execution attempt anyway.
It's not something I'd be particularly concerned about if I were you.

 

[ErzCrz]

Having UBO in medium mode (I use an amended version of Medium Modewhich requires less maintenance )will block third party frames and scripting where a lot of malware comes from. Chromium Edge is good and utilizes Chromium based sandboxing. I also use Hard_Configurator which includes CD and firewall hardening to protect my system. There are lots of different approaches but I think UBO's filtering is very effective at preventing the scripting in the first place and I prefer it over Noscript.

 

[oldschool]

No need to overthink it.

 

[SearchLight]

Thanks for the clarity. One final question. I am using Cloudfare DNS via my router. Are the free DNS services that provide malware and/or other filtering the icing on the security cake, and just as fast? Thanks

 

[DJ Panda]

This might be a little off topic but I bought an AdGuard license pack, is the phishing and website blocking decent enough or should I continue with someone like Malwarebyte's extension on top?

 

[SearchLight]

This is what I use based on my thinking:
- Chromium browser: Google Safebrowsing = 1 engine
- Bitdefender trafficlight = 1 engine
- Windows Defender Browser Protection = 70-80% strength of Microsoft Edge's Smartscreen = 0.7-0.8 engine
=> I have 2.7-2.8 engines in 1 browser and they perform very smoothly

Comments:
- Firefox: uses Google Safebrowsing but with ~30-minute delay of database compare to Google Chrome/Chromium -> weaker = ~2.5 engines
- Edge: only has Smartscreen, no way we can add Google Safebrowsing = 2 engines
- NextDNS: uses Google Safebrowsing + its own database -> not much gain if you have Safebrowsing but it can protection outside browser
- Other Malware blocking DNS-s: Neustar and Cleanbrowsing -> they have their own databases and they are good. You might consider them but if you want max. speed, use your fastest DNS
- Besides browsers, after you download something and execute them, Windows will check the file with Windows Smartscreen (different from Edge's smartscreen but shares some similarities, based reputation/rating/prevalence of a file) -> another strong layer

Because of all things I wrote above, I choose Chromium-based browser (with Google Safebrowsing) + Trafficlight + WDBP -> Windows Smartscreen -> Antivirus

Sandboxing is only when you really want to run a file but your browser, extensions, AV or Smartscreen say it's potentially malicious. Running it in sandbox or VM to determine its safety

So you are using BDTrafficlight together with the extension Microsoft Defender Browser Protection to be clear?

 

[ForgottenSeer 85179]

Thanks for the clarity. One final question. I am using Cloudfare DNS via my router. Are the free DNS services that provide malware and/or other filtering the icing on the security cake, and just as fast? Thanks

I forget the name but someone here test different DNS services and cloudflare was realy bad. NextDNS is one of best and related to privacy even the top one.

Using blocking on DNS level is fast and important as the whole domain then isn't reachable which stop malware at first possibility before any other security solution start.

 

[Evjl's Rain]

Thanks for the clarity. One final question. I am using Cloudfare DNS via my router. Are the free DNS services that provide malware and/or other filtering the icing on the security cake, and just as fast? Thanks

cloudflare has a separate DNS for malware filtering but it's really bad. Fortunately, for many users, it's one of the fastest DNS-s. NextDNS should be great but I'm not sure about the speed in your region. In my country, NextDNS is too slow to use
you should use the tool DNS benchmark, add DNS like nextdns, cleanbrowsing and neustar recursive (they are 3 best ones) and see who is the fastest

So you are using BDTrafficlight together with the extension Microsoft Defender Browser Protection to be clear?

exactly. Most malwares are blocked before being downloaded so my antivirus barely has to work

 

[SearchLight]

cloudflare has a separate DNS for malware filtering but it's really bad. Fortunately, for many users, it's one of the fastest DNS-s. NextDNS should be great but I'm not sure about the speed in your region. In my country, NextDNS is too slow to use
you should use the tool DNS benchmark, add DNS like nextdns, cleanbrowsing and neustar recursive (they are 3 best ones) and see who is the fastest
exactly. Most malwares are blocked before being downloaded so my antivirus barely has to work

What is your opinion of Quad9 DNS?

 

[ForgottenSeer 85179]

What is your opinion of Quad9 DNS?

Not better then cloudflare with blocking

 

[Evjl's Rain]

What is your opinion of Quad9 DNS?

much better than Cloudflare but still meh compare to Neustar, cleanbrowsing and NextDNS
you can visit my 2 last tests

Hot Take - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Comparison between browser extensions Test 29/12 Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings Test 24/11 Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings Test 12/11 Q&A - [Updated 12/11/2018] Browser extension comparison...

malwaretips.com

Hot Take - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Comparison between browser extensions Test 29/12 Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings Test 24/11 Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings Test 12/11 Q&A - [Updated 12/11/2018] Browser extension comparison...

malwaretips.com

 

[SearchLight]

much better than Cloudflare but still meh compare to Neustar, cleanbrowsing and NextDNS
you can visit my 2 last tests

Hot Take - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Comparison between browser extensions Test 29/12 Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings Test 24/11 Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings Test 12/11 Q&A - [Updated 12/11/2018] Browser extension comparison...

malwaretips.com

Hot Take - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Comparison between browser extensions Test 29/12 Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings Test 24/11 Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings Test 12/11 Q&A - [Updated 12/11/2018] Browser extension comparison...

malwaretips.com

Did the Benchmark Test. Next to Neustar coming in first was OpenDNS. Your opinion on OpenDNS? Someone mentioned that they also have an opt out feature for logging but I could not find it.

 

[Evjl's Rain]

Did the Benchmark Test. Next to Neustar coming in first was OpenDNS. Your opinion on OpenDNS? Someone mentioned that they also have an opt out feature for logging but I could not find it.

openDNS is good for speed and phishing but it's bad against malware links
if you want more options, you have to register an account on their website, download a tool to update your IP so the settings will stick to your IP
everytime your IP changes, the settings won't apply anymore -> have to update the new IP to continue. Unless you have a static IP, you don't need to upload your new IP to their server

there is a few ways to do but it's complicated
it's the same for NextDNS

 

[SearchLight]

openDNS is good for speed and phishing but it's bad against malware links
if you want more options, you have to register an account on their website, download a tool to update your IP so the settings will stick to your IP
everytime your IP changes, the settings won't apply anymore -> have to update the new IP to continue. Unless you have a static IP, you don't need to upload your new IP to their server

there is a few ways to do but it's complicated
it's the same for NextDNS

Was able to configure NextDNS on my router and in Google Chrome and Firefox for Secure DNS over HTTPS. Trying to do the same config for Edge.
Btw, I came across this website on DNS that some less advanced may find helpful: Test Your DNS Servers - RouterSecurity.org