APIVoid Browser Protection

Add-on/Extension Page
https://chromewebstore.google.com/detail/apivoid-browser-protectio/jobpjnhlpobhgdddaeifllnbbleopibe
https://addons.mozilla.org/en-US/firefox/addon/apivoid-browser-protection/
@NoVirusThanks

Nice way of hardening the browser and applying heuristics to block high risk patterns. It makes so much sense that I wonder why Chromium forks have not offered this to distinguish themselves. Small request, could you also add sh, py, pl, rpm, deb, bin, elf and other Linux (executable) formats to the download block list? I added them manually (nice to make most setting user controllable)

The privacy policy looks good (y)
 
Last edited:
  • Like
  • Applause
Reactions: ebocious, HarborFront, Zero Knowledge and 6 others
@nickstar1 and @Kongo

They overlap on suspicious Top Level Domains (known for hosting a lot of malware of phishing), but Malware Bytes Browser Guard also applies some sort of heuristics. I have seen MBAM's heuristics jump into action after a download finishes. This usually occured when a known payload was distributed from a new location (URL or breached website).

@NoVirusThanks
Would that be a feasible feature for API Void Browser protection? You already watch download triggers in the browser to block file extensions. What about keeping a local list of hashes of latest malware distributions? Calculate hash while something downloads and throw a warning when the hash matches the latest list. When I look at URL Haus the most recent additions are nearly always less 10 variants (meaning a list with 1000 hashes would be more than enough to cover the latests threaths).

Updating the list through a periodic dribble mechanism (say 10 latest hashes), should not involve much bytes nor traffic on your servers (unless you get a million users in short time, but then than you re talking about other business opportunities).

Latest suggestion to keep the extension free of charge. When you acquire a substantial base of users, it would be normal to use the extension as an "suspicious URL" collector for your professional API-services. With a short data rentention period I would not mind paying with my data (e.g. Avira kept suspicious URL for 7 days before the privacy policy moved to GenDigital and became whole lot worse).

1777531869702.png
 
Last edited:
  • Like
  • +Reputation
  • Applause
Reactions: Brownie2019, Zero Knowledge, simmerskool and 4 others
LinuxFan58 said:
@nickstar1 and @Kongo

They overlap on suspicious Top Level Domains (known for hosting a lot of malware of phishing), but Malware Bytes Browser Guard also applies some sort of heuristics. I have seen MBAM's heuristics jump into action after a download finishes. This usually occured when a known payload was distributed from a new location (URL or breached website).

@NoVirusThanks
Would that be a feasible feature for API Void Browser protection? You already watch download triggers in the browser to block file extensions. What about keeping a local list of hashes of latest malware distributions? Calculate hash while something downloads and throw a warning when the hash matches the latest list. When I look at URL Haus the most recent additions are nearly always less 10 variants (meaning a list with 1000 hashes would be more than enough to cover the latests threaths).

Updating the list through a periodic dribble mechanism (say 10 latest hashes), should not involve much bytes nor traffic on your servers (unless you get a million users in short time, but then than you re talking about other business opportunities).

Latest suggestion to keep the extension free of charge. When you acquire a substantial base of users, it would be normal to use the extension as an "suspicious URL" collector for your professional API-services. With a short data rentention period I would not mind paying with my data (e.g. Avira kept suspicious URL for 7 days before the privacy policy moved to GenDigital and became whole lot worse).

View attachment 297450
Click to expand...
Yea, I think you got me wrong. Malwarebytes is focusing on detection of malicious and phishing sites, while APIVoid reduces the attack surface without actually identifying malicious sites.
 
  • Like
Reactions: Brownie2019, Sorrento, Khushal and 1 other person
Kongo said:
Yea, I think you got me wrong. Malwarebytes is focusing on detection of malicious and phishing sites, while APIVoid reduces the attack surface without actually identifying malicious sites.
Click to expand...
Void also does heuristics (e.g. suspicious patterns and domains with excessive length and symbols) and MBBG says it does heuristcs on URL and content. I understood what you were posting, also heuristics is a wide and stretchy concept, so not saying you are wrong, just adding some nuances.
 
Last edited:
  • Thanks
  • Applause
  • Like
Reactions: Sorrento, Kongo and Khushal
@pxxb1

The APIVoid browser extensions will always be free, here is the browser extensions page:
www.apivoid.com

Security Browser Extensions for Chrome and Firefox | APIVoid

Explore APIVoid security browser extensions for Chrome and Firefox. Block malicious and suspicious domains, prevent phishing attacks, and improve your browsing security with our extensions.
www.apivoid.com www.apivoid.com

@Digmor Crusher

Fixed, thanks for reporting.

@CyberDevil

Interesting, I didn't test it on Firefox mobile, will fix the "Browser Protection" text and the "Go back" button to be responsive.

@Miraculix

I would still use it, our extension applies some specific hardening rules that can improve protection.

It also doesn't slowdown the browsing, it is very fast.
 
  • Like
  • +Reputation
  • Thanks
Reactions: Brownie2019, HarborFront, Miraculix and 6 others
NoVirusThanks said:
@pxxb1

The APIVoid browser extensions will always be free, here is the browser extensions page:
www.apivoid.com

Security Browser Extensions for Chrome and Firefox | APIVoid

Explore APIVoid security browser extensions for Chrome and Firefox. Block malicious and suspicious domains, prevent phishing attacks, and improve your browsing security with our extensions.
www.apivoid.com www.apivoid.com

@Digmor Crusher

Fixed, thanks for reporting.

@CyberDevil

Interesting, I didn't test it on Firefox mobile, will fix the "Browser Protection" text and the "Go back" button to be responsive.

@Miraculix

I would still use it, our extension applies some specific hardening rules that can improve protection.

It also doesn't slowdown the browsing, it is very fast.
Click to expand...
Feature to block newly registered domains would be great too. (y)
 
  • Like
  • +Reputation
Reactions: NoVirusThanks, Sorrento and simmerskool
NoVirusThanks said:
@pxxb1

The APIVoid browser extensions will always be free, here is the browser extensions page:
www.apivoid.com

Security Browser Extensions for Chrome and Firefox | APIVoid

Explore APIVoid security browser extensions for Chrome and Firefox. Block malicious and suspicious domains, prevent phishing attacks, and improve your browsing security with our extensions.
www.apivoid.com www.apivoid.com

@Digmor Crusher

Fixed, thanks for reporting.

@CyberDevil

Interesting, I didn't test it on Firefox mobile, will fix the "Browser Protection" text and the "Go back" button to be responsive.

@Miraculix

I would still use it, our extension applies some specific hardening rules that can improve protection.

It also doesn't slowdown the browsing, it is very fast.
Click to expand...
Really appreciate the free browser extensions from NoVirusThanks. I already support their paid tools like OSArmor, SysHardener, and Appsvoid, so it’s great to see them giving back and helping keep everyone safe. :)
 
  • Like
Reactions: Brownie2019, NoVirusThanks, Sorrento and 1 other person
NoVirusThanks said:
@pxxb1

The APIVoid browser extensions will always be free, here is the browser extensions page:
www.apivoid.com

Security Browser Extensions for Chrome and Firefox | APIVoid

Explore APIVoid security browser extensions for Chrome and Firefox. Block malicious and suspicious domains, prevent phishing attacks, and improve your browsing security with our extensions.
www.apivoid.com www.apivoid.com

@Digmor Crusher

Fixed, thanks for reporting.

@CyberDevil

Interesting, I didn't test it on Firefox mobile, will fix the "Browser Protection" text and the "Go back" button to be responsive.

@Miraculix

I would still use it, our extension applies some specific hardening rules that can improve protection.

It also doesn't slowdown the browsing, it is very fast.
Click to expand...

Ok.

You say that it applies specific hardening rules, which are those?
Why should i use this one instead of, lets say, Clouflare DNS 1.1.1.3 which also stops porn and malware sites?
 
  • Like
Reactions: Brownie2019, Sorrento and Parkinsond
HarborFront said:
Any pros over uBO lite? Or they complement one another? Any overlap for both?

:rolleyes:
Click to expand...

When you are an advanced user who writes his/hers own DNR custom rules, it would require some advanced level of Google's declarative net request rules and regex knowledge to accomplish (say 80% max) of the protection API void browser protection has.

You will be able to construct at most 80 percent, because uBol uses YAML to allow users to write DNR rules. Firstly not all regex options are available in uBol and secondly the YAML parser has some restrictions of its own, so it will take a few hours trial and error to construct the correct rules to achieve 80% at max protection (I know because I tried and ran into mentioned limitations).

So even when you write your own rules I would still add it, because (IMO best reason) API Void Browser protection shows a warning which you can bypass and easily ceate exceptions.

For all other adblock users it is IMO a no-brainer. For people having added an URL filter it also complements their AV extension nicely (maybe with exception of Trident's extension and Malwarebytes and Symantec browserguard which nearly catch all bad URLs).

I have only tried the freeware extensions, so "all" is limited to all freeware adblockers and bad URL browser guards.

P.S. the reason I tried to create similar protection with uBol because NVT has a history of turning free into payware (so I have saved my uBol rules :-) )
 
Last edited:
  • Like
Reactions: Zero Knowledge, Sorrento and HarborFront
HarborFront said:
Any pros over uBO lite? Or they complement one another? Any overlap for both?

:rolleyes:
Click to expand...

It depends on what kind of user you are, as @LinuxFan58 already mentioned,if you know how to write DNR rules that have identical or similar functionality.

It also depends on whether you use DOH - NextDNS account or DOH - paid ControlD DNS account, or a DOH - AdGuard DNS account.
In this case, using them simultaneously might be redundant, depending largely on the choices you’ve made.
 
  • Like
  • +Reputation
Reactions: Zero Knowledge, Sorrento, HarborFront and 1 other person
Sampei.Nihira said:
It depends on what kind of user you are, as @LinuxFan58 already mentioned,if you know how to write DNR rules that have identical or similar functionality.

It also depends on whether you use DOH - NextDNS account or DOH - paid ControlD DNS account, or a DOH - AdGuard DNS account.
In this case, using them simultaneously might be redundant, depending largely on the choices you’ve made.
Click to expand...

No, not writing DNR rules. Anyway don't know how to write them.

Also, not using any DNS but VPNs

So I see the use with uBO Lite would help me. It showed its first block of github under the "Block free hosting domains" yesterday. I just excluded it.

I supposed adding to Brave should complement its protection too
 
  • Like
  • +Reputation
Reactions: simmerskool, Zero Knowledge, Brownie2019 and 3 others
I just added to Brave and the result is interesting

Using Ungoogled Chromium browser yesterday it blocked the below link at github

1778372817754.png


Under the EVENTS it said 'The last 50 blocked URLs'. Is it possible to see the list of blocked URLs?

Using Brave it doesn't show any block when I went to github. It aslo does not block GitHub - imputnet/helium: Private, fast, and honest web browser

Maybe not working in Brave or need some update?
 
Last edited:
  • Like
  • Sad
Reactions: simmerskool, Zero Knowledge, Sorrento and 1 other person
HarborFront said:
I just added to Brave and the result is interesting

Using Ungoogled Chromium browser yesterday it blocked the below link at github

View attachment 297605

Under the EVENTS it said 'The last 50 blocked URLs'. Is it possible to see the list of blocked URLs?

Using Brave it doesn't show any block when I went to github. It aslo does not block GitHub - imputnet/helium: Private, fast, and honest web browser

Maybe not working in Brave or need some update?
Click to expand...
Probably because ungoogled chromium has - in the link and is long and has chromium in it, it is blocked. Helium either does not have these signs of suspicious links and possibly the whitelist exception for github won't trigger blocks anymore.
 
  • Like
Reactions: Sorrento
LinuxFan58 said:
Probably because ungoogled chromium has - in the link and is long and has chromium in it, it is blocked. Helium either does not have these signs of suspicious links and possibly the whitelist exception for github won't trigger blocks anymore.
Click to expand...

Used the same links on both different browsers. Is the blocked link saved on the disk so that the block by the first browser won't be shown on the second browser?
 
  • Like
Reactions: simmerskool, Zero Knowledge and Sorrento

You may also like...