Fabian Wosar

From Emsisoft
Verified
Developer
Hello everyone,

I just wanted to give you a little Christmas present in form of a new component that you can test a bit earlier than anyone else if you want to. The next Emsisoft Anti-Malware release will include a new component we call "Emsisoft Browser Security".

1545839126238.png


Emsisoft Browser Security is a cloud-based browser extension for Firefox as well as Chrome. It is powered by the same database that also powers the Emsisoft Surf Protection. However, since it is part of the browser and has access to the actual URLs and the page content without breaking SSL, it can use a lot more advanced detections, which will greatly increase the detection of phishing websites in particular.

Unlike a lot of other cloud-based extensions, who will send any URL you visit in clear-text to a backend somewhere, we decided to make it a lot more privacy-conscious. So instead of URLs in plaintext, we only ever see hashes of parts of the URLs you visit, which we can't turn back into their readable form. Any processing that requires the entire URL, is done completely client-side, so the sites you visit never leave your browser.

You can install the extensions here:
Emsisoft Browser Security – Get this Extension for Firefox (en-GB)
Emsisoft Browser Security

Feel free to post your feedback and merry Christmas! :)
 

Fabian Wosar

From Emsisoft
Verified
Developer
Then why do you send parts of URLs that you can't assign to any URL?
Our URL database is multiple GB in size. It's unfortunately not feasible to have such a huge database deployed on our user's systems. So instead those hashes allow us to determine which bits of the database are relevant to you at the moment and only stream those to your browser, which can then determine whether or not the website you visit right now is bad or not.

So if you do visit a malicious website, we may be able to guess, because you query certain bits of our dataset that are specific to a certain malicious site. But we don't know for sure as hashes aren't unique and each hash has a potentially unlimited number of payloads that can have the same hash. For non-malicious websites, we will have absolutely no idea what you visit at all. All we see for those are some hashes, that don't lead to any data in our datasets.
 
Last edited:

Evjl's Rain

Level 42
Verified
Trusted
Content Creator
Malware Hunter
unfortunately, I just tested it with 10 different vxvault links. It detected/blocked nothing compared to other extensions
something is wrong with this extension or it's very weak

chrome 9/10
avira 5/10
emsisoft 0/10
malwarebytes 9/10
Norton 4/10
comodo 1/10
bitdefender 10/10
WDBP 10/10
squidblacklist 4/10
 

tsunami

Level 2
Hi, Neat extension. Other than being privacy-conscious, how does this extension differs from the competition? is this using pure cloud blacklist or will it have other features to detect zero day malicious websites not in the blacklist? How near real time is blacklist? How often is blacklist updated? Are you using multiple threat intelligence sources? https sites are scanned/inspected i figure? does it need EAM to be installed or can it be used stand alone?
 

TairikuOkami

Level 23
Verified
Content Creator
Finally a security extensions, that does not block ADs/trackers by default, breaking webpages.

unfortunately, I just tested it with 10 different vxvault links.
Yes, it does not seem to block exes very well, the rest is about 50:50 and tiny bits of phishing. But hopefully it will improve over time.
 

Attachments

Fabian Wosar

From Emsisoft
Verified
Developer
unfortunately, I just tested it with 10 different vxvault links. It detected/blocked nothing compared to other extensions
VXVault usually lists payloads, not the websites that use those payloads (through an exploit kit for example). The extension mostly focuses on blocking the websites, not the payloads (or downloads). We may add checks for downloads as well in the future. However, at the moment the lack of Edge support for download events is preventing us from doing it. That may be a thing of the past with Microsoft moving to Chromium though soon.
 

Fabian Wosar

From Emsisoft
Verified
Developer
Is this using pure cloud blacklist or will it have other features to detect zero day malicious websites not in the blacklist?
This first version is purely blacklisting. We have some ideas for future versions. Especially to detect phishing and fraudulent sites.

How near real time is blacklist?
The blacklist is real-time.

How often is blacklist updated?
Couple of thousand times a day. Data is made available through the cloud backend literally the moment it is added.

Are you using multiple threat intelligence sources?
It uses our surf protection database in the background. However, our surf protection database is aggregated through various sources.

https sites are scanned/inspected i figure?
Yes. That's the biggest reason why we decided to add a complementary browser extension. As browser extensions can access encrypted websites without doing any shady tricks like MITM.

does it need EAM to be installed or can it be used stand alone?
No EAM installation needed. You can pair it with anything you want. It's completely free.
 

Fabian Wosar

From Emsisoft
Verified
Developer
If one uses the extension, should one disable Surf Protection, or can / should one disable that?
They do slightly different things. Surf Protection in EAM checks every single request your browser (or any application on your system, browser or not) against the blacklist. The blacklist is comprised of only hostnames and IP ranges because those are the only information it has available without seriously invasive techniques that you don't want us to use as they lower your privacy and security. So it applies to downloads as well for example.

The browser extension checks the websites you visit in your browser. It has access to more information, so it can do more fine-grained filtering, but it is limited to websites (not downloads or requests) you visit in your browser only.

If you are an EAM user, we recommend to use both.