Hot Take extensions can help a lot against phishing

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,888


showcasing how extensions can add a lot of added detection against phishing with all pishing links in the video detected by category blocking as the only link not detected was a false positive at 6:55 (there is zero phishing tech in checkpoint extension that wasn't showcased as everything was blocked purely by category blocking )

note checkpoint and symantec have been configured and aren't in default config (changes are mainly added categories )



extensions used in the test :
checkpoint Serious Discussion - [Extension]Checkpoint harmony web protection
symantec Symantec Browser Protection - Chrome Web Store
trafficlight TrafficLight - Chrome Web Store
microsoft Microsoft Defender Browser Protection - Chrome Web Store

feeds used for the test :
Code:
https://db.aa419.org/fakebankslist.php
https://raw.githubusercontent.com/Phishing-Database/Phishing.Database/refs/heads/master/phishing-links-NEW-today.txt
https://raw.githubusercontent.com/openphish/public_feed/refs/heads/main/feed.txt




performance related data (symantec isnt popular enough to get tested by debug bear lookup and only an older version of checkpoint extension was tested by debug bear )
Screenshot 2024-12-23 074047.pngtrafficlight.pngwebsecure (older vesrion of checkpoint) .png

idle usage (symantec , checkpoint services running with zero cpu usage and around 30mb+ ram each )
idle.png
possible configs
[ page loading metric used is subjective and based on my personal experience with checkpoint set to background mode in URL filtering so pages load first and then checked ]

for max detection use all extensions above (slower page loading :( )
for balanced use Symantec , Microsoft and checkpoint (slightly slower to somewhat slower and recommended by me )
for fast page loading and low false postives use checkpoint and Microsoft (shouldn't feel a difference)
for low ram option use trafficlight and Microsoft (slightly slower page loading )
for low ram and fast page loading as well as low false positives use Microsoft only (shouldn't feel a difference)



anyone doing a similar test please use aa419 - Fake Sites Database and some new pishing links as its easy to get good detection against openpish free feed , other some free feeds
 
Last edited by a moderator:

Bot

AI-powered Bot
Apr 21, 2016
4,706
Thanks for sharing this informative video and the list of extensions used in the test. It's impressive to see how these tools can help in detecting phishing links. The performance data link is also a useful resource for understanding the impact of these extensions on browser performance. It's crucial to balance security with usability.
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,888
Thanks for sharing this informative video and the list of extensions used in the test. It's impressive to see how these tools can help in detecting phishing links. The performance data link is also a useful resource for understanding the impact of these extensions on browser performance. It's crucial to balance security with usability.
some popular extensions people usually recommend can have worse experience then even a combination of extensions as they will slow browsing too much avastpng.pngmalware.png



Avast alone will slow browsing more then all extensions together (max config )and Malwarebytes although better does slow browsing way too much
 

Bot

AI-powered Bot
Apr 21, 2016
4,706
some popular extensions people usually recommend can have worse experience then even a combination of extensions as they will slow browsing too much View attachment 286761View attachment 286762



Avast alone will slow browsing more then all extensions together and Malwarebytes although better does slow browsing way too much
That's a good point. While Avast and Malwarebytes are popular, they can indeed slow down browsing significantly. It's always important to consider the performance impact when choosing security extensions. Thanks for your insight!
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,888
That's a good point. While Avast and Malwarebytes are popular, they can indeed slow down browsing significantly. It's always important to consider the performance impact when choosing security extensions. Thanks for your insight!
in terms of security they are all trusted high valued security vendors that have standards other extensions devs lack and they have bug bounty programs if any if you find any issues with them you can check the source code as its open source further move mv3 has done significant changes in terms of securing extensions so although the attack surface has increased you get higher detection of real world attacks
 

Bot

AI-powered Bot
Apr 21, 2016
4,706
in terms of security they are all trusted high valued security vendors that have standards other extensions devs lack and they have bug bounty programs if any if you find any issues with them you can check the source code as its open source further move mv3 has done significant changes in terms of securing extensions so although the attack surface has increased you get higher detection of real world attacks
Absolutely, the trustworthiness and transparency of the extension developers is crucial. Open source code, adherence to high security standards, and bug bounty programs all contribute to the reliability and safety of these extensions. The move to Manifest V3 indeed brings significant security improvements. Thanks for highlighting these points!
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,888
If anyone has any extensions he can suggest me to try and test it will be helpful as I'm looking for the best extensions to deal with a variety of threats so fair if I had to go with a single extension it will be checkpoint
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,888
Absolutely, the trustworthiness and transparency of the extension developers is crucial. Open source code, adherence to high security standards, and bug bounty programs all contribute to the reliability and safety of these extensions. The move to Manifest V3 indeed brings significant security improvements. Thanks for highlighting these points!
Hey bot what extensions are the best against fake stores as all extensions I have tried had a hard time against fake stores
 

Bot

AI-powered Bot
Apr 21, 2016
4,706
Hey bot what extensions are the best against fake stores as all extensions I have tried had a hard time against fake stores
Detecting fake stores can be challenging for many extensions. However, extensions like Norton Safe Web, Avast Online Security, and McAfee SiteAdvisor are known to have some capabilities in this area. Remember, no extension is 100% foolproof, so always exercise caution when shopping online.
 
  • Like
Reactions: [correlate]

cc207

New Member
Sep 11, 2018
7
If anyone has any extensions he can suggest me to try and test it will be helpful as I'm looking for the best extensions to deal with a variety of threats so fair if I had to go with a single extension it will be checkpoint
@ Vitali Ortzi

The fake shop detector

 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,888
Please keep one thing in mind: more extensions = more possible attack vectors.
At the same time all major secure DNS providers offer pretty solid phishing protection.
That's correct but specifically attacks coming from sites against extensions are much much harder with changes in mv3 and I will be more concerned about the credentials of the developer being pished like https://www.bankinfosecurity.com/36-chrome-extensions-compromised-in-supply-chain-attack-a-27207

Rather then an attacker exploiting vulnerabilities In an extension used by enterprises
For further reading about the attack surface extensions have and mitigations that are included in mv3



Note attack vector of a grandma or majority of the population isn't an apt that knows how to attack mv3 extensions built by the top security companies rather more basic pishing , payloads , fake stores etc

About DNS no they aren't good enough but they are highly recommended and I will specifically encourage Dns.eu/nextdns or alternatively quad9 for less false positives , better practices
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,888
I find Malwarebytes being the only consumer brand to release new versions of it's extension vs any of the competition at least monthly sometimes every 2 weeks. i dont feel much slow down with it although i have a premium system.
The reason they update it frequency is the same for any adblocker since mv3 that list updates come only via extension updates
Microsoft extension for example didn't update for more then a year If I remember correctly so lack of updates doesn't automatically mean bad nor any frequency of updates is a good indication and the extensions I have mentioned above all use an API rather then a local list so they all get real time intelligence updates , even check in realtime against their ai catagoriztion engines , other ai engines like the "cluster" one used for zero pishing in checkpoint

Only reason I dislike Malwarebytes is that it's too heavy in my experience and I find having two lighter extensions is superior in feeds I have tested them against
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,888
@ Vitali Ortzi

The fake shop detector

Misses majority of fake stores in artists against 419 but I will further test it although in my tests it barley blocks stuff
Unfortunately unable to emulate the results av comparatives got but since an independent lab had good results I'm definitely keeping an eye on it
 

enaph

Level 29
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,894
That's correct but specifically attacks coming from sites against extensions are much much harder with changes in mv3 and I will be more concerned about the credentials of the developer being pished like 36 Chrome Extensions Compromised in Supply Chain Attack

Rather then an attacker exploiting vulnerabilities In an extension used by enterprises
For further reading about the attack surface extensions have and mitigations that are included in mv3



Note attack vector of a grandma or majority of the population isn't an apt that knows how to attack mv3 extensions built by the top security companies rather more basic pishing , payloads , fake stores etc

About DNS no they aren't good enough but they are highly recommended and I will specifically encourage Dns.eu/nextdns or alternatively quad9 for less false positives , better practices
I wasn't really talking about exploiting vulnerabilities in the extensions but what I had in mind was the scenario where user is installing the fake/compromised extension which is the most realistic scenario in case of home users.
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,888
I wasn't really talking about exploiting vulnerabilities in the extensions but what I had in mind was the scenario where user is installing the fake/compromised extension which is the most realistic scenario in case of home users.
Completely agree 💯
But it's the same idea of any software and the best practice will be to put a policy in chrome to allow only extensions you have approved although in my opinion unnecessarily
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top