- Jun 14, 2011
- 1,895
extensions can help a lot against phishing
- Thread starter Vitali Ortzi
- Start date
- Mar 29, 2018
- 7,844
- Dec 12, 2016
- 1,891
Not perfect but note
Google publishes extensions , Microsoft publishes extensions even used to authenticate into some of Microsoft if I recall correctly
Extensions I have recommended like Symantec and checkpoint are very likely used by some banks / federal agencies around the world and are actively used by top of the fortune companies
Symantec , checkpoint , bitdefender all have teams researching vulnerabilities of extensions and published research about malicious extensions and you can probably get a fat bounty of you can bypass an extension made by top security companies in the industry and used by some of the top enterprises
So although it's 100 percent true it increases attack surface
The extensions I have recommended based on objective data from debug bear of their impact on page loading, looking at ram usage in both a midrange laptops (8gb of ram ) and a low end (2gb of ram ) as well as subjective personal experience
So I have chosen based on trust (top security companies) , performance , detection in a variety of tests ( first of all openpish , pishing and those that have good results I have tested them against fake sites in artists against 419 database every couple of days , weeks in over a period of over 2 months )
So what I'm trying to focus on is actual vectors users will be faced with , having options to not slow browsing nearly at all as for example debug bear test of Microsoft defender extension is so good its basically in my opinion at margin of error territory
- Dec 12, 2016
- 1,891
Minimalism is best in terms of usability , performance,attack surface etcThat's why I am "software minimalist"
But since even tech guys including YouTubers like Linus have been pished before then there is some benefit to for certain users to add solutions against these threats that in my opinion outweigh the downsides
Last edited:
I installed Symantec Browser Protection. It seems light but offers no settings.
- Dec 12, 2016
- 1,891
Yes to modify what stuff it categorize over default you will have to modify the .JS directly I can help you with that or you can try yourself here
Serious Discussion - [Extension] Symantec browser protection(Symantec intelligence)
seems like it uses web pulse( you can verify by seeing every link and script etc inside the page being sent to https://ent-shasta-rrs.symantec.com/webpulse/* by a GET request ) and to modify defaults to add more categories or set threat by changing (category_ids), (threat_level) the defaults...
malwaretips.com
You can test it here Symantec Sitereview
By default it blocks only malicious, pishing
Having no UI ,settings might be partly why it's light XD
I use Cloudflare Gateway DNS for its security and content-blocking capabilities. I'm looking for a phishing extension suitable for kids' systems, and Symantec Browser Protection seems like an excellent option.
bazang
Level 10
- Jul 3, 2024
- 482
There is a person here at MT that uses 40 security browser extensions.That's why I am "software minimalist"
All the effort put into customized security by security geeks amounts to nothing more than passing the time. Why? Because if a system is infected one just clean installs the OS and rebuilds the system.
Nobody, and I mean nobody, has ever come to MT or any other popular security forum and stated (legitimately, provable) that their localhost was infected, hacked or otherwise compromised and they suffered anything more serious than files being encrypted. And that only happened a single time.
After decades of testing, the best overall solution is to use the security capabilities shipped with the OS and add as little third party software as possible.
Less is way more. And, well, the current trend among the vast majority of young people is that they are technology savvy but security ignorant. Very credible studies have determined that young people think security is not necessary. It is all a nuisance.
#SnowflakesAreReal
I removed Symantec Browser Protection; browserleaks.com showed Google DNS usage, even with a VPN.
- Jan 6, 2022
- 558
showcasing how extensions can add a lot of added detection against phishing with all pishing links in the video detected by category blocking as the only link not detected was a false positive at 6:55 (there is zero phishing tech in checkpoint extension that wasn't showcased as everything was blocked purely by category blocking )
note checkpoint and symantec have been configured and aren't in default config (changes are mainly added categories )
extensions used in the test :
checkpoint Serious Discussion - [Extension]Checkpoint harmony web protection
symantec Symantec Browser Protection - Chrome Web Store
trafficlight TrafficLight - Chrome Web Store
microsoft Microsoft Defender Browser Protection - Chrome Web Store
feeds used for the test :
Code:https://db.aa419.org/fakebankslist.php https://raw.githubusercontent.com/Phishing-Database/Phishing.Database/refs/heads/master/phishing-links-NEW-today.txt https://raw.githubusercontent.com/openphish/public_feed/refs/heads/main/feed.txt
performance related data (symantec isnt popular enough to get tested by debug bear lookup and only an older version of checkpoint extension was tested by debug bear )
View attachment 286755View attachment 286757View attachment 286759
Chrome Extension Performance Lookup
Look up how the top 5000 Chrome extensions affect page load performance.www.debugbear.com
idle usage (symantec , checkpoint services running with zero cpu usage and around 30mb+ ram each )
View attachment 286760
possible configs
[ page loading metric used is subjective and based on my personal experience with checkpoint set to background mode in URL filtering so pages load first and then checked ]
for max detection use all extensions above (slower page loading
for balanced use Symantec , Microsoft and checkpoint (slightly slower to somewhat slower and recommended by me )
for fast page loading and low false postives use checkpoint and Microsoft (shouldn't feel a difference)
for low ram option use trafficlight and Microsoft (slightly slower page loading )
for low ram and fast page loading as well as low false positives use Microsoft only (shouldn't feel a difference)
anyone doing a similar test please use aa419 - Fake Sites Database and some new pishing links as its easy to get good detection against openpish free feed , other some free feeds
What about a DNS service that leeches from all their lists
- Feb 25, 2017
- 2,616
I agree with pretty much everything you said except the quote above. Maybe years ago malware was simply created to damage a system and nothing more. Nowadays stealer-malware is a thing and therefor preventing is far more important than reacting to an infection. So no, you can't just reinstall the OS and get your data back. That's not how it works.
bazang
Level 10
- Jul 3, 2024
- 482
The incidence of identity theft and people losing their life savings is rare. However, the cybersecurity news uses such reports as click-bait via fearmongering.
And yes, you can reinstall the OS and get your data back - if you are performing backups and/or using automatically synced cloud storage.
Prevention is no longer a viable strategy. You have to assume breach because everybody's data has already been compromised. 90% of the people who are members of this forum - their data has been hacked on 3rd party systems and now resides on the dark web.
The days of running Comodo and Emsisoft on one system along with hardening the underlying OS are over. It makes no difference because a person's data is not at risk on localhost. It is completely vulnerable on 3rd party systems that have no accountability or responsibility in the case that they are hacked.
So all the paranoid-level effort and time put into protecting localhost is wasted. But it is everybody's right to waste their time. It is their life that they are wasting.
