BTW, BitDefender TrafficLight belongs to BitDefender. How do you know it's not working with signature database?
What I meant is that BDTL add-on/extension is better in heuristics and behavior analysis than signature databases, when compared to other similar add-ons/extensions:
1) I asked BD' support by email, and they explained me that the add-on uses both, Heuristics/BehaviorAnalysis (H/BA) and databases.
2) At the text-description of the add-on we can read:
"Part of the processing is done in the cloud with some intelligent small engines that make various checks on pages you're visiting enabling you to have top notch antiphishing and antimalware protection.
TrafficLight won't block an entire website if just some pages within are malicious. Only the potentially harmful elements are blocked, leaving you free to view the rest of the site if you so choose.
Advanced malware filter.
It is a free cross-browser add-on that intercepts, processes, and filters all Web traffic, blocking any malicious content and taking browser security to new levels."
It is needed some level of H/BA to perform the described tasks.
3) Malicious URLs tests:
I did a lot of tests with similar add-ons (BDTL, Avast, Avira, Norton, Qihoo, Malwarebytes etc).
I used the most important different sources, with new and old malicious URLs (including zero-day-attacks).
Most of the new malicious URLs (zero-day-attacks) are undetected by other add-ons, while BDTL catches at least 80% of them. We are talking about malicious URLs discovered from the last hours, so is very difficult to be in a list/database. It is obvious that BDTL detects them with something else. The number of false positives, also indicates that BDTL uses H/BA.
For example, If you test Malwarebytes add-on against BDTL, clearly you will observe that Malwarebytes doesn't detects the newest URLs, but BDTL detects them.
For URLs 48 hours old, Malwarebytes detects before BDTL detects. This happens because BDTL is more cloud intensive, and perhaps also due to H/BA. Signature database always performed better and quicker for old malwares.
In my case, I prefer zero-day-attacks detectors. So I choose BDTL.
It just fits better with my other security measures (on and off-line). BDTL is better for my security combo.
My understanding is that each user must have the security software/solution for your profile, strategy and personal combo.
PS: With regards to on-line malicious URLs, people living out of Europe/USA can't relay completely in signature databases. H/BA and real-time detectors/blockers are necessary as complements.