New Update Osprey Browser Protection discussion and updates

[piquiteco]

I agree. According to Perplexity, 84% of phishing sites are taken offline in less than 24 hours. Most of them cease to exist after around 15 hours. I didn't watch Shadowra's video so I can't comment. Malicious sites last longer, I think.

I just tested several recent malware URLs with direct downloads and Osprey blocked all of them and not a single one went unblocked. As I'm using Kasperksy on this machine, Osprey was blocking the urls with final.exe, .x86, .sh, arm4,5,6,7 and so on, and soon afterwards the Kasperksy notification came up as download denied, as I configured it in K to the extreme level to block, I think it's impossible to get infected. Let's consider that Osprey Browser Protection is the first line of defense and the second line of defense is your antivirus, I don't think there's anything to worry about here. Let's consider what @silversurfer said, for me the extension is fine, I'm not demanding anything, @Foulest did a great job, I can only thank him, he still participates here with us on the MT forum. So for me the extension is perfect.

 

[CyberDevil]

Hackers can easily make malicious scripts to load first and massively increase chances of executing script before Osprey reacts.

The cost of a script that can go beyond the browser sandbox and execute some code in the user's operating system is from a million dollars. Such egregiousnesses are found at best once a year and are instantly fixed. Afraid to encounter it in real life ... You can wear a helmet while walking around the city

@Foulest By the way, I was wondering if your extension always blocks only the whole web page, right? For example, Traficlight has a declared functionality of blocking known dangerous scripts without blocking the whole page, but I think such functionality will slow down the browser too much?

 

[Marko :)]

I just tested several recent malware URLs with direct downloads and Osprey blocked all of them and not a single one went unblocked. As I'm using Kasperksy on this machine, Osprey was blocking the urls with final.exe, .x86, .sh, arm4,5,6,7 and so on, and soon afterwards the Kasperksy notification came up as download denied, as I configured it in K to the extreme level to block, I think it's impossible to get infected. Let's consider that Osprey Browser Protection is the first line of defense and the second line of defense is your antivirus, I don't think there's anything to worry about here. Let's consider what @silversurfer said, for me the extension is fine, I'm not demanding anything, @Foulest did a great job, I can only thank him, he still participates here with us on the MT forum. So for me the extension is perfect.

That's great, but this doesn't necessary mean the extension is perfect. Visiting a website is completely different from loading one particular resource. Just look at the number of requests your web browser makes when you're opening MalwareTips, and when you visit a direct link to download one particular file.

If you're willing, we can continue testing it...

1. Create an .html file using Notepad and replace URL_TO_MALICIOUS_FILE with real link leading to it.

<html>
    <head>
        <title>Osprey test</title>
    </head>
<body>
    <h1>Osprey test</h1><br>
    <a target="_self" href="URL_TO_MALICIOUS_FILE">link to malicious file</a>
    <a target="_blank" href="URL_TO_MALICIOUS_FILE" >link to malicious file (new tab)</a>
</body>
</html>

2. Open your web browser, disable built-in phishing and malware protection (we want Osprey to detect it) and then open that .html file in it.
3. Click those two "link to malicious file" and see if Osprey will react in all cases.

What will this test do? It will show us if Osprey detects only when the main website is malicious or it will detect the malicious hyperlinks too. We need to test the extension throroughly and to make test as much as close to reality as we can. Just collecting bunch of links from malware dumps and opening one by one link in the web browser isn't really a real use-case scenario.

The cost of a script that can go beyond the browser sandbox and execute some code in the user's operating system is from a million dollars. Such egregiousnesses are found at best once a year and are instantly fixed. Afraid to encounter it in real life ... You can wear a helmet while walking around the city

Absolutely. I never encountered an exploit at the first place, which is why I have relaxed stance on security and don't burden my PC with security software. On this forum I encountered many very paranoid people so this is purely because of them.

@Foulest By the way, I was wondering if your extension always blocks only the whole web page, right? For example, Traficlight has a declared functionality of blocking known dangerous scripts without blocking the whole page, but I think such functionality will slow down the browser too much?

I think it only blocks whole page as to block particular scripts, Osprey would need to send all URLs for check.

 

[Vitali Ortzi]

This add-on is really interesting, great job by the developer. I will definitely install this on my grandparents laptop to better protect them against phishing.

Does this add-on slow down webpage loading since it uses so many different providers APIs to check the links?

It checks it after the page loaded and does it's best to not slow down and you shouldn't notice a impact on page loading time

 

[Gandalf_The_Grey]

The context menu doesn't work anymore with version 1.1.7 on Microsoft Edge 135.0.3179.98.
Did the Firefox fix break the Chrome version?

 

[piquiteco]

The context menu doesn't work anymore with version 1.1.7 on Microsoft Edge 135.0.3179.98.
Did the Firefox fix break the Chrome version?

My EDGE has just been updated to this version and is asking to restart for the update to take effect, what context menu are you talking about, do you have a screenshot? In Chrome I haven't tested it, I need to see

 

[Gandalf_The_Grey]

My EDGE has just been updated to this version and is asking to restart for the update to take effect, what context menu are you talking about, do you have a screenshot? In Chrome I haven't tested it, I need to see

It should be something like this, when you right click the extension:

From GitHub

And I have this:

No Osprey options, like enable notifications (and there are a few others).

 

[SeriousHoax]

That and much more. Malicious scripts have way more potential than just launching drive-by download attack. It's also worth to have in mind that while website might deem safe, scripts can come and execute from third party domain(s) which makes this approach even more dangerous.

I don't think any extension can properly do what you're asking. Keep in mind all they do is, check it against a blacklist. For a third-party script if we assume it's loaded from malware(.)com/harmful.js then either the AV vendor's database need to have malware(.)com in their blacklist or the source directly malware(.)com/harmful.js.
For scanning a malicious script in real-time you are going to need an AV scanner which doesn't come with an extension.

Sometimes a wesbite can get compromised where loading a script from a third-party source might not be necessary and in that case, the main site's html will include the malicious javascript which 9/10 times will be obfuscated. So you would need an AV with HTTPS scanner function like Avast, Bitdefender, ESET, Kaspersky and they will have to emulate the script in their engine to know what is the purpose of this script and if they have signatures for it, only then they will get detected.

So without an active AV with such capabilites, it's not easy to detect such malicious script.

 

[piquiteco]

That's great, but this doesn't necessary mean the extension is perfect.

Ok I get it, perfect was my way of saying maybe for me, it doesn't mean that the extension is unbeatable, nothing is perfect, but can you point me to any other extension that blocks practically 99.99% of pshishing and malicious sites? As far as I know, there isn't one at the moment I'm writing this post.

Visiting a website is completely different from loading one particular resource.

Okay, that was a standard test that most people do.

If you're willing, we can continue testing it...

Ok, I've tested it, I'll clear the cache and restart the machine and redo the tests, at first the Osprey reacted and blocked. I've disabled everything as you asked, then I'll come back with the results...

 

[piquiteco]

It should be something like this, when you right click the extension:
View attachment 288305
From GitHub

In Edge I'm on version 135.0.3179.98 and it's normal Osprey. I haven't tested Chrome because it's not installed and I'm not using it on this machine. I'll check on another one and see how it is.

Spoiler

 

[piquiteco]

And I have this:
View attachment 288306
No Osprey options, like enable notifications (and there are a few others).

I'll try it out on Chrome, Brave and EDGE. I'm already working on it.

 

[Gandalf_The_Grey]

I reinstalled Osprey and now I have the context menu back.

Strange, the only change I did today was trying the AdGuard MV2 extension, could that be the cause?

 

[Gandalf_The_Grey]

I'll try it out on Chrome, Brave and EDGE. I'm already working on it.

No need, it was something on my end, but thanks

 

[piquiteco]

I reinstalled Osprey and now I have the context menu back.

Strange, the only change I did today was trying the AdGuard MV2 extension, could that be the cause?

I think it might have been a bug in Chrome, I don't know. I tested it in all 3 browsers, Chrome I just installed and added the Osprey extension and the context menu appears normally, in Brave and EDGE everything normal I will send the versions and screenshots for you to take a look, I'm glad you said, I'm already testing it and I took the opportunity to see this for you. All 3 browsers chrome, Edge and Brave as I said updated today on 26-04-2025.

Spoiler: Chrome 135.0.7049.115 (Official Build) (64-bit)

Spoiler: Microsoft Edge Version 135.0.3179.98 (Official build) (64-bit)

Spoiler: Brave is up to date Version 1.77.101 Chromium: 135.0.7049.115 (Official Build) (64-bit)

 

[piquiteco]

No need, it was something on my end, but thanks

You're welcome buddy, I had already tested it and posted it, I just hadn't sent it yet.

 

[Foulest]

The cost of a script that can go beyond the browser sandbox and execute some code in the user's operating system is from a million dollars. Such egregiousnesses are found at best once a year and are instantly fixed. Afraid to encounter it in real life ... You can wear a helmet while walking around the city

@Foulest By the way, I was wondering if your extension always blocks only the whole web page, right? For example, Traficlight has a declared functionality of blocking known dangerous scripts without blocking the whole page, but I think such functionality will slow down the browser too much?

You can turn off ignoring frame navigation to block scripts loaded on web pages. False positives will occur much more due to the amount of URLs being checked.