sorry but I kind disagree with this because when I test, I only pick verified phishing links, which are obviously phishing such as paypal and american bank replicas and most of them don't have https
...
Yes, that is the point we disagree. Such web pages can be totally blocked in many ways:
hxxp://abc.com/def/xxx/yyy/
index.php
hxxp://online.bankofamerica.com.abc.de.fg/
favicon.ico
hxxp://paypal-update.abc.com/
favicon.ico
hxxp://abc.nxt/
index.html
etc.
The above examples are taken from Pfishtank and were blocked by WDEG 'Network Protection'. If the paypal and american bank replicas were not blocked, then they were simply missed. But generally, they are blocked if recognized on the blacklist.
it's weak because it fails to block those obviously phishing links
regardless of the format of the url, if the page appears to be a phishing, it should be a miss
You know that this argument is weak, because all web blockers based on the blacklists will miss the obvious phishing web page if it is not on the blacklist.
Furthermore, it is not true that opening the phishing website, especially the legal but hacked website is a miss. Here is the example from the Phishtank:
hxxp://xyz-baseball.com/cn/abcdefghijk/?login=&.verify?service=mail&data:text/html;charset=utf-8;base64,PGh0bWw%20DQo8c3R5bGU%20IGJvZHkgeyBtYXJnaW46IDA7IG92ZXJmbG93OiBoaWRkZW47IH0gPC9zdHlsZT4NCiAgPGlmcmFt
If the shortened link
hxxp://xyz-baseball.com/cn/ to the legal website will be blocked, then all its users will not be able to login there. Yet, If it will be blocked by the full URL, then only hacked logins will be blocked.
That is why I made a special test (only 100% validated phishing links included) that you already know, and it does not prove that WDEG 'Network Protection' is weak. But, of course, this is only one such test so who knows. More such tests are required to prove something.
Q&A - [Updated 6/9/2018] Browser extension comparison: Malwares and Phishings
