New Update Test of web browser extensions (AVLab - XI 2018))

ichito

Level 11
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
A demand for free solutions which protects computers is high, so we couldn’t skip this type of security tools. Most of the tested solutions achieved a slightly different result which to some extent reflects the fact that developers share information about threats. However, there is no doubt that the Check Point SandBlast Agent for Browser extension has gained the leading position (remember that its free version protects only against phishing).
Test of web browser extensions for protection against malicious software

uBO?...where are you?
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
No idea how comodo online security would beat trafficlight, since there protection next to zero
It seems to be doing surprisingly good, blocking almost everything at phishtank, malcode or vxvault.
 

Attachments

  • capture_11302018_135958.jpg
    capture_11302018_135958.jpg
    180.6 KB · Views: 458
5

509322

The test results make perfect sense based upon what and how the test was performed. One has to read the entire test notes to understand the results.

I'll give the clueless a hint... anti-phishing wasn't tested, address blocking wasn't tested, web-content blocking was not tested,...

The data in this study proves that merely blocking web-content based upon lists provides very little to overall security. It's a fact that is well accepted except by browser-extension crazed security forum members.
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Check Point SandBlast is the interesting product in the test.

It's apparently linked to their enterprise product and/or other Check Point products.

So, apparently.... we can't really use it -- without other Check Point products.

Does anybody know anything different?

It's right 'there' -- ready to be added to Chrome. Any 'secret' tweaks to make it work?

Check Point SandBlast Agent for Browsers
 
  • Like
Reactions: oldschool
F

ForgottenSeer 58943

Too bad they didn't test the FortiClient Chrome Extension. Hehe

Also, I do not trust Checkpoint either way. I assume uBlock did poorly because it simply depends on lists and really only checks TLD, not actual malware activity so it's probably useless in that respect.

Finally - Panda no longer tries to install SafeWeb extension when you install Panda Dome (paid) products.
 

ichito

Level 11
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
uBO is mainly a adblocker. so there is no problem that it missed so much. its not the job from uBO to block malware.
Realy??...so why they say on his page
uBlock Origin is NOT an "ad blocker": it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker". The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites
gorhill/uBlock
I think people beleve that due to uBO installation they are protected and perhaps you know that some of them even disable filtering modules in installed AV to have "better" protection. uBO have gained milions of users but maybe few thousands know how good prepare this addon to work.
 
F

ForgottenSeer 58943

Speaking of this.. A regional online news source I read 'requires' adblockers to be disabled to view it. Today I went to read the latest news, disabled adblocker, and Gryphon fired off on the website constantly. Big fan of layered security here.

G_malware.png
 
  • Wow
Reactions: Handsome Recluse
5

509322

Realy??...so why they say on his page

gorhill/uBlock
I think people beleve that due to uBO installation they are protected and perhaps you know that some of them even disable filtering modules in installed AV to have "better" protection. uBO have gained milions of users but maybe few thousands know how good prepare this addon to work.

uBO does not block malware downloads. That is what was tested. IP address\URL\web-content blocking was not tested.

The malicious file samples were obtained via honeypots and tested as a drive-by download from essentially private\non-public LAN IPs. It is explained in the test notes.

uBO will never succeed in drive-by download testing because it is merely a web-content blocker as Gorhill explains. It does not inspect any downloads whatsoever. It merely blocks IP\URL\scripts that are in a list.

Web content filtering is good for ad blocking, but for malicious site blocking it is only marginally effective. The only ones who think that malicious web content filtering is of utmost important are browser extension crazed security forum members.

It is so trivial to bypass blocking by what is in a list. Such blocking offers the equivalent of 1 in 100,000 protection.

Of course one can get much better protection out of uBO by configuring it for every single website, blocking javascript, third party scripts, etc, etc. However, only a minute number of people go through all the trouble because it is a major hassle.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top