New Update Test of web browser extensions (AVLab - XI 2018))

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
IMO uBlock Origin shouldnt be there, it is a wide-spectrum blocker (the best) and can improve the security by a very large margin, but it isnt a traditional security extension made to block zero day malware download.

For me the winner is Malwarebytes Browser Extension, the reason for that is because CheckPoint is a paid solution, more akin to FortiCloud Sandbox/Palo Alto Networks' WildFire class of product.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
IMO uBlock Origin shouldnt be there, it is a wide-spectrum blocker (the best) and can improve the security by a very large margin, but it isnt a traditional security extension made to block zero day malware download.

For me the winner is Malwarebytes Browser Extension, the reason for that is because CheckPoint is a paid solution, more akin to FortiCloud Sandbox class of product.

Agreed on Point #1 especially. Advanced user medium mode can afford more protection from malware-infested ads, but not websites. Not its job. But how many people actually know of and use uBO this way? Learning curve is simple with some trial and error. I can usually un-break a site with 1 or two clicks. Really only some built-in filters needed. No big deal.

@Evjl's Rain's test results speak for themselves. (y) What more to say?
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Who the hell uses uBlock Origin to block malware? I use it to cosmetically remove ads. That being said, how many here have run into a phishing site unknowingly? I've never in my life run into a phishing site.
 
5

509322

Who the hell uses uBlock Origin to block malware?/QUOTE]

There's a bunch of people here who use it for that purpose. Malicious URL filtering. It's very inefficient.

That being said, how many here have run into a phishing site unknowingly?

The vast majority of phishing sites are taken down within 48 hours. So by the time they would be reported and added to a list, the site has already been taken down.

Ad blocking makes sense. Anything else is a waste of resources. But the browser extension crazed forum members won't agree with that... no matter what kind of evidence is provided.

All the focus is upon how much an extension blocks, but that kind of testing never acknowledges reality - which is the fact that people very rarely end up on one of the sites in the lists.

Web content filtering protection is like 1 in 100,000 protection. Not effective and not efficient.
 
5

509322

Who the hell uses uBlock Origin to block malware? I use it to cosmetically remove ads. That being said, how many here have run into a phishing site unknowingly? I've never in my life run into a phishing site.

1. uBO is primarily an ad blocker with very limited malicious domain blocking capabilities.

2. Virtually no one ends up on phishing sites.

3. Malicious URL block lists are often stale and obviously behind the curve. What gets reported to the malicious URL gatherers and list compilers is only a fraction of what is out there.

4. The browser extension craze is pretty laughable, but it appeals to those that want free. And extensions are heavily promoted by that whole tin foil hat, privacy fanatic crowd.
 
Last edited by a moderator:

Mariihh

Level 3
Verified
Well-known
Mar 30, 2018
139
CheckPoint, Bastion of Unit8200 talent. Zone Alarm back channel stealing data off systems, etc. Checkpoint has likely been weaponized by the IDF and someone has to be a masochist to use it.
I respect your opinion, but I'd rather rely on CheckPoint than on American companies, Edward Snowden, who says that, in addition to other minds around the world, the EUA is number 1 in spying on everyone else :giggle:
 
F

ForgottenSeer 58943

I respect your opinion, but I'd rather rely on CheckPoint than on American companies, Edward Snowden, who says that, in addition to other minds around the world, the EUA is number 1 in spying on everyone else :giggle:

US Govt. has massive budgets and can do significant levels of spying on the entire planet. For US Citizens, the use of such data is limited, if not impossible so it serves them no purpose in most cases as while they can collect the data, they cannot utilize it because it isn't paired with actionable intelligence to authorize it. It's also a violation of the US Constitution. For anyone not a US Citizen, those protections aren't in place and the data is a free for all for the most part. Also remember, contractors and public domain intelligence aren't as well protected so that's almost a free for all. There are 'ways' around restrictions, such as CIA operations on US Soil is proxied by a rep from the FBI fronting the activity at the behest of, etc.

But for a non-US Citizen, I probably wouldn't use US Based stuff to be honest. If I wasn't based in the US you'd never catch me using it because those consumer protection laws, state and federal constitution aren't there for you. I'd actually be more inclined to toss my data over to Germany, with the decent German privacy laws (and their acute awareness of govt. overstep) and GDPR. Also some firms have signed the TeleTrust agreement which further enhances your security and privacy. Gdata is one company that signed the TeleTrust agreement.

The result - a “No Backdoor” guarantee. With this, the IT company based in Bochum, Germany, undertakes not to provide any holes for intelligence services in its security solutions. G DATA does not leave backdoors open, thus guaranteeing not only the best possible, but also reliable, protection against online threats. This point is very important for companies that take privacy and the forthcoming EU basic data protection regulation (EU-Datenschutz Grundverordnung; EU-DSGVO) seriously. In addition, G DATA promises that the leveraging of personal data and telemetry information is reduced to a minimum. As such, the principle of the EU-DSGVO is already being upheld - and, more than that, the processing of such information and data takes places exclusively in Europe.

So your point is very valid!
 

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
The malware filterlist of uBlock are futile compared with ip/URL block lists of extensions of AV/UTM companies.

When the number of blacklisted IP/URL ranges into millions in stead of thousend, a browser extension using cloud or server side black list is probably a lot faster and effectieve than client/endpoint stored black lists.

So even when uB0 was tested with in it's functional scope (malware blocking on URL) it would probably ended last also.

There are twice as much websites as there are people on this Planet, which makes URL blocking a number game.

It should be seen as additional protection, not as core defense for malware protection.
 
Last edited:

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
1544494211216.png


This thread made me aware of Sandblast. The only perfect product in this test.

They are now testing a browser extension. Maybe a few of you smart-guys should test this thing out and let the rest of us know how it goes.

See details at link below.

Do you want to influence an upcoming Check Poin... | CheckMates
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
although I believe in their tests, I suspect they are always sponsored by a vendor
for example, in previous tests, Arcabit was always top of the list but in the hub, it was average
in this test, they used a lot of words to describe Checkpoint but not anything else + checkpoint requires an external hardware to work so it's unfair for other standalone extensions

and how does avast online security block exe? It can never block exe. That's fact because that's how it works
 
5

509322

although I believe in their tests, I suspect they are always sponsored by a vendor
for example, in previous tests, Arcabit was always top of the list but in the hub, it was average
in this test, they used a lot of words to describe Checkpoint but not anything else + checkpoint requires an external hardware to work so it's unfair for other standalone extensions

and how does avast online security block exe? It can never block exe. That's fact because that's how it works

AV lab tests do not provide generic protection results. I don't know why people cannot grasp this fundamental fact. AV lab test results apply only to the specific test(s) performed using the specific samples\simulators used in the tests.

You cannot extrapolate any AV lab test result to encompass everyday use. It just doesn't work like that. AV lab testing is a sub-set of all possible eventualities. Comparing AV test lab results to malware HUB test results is erroneous for a lot of reasons.
 
Last edited by a moderator:

YossiH

New Member
Jan 2, 2019
1
I am the product manager in Check Point for the endpoint security products (including SandBlast Agent and SandBlast Agent for Browsers).
I want to assure you that we did not sponsor this test in any way. Actually, I, as a product manager was not even aware of this test until it was published.
Also, the solution does not require any hardware appliances as it can rely on a cloud service. However, the extension is provided as a part of our SandBlast Agent solution which provides very advanced EP threat prevention capabilities in addition to the browser extension. It does require a license that has some costs associated with it.

Regarding the below post, we are actually considering productizing the extension as a separate product with dedicated enterprise grade cloud management and we are looking for some feedback about our plans.
Do you want to influence an upcoming Check Poin... | CheckMates

You are encouraged to approach me on yossih@checkpoint.com if you want to be a part of the product advisory board for this.

Yossi
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
I am the product manager in Check Point for the endpoint security products (including SandBlast Agent and SandBlast Agent for Browsers).
I want to assure you that we did not sponsor this test in any way. Actually, I, as a product manager was not even aware of this test until it was published.
Also, the solution does not require any hardware appliances as it can rely on a cloud service. However, the extension is provided as a part of our SandBlast Agent solution which provides very advanced EP threat prevention capabilities in addition to the browser extension. It does require a license that has some costs associated with it.

Regarding the below post, we are actually considering productizing the extension as a separate product with dedicated enterprise grade cloud management and we are looking for some feedback about our plans.
Do you want to influence an upcoming Check Poin... | CheckMates

You are encouraged to approach me on yossih@checkpoint.com if you want to be a part of the product advisory board for this.

Yossi


Welcome to MT Yossi,

We need to get you registered as a rep here. Maybe @Jack can assist with this. We like industry reps here.

I hope you stick around and keep us abreast on the developments of SandBlast.

The product was impressive in that test.

For clarity -- would the product be developed for the consumer market? Would it be an independent extension much like the relatively new Malwarebytes Browser Extension? (Malwarebytes Browser Extension)

With very good extensions from Malwarebytes, the recently improved TrafficLight, and new Emsisoft extension.... will the SandBlast extension be similar?

If you plan to charge for the extension, what will it have that the aforementioned extensions don't?


Thanks,

v/r Burrito
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top