Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I believe for security, AdGuard checks live against cloud.
yes, it's true but in my tests, adguard's database is always poor and useless
adding customs filter does not belong to cloud checking

Is the malwarebytes score accountable for only MB browser extension without the main software? Then I'm considering to add that extension. Thanks for your hard work. :) Very interested to know how good Firefox is against phishing/malware

Also Chrome = 12 and Avira = 9
Are these overlapping scores? Is default Chrome better than with Avira extension?
they are 2 seperate things and they can work independently. according MB's devs, MB extension is more powerful than MB3's web filter
I don't know. It takes time to find out if they overlap or not but surely some blocks overlap


How about Malwarebytes Browser Extension?
it's the most powerful malware filter extension. However, it has a lot of problem with false positives so use it with care
it also slightly slows down your browser especially on on first start of the browser after boot. Some people feel zero slow down
 
D

Deleted Member 3a5v73x

Don't have any of these, I manually filter out malware extensions, if using uBlock, always disabling MDL. Internet seems very safe place, hi mom.
 
  • Like
Reactions: upnorth

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Don't have any of these, I manually filter out malware extensions, if using uBlock, always disabling MDL. Internet seems very safe place, hi mom.
each person has their own formulas for protecting their PCs which suit their usage and their family/friend usage. I setup my PC differently from other PCs
for me, I always use default-allow AVs + hardening tools + more default-allow tools, all must be light-weight and effective + they must complement each others to patch "visible" weaknesses I find out about each products
I use kaspersky free in some machines (usually friends when I don't usually play with their machines). I use avast in my family machine because they are next to me and avast is safer than kaspersky free due to hardened mode with syshardener

in my dictionary for novice users (parants, friends): default-deny = zero usability (but better speed) = complaints = more time to educate people, which I don't have and they tend to forget in 2 minutes

I have been using avast (HM) + disabling scripts (now with syshardener) + 2-3 custom filters or extensions (light such as WDBP) + some telemetry workaround => no one has been getting any infection for 8 years and they don't contact me for any reason and I don't have to educate them anything (besides some phishing attacks), just let them use their PCs recklessly, still haven't got infected
They don't care about telemetry so I don't mind too

usability is almost not affected (slight slowdown due to realtime AV as an exchange), easy-to-use: almost not not affected because they have to decide nothing (unlike default-deny), security 95% as good as default-deny becuase my setup is hybrid between default-allow and deny but without user's decision

Occasionally check for malware using combo: NPE, zemana, HMP, never find anything in any PC, except some left-over blocked files by Hardened mode, which are kept but not deleted

This is all fact

if people are intentionally hacked by hackers or vulnerabilities, regardless of default-deny, it just can't be stopped
 
Last edited:

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
I use kaspersky free in some machines (usually friends when I don't usually play with their machines). I use avast in my family machine because they are next to me and avast is safer than kaspersky free due to hardened mode with syshardener

in my dictionary for novice users (parants, friends): default-deny = zero usability (but better speed) = complaints = more time to educate people, which I don't have and they tend to forget in 2 minutes

I have been using avast (HM) + disabling scripts (now with syshardener) + 2-3 custom filters or extensions (light such as WDBP) + some telemetry workaround => no one has been getting any infection for 8 years and they don't contact me for any reason and I don't have to educate them anything (besides some phishing attacks), just let them use their PCs recklessly, still haven't got infected
They don't care about telemetry so I don't mind too

This is all fact

if people are intentionally hacked by hackers or vulnerabilities, regardless of default-deny, it just can't be stopped
I don't agree that it is all fact. Status quo has little to do with security. I know people who use WD for their antivirus, and have been virus-free for longer than eight years. I even know a couple of people who are still using Windows XP. But their success is mostly due to staying in the pasture. They're not safe because WD is tougher than their attackers; their safe because there haven't been any attackers. And there's a first time for everything. All it takes is one successful attack, and eight years become zero.

That said, default-deny does not equal zero usability; this sounds like paralysis before analysis. When working with VoodooShield, most functions of preexisting apps are whitelisted from the get-go. New apps require an exception for installation, and another for first run (unless it's a utility app, which my clients don't mess with). Otherwise, you don't see an alert unless you're opening an infected Word document, in which case you DO NOT click allow. It's pretty simple; we're not talking old-school PrevX. If you want to see how well Avast Free and Kaspersky Free perform, then you might try the HMPAlert test. They don't do so well against fileless exploits.

Lastly, when's the last time you were attacked directly? If you do your due diligence, like setting up a custom admin password for your router and disabling remote management; then the only packets coming through your firewall will be solicited by you (this includes drive-by downloads, which is why I prefer MBBE and its false-positives over a 99% detection rate). That is, assuming you don't have any port forwarding. And if you do, try VoodooShield or AppGuard. The latter makes a pretty bold claim, that they are undefeated in protecting several government agencies and hospitals.
 
Last edited:
  • Like
Reactions: oldschool

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
That said, default-deny does not equal zero usability; this sounds like paralysis before analysis. When working with VoodooShield, most functions of preexisting apps are whitelisted from the get-go. New apps require an exception for installation, and another for first run (unless it's a utility app, which my clients don't mess with). Otherwise, you don't see an alert unless you're opening an infected Word document, in which case you DO NOT click allow. It's pretty simple; we're not talking old-school PrevX. If you want to see how well Avast Free and Kaspersky Free perform, then you might try the HMPAlert test. They don't do so well against fileless exploits.
I don't talk anout myself, I meant novice users who don't can/can't perform simple tasks other than opening their browsers, MS office,...
for my voodooshield or any anti-exe are fully usable but for them, it almost unusable because they can't decide the safety of a file, because they don't have enough skills and because anti-exes are likely to block everything including truely safe files (newly downloaded from the internet)

for them, anti-exe or any default-deny solutions cause more trouble than what to can solve
they can archive 99-100% protection but for novice users, they block everything

I don't mind about any fileless or scripting attacks because I block them all (vectors). They are not allowed to run in any computer I can touch, thanks to syshardener and some personal SRP tweaks. The only things these PCs have to deal with are .exe, .msi, phishing attacks => add strong phishing filters and file reputation checker (windows smartscreen, avast's hardened mode) so only safe and reputable files can run, of course they might miss a few but the chance is small

for exploits, it's hard to prevent but I truely believe home users are unlikely to encounter targeted attacks, mostly bussiness environment
I always think HMPA is overrated because it actually can't prevent any attack when every script is blocked and it failed to block wannacry's exploit => they added this protection after the outbreak but kaspersky and ESET's exploit protections successfully blocked this exploit

I have been studying via this forum for a few years and personal experience with many softwares. I create my own formula for security. I don't want 100% security, 50% usability but 95% security and 99% usability

about WD, I know if I use WD in any of my PC, they will 100% get infected because I know its weaknesses and how my family use computer
 

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
I don't talk anout myself, I meant novice users who don't can/can't perform simple tasks other than opening their browsers, MS office,...
for my voodooshield or any anti-exe are fully usable but for them, it almost unusable because they can't decide the safety of a file, because they don't have enough skills and because anti-exes are likely to block everything including truely safe files (newly downloaded from the internet)

for them, anti-exe or any default-deny solutions cause more trouble than what to can solve
they can archive 99-100% protection but for novice users, they block everything

I don't mind about any fileless or scripting attacks because I block them all (vectors). They are not allowed to run in any computer I can touch, thanks to syshardener and some personal SRP tweaks. The only things these PCs have to deal with are .exe, .msi, phishing attacks => add strong phishing filters and file reputation checker (windows smartscreen, avast's hardened mode) so only safe and reputable files can run, of course they might miss a few but the chance is small

for exploits, it's hard to prevent but I truely believe home users are unlikely to encounter targeted attacks, mostly bussiness environment
I always think HMPA is overrated because it actually can't prevent any attack when every script is blocked and it failed to block wannacry's exploit => they added this protection after the outbreak but kaspersky and ESET's exploit protections successfully blocked this exploit

I have been studying via this forum for a few years and personal experience with many softwares. I create my own formula for security. I don't want 100% security, 50% usability but 95% security and 99% usability

about WD, I know if I use WD in any of my PC, they will 100% get infected because I know its weaknesses and how my family use computer
Yeah, I suspect your experience with VoodooShield is rather limited. Because you don't even realize what you're saying when you talk about people who can't do anything beyond opening their browsers and using MS Office. Those people won't get any alerts with VS, unless a file is actually infected. And if that ever does happen, they won't get an allow/deny request; they'll get a notification that it was blocked. In order to open the file, they actually have to click on the alert, then click yes, and then click "yes, I know what I'm doing."

I agree that HMPA is inadequate. But its test is a quick fail if your AV doesn't catch it. Avast's hardened mode doesn't, and neither does Kaspersky. If you want more tests, watch Cruelsister's videos. And I don't put much stock in syshardener, either. Most of its settings are more reliably applied manually, as the app doesn't always succeed at pushing them through. And how about sharing these SRP tweaks you refer to?
 
  • Like
Reactions: oldschool

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Yeah, I suspect your experience with VoodooShield is rather limited. Because you don't even realize what you're saying when you talk about people who can't do anything beyond opening their browsers and using MS Office. Those people won't get any alerts with VS, unless a file is actually infected. And if that ever does happen, they won't get an allow/deny request; they'll get a notification that it was blocked. In order to open the file, they actually have to click on the alert, then click yes, and then click "yes, I know what I'm doing."
I was using VS for more than a year and I finally ditched it due to slight system slowdown and too many popups prompting for decisions in autopilot mode. Yes, autopilot mode, for 1 year so I kinda know what I was talking about. In autopilot mode, it's because of the imperfectness of voodooAi, VS still prompts for decision. VoodooAi and virustotal API must be both safe (match certain criteria) so the file can be allowed without any prompt but because I don't live in US or Europe, our foreign programs are always prompted by VS => I was tired of this
same for comodo firewall autosandbox. Most of our programs are not included in the comodo's trusted vendor list => unusable for novice users

for English-speaking users, VS is perfect but not for Asian users because it generates too many prompts
VS doesn't support my language => another reason I can't install it on other people's machines

In my experience with some novice users who don't speak English, they 90% of the time clicking allow without reading what the message is. The same apply for windows's UAC=> they simple click Yes for everything because they want to run their programs

I know about HMPA test but I don't mind it because it's unlikely home users will get these exploits. It's more realistic to block common attacks like exe, msi, phishing,...

my SRP tweaks are too complement what syshardener, tweaked, misses, usually with powershell
I use gpedit.msc to block execution of powershell.exe, some extra extensions like hta, ps1, com, scr, vbs, vb, vbe, jar, jse,...
I think it's enough for those machines
I don't put too many SRPs on these, I don't want them to have any trouble
 

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
for English-speaking users, VS is perfect but not for Asian users because it generates too many prompts
VS doesn't support my language => another reason I can't install it on other people's machines
Ah, that explains a lot. I'd be surprised if it's not still possible to whitelist Asian apps, albeit with a few more alerts. The language issue is another matter entirely. C'est la vie.
 

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
I thought this was the Browser Extensions: Malware & Phishings thread! :LOL::devil:
You're right. MBBE gets my vote. More false positives to be sure, but virtually watertight protection for the browser. I was downloading VS 2.86 from a warez site, and within milliseconds it had opened ten additional tabs before getting me to the download. MBBE blocked them all, as quickly as they opened. It happened so fast, that all ten tabs were on a Malwarebytes page before I even realized that ten new tabs had opened.
 
Last edited:

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,701
https://1hosts.cf/ is outdated. Anyone else experiencing the same? Any solution?

What are the recommended filters for overall protection?

You might try these:

https://www.squidblacklist.org/downloads/dg-malicious.acl
https://raw.githubusercontent.com/EnergizedProtection/block/master/blu/formats/hosts
https://openphish.com/feed.txt

See posts #706 and #732 or PM @Evjl's Rain or these other posters. The Energized offerings on FilterList includes different lists if you wish a bigger "all-in-one" list. I rely primarily on Medium Mode and bookmarks, not so much on filters - but everyone has different browsing habits. (y)
 
5

509322

I don't talk anout myself, I meant novice users who don't can/can't perform simple tasks other than opening their browsers, MS office,...
for my voodooshield or any anti-exe are fully usable but for them, it almost unusable because they can't decide the safety of a file, because they don't have enough skills and because anti-exes are likely to block everything including truely safe files (newly downloaded from the internet)

Really ? Because the Voodooshield developer claims that usability is perfect for the typical user who is mostly helpless on a PC - which is exactly the kind of person you are describing that cannot handle Voodooshield. He claims his product is superior to everyone else's. He's made that claim across the forums, citing forum poll results as proof - not exactly unbiased evidence and certainly not certified double-blind independent 3r-party confirmation. Based upon what you're saying, those that you have introduced to Voodooshield would disagree with his claims.

From your description there is an obvious disconnect between the claimed usability of Voodooshield and its actual usability.

Hmmm. You might want to help the guy out and report your usability problem findings that come right from the hourses' mouths in the field... from typical, novice users.

Anyway, it's not important. I just found your observations with Voodooshield interesting. That's all.

I will tell you my direct observations of many typical users across multiple demographics. Typical users can barely handle default Windows unless they are properly instructed. The typical user enters the unknown as soon as they install any security software. So usability is a problem from the very beginning - and that even includes something as basic as Windows Defender or Ikarus. I have even seen typical users struggle with the old Herd Protect scanner because of language and terminology in the GUI.

In other words, usability is relative. It's completely dependent upon the user - and that establishes one paramount fact - that there is no substitute for user knowledge and experience.

With SRP such as AppGuard, it is much more simple to learn and use than a complex internet security suite - but still - some effort is required of the user. It's not an unreasonable burden. However, there is no denying it... the user has to put forth some effort, just the same as learning how to master any software for that matter. The burden on an AppGuard user is far, far less than say, for example, just the process of figuring out Microsoft Word.

People aren't stupid. They can learn. But when you are dealing with people who don't want to know - in other words have no inclination to learn - then the best solution is to prevent them from executing the vast majority of stuff - which is basically what you do with Avast Hardened Mode and disabling Windows stuff. So you can call it whatever you wish, but you are actually using a default-deny configuration. It is way more default-deny than it is default-allow.

And you prove that even a total novice can use default-deny without any ill consequences.
 
Last edited by a moderator:

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Most average PC users don't install software, but simply use software.

Steps for install and forget default deny on Windows 10
1. Install Configure Defender (download link) to enable all Windows Defender protections

2. Add a basic user SRP allowing admins to overrule, you can use Simple Software Restriction Policies or HardConfigurator. I always use my registry hack which includes additional file types. Don't forget to add the Symantec regsitry tweak to run MSI as administrator. Tell them to use run as admin when they want to install something.

3. Download and install SysHardener (disable wscript)

4. Open Windows Defender exploit protection, add a block starting other processes rule for
- wmic.exe, csript.exe, rdpshell.exe and powershell.exe, mshta.exe

5. Configure browsers
a) Disable IE11 in Windows10 (programs and features)
b) Add Adguard extension to Windows Edge (enable malware protection to add chrome's + Yandex safe browsing)
and set Edge to start with blank new page and forget history
c) Install Chrome and add extension MalwareBytes Browser Extension, plus auto history wipe

Happy days
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top