Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Makes sense to test it. Looks like it did fairly well.

~LDogg
the problem is, it can only shine with tweaked settings. The default setting is useless against malwares as it never blocks anything in my test
block unrated seems to be a default-deny solution for web protection, but it slows down web browsing a lot because it suspends the page from loading and has to wait for the result from the server. It takes time
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
the problem is, it can only shine with tweaked settings. The default setting is useless against malwares as it never blocks anything in my test
block unrated seems to be a default-deny solution for web protection, but it slows down web browsing a lot because it suspends the page from loading and has to wait for the result from the server. It takes time
That's could be the downside to this product then. If tweaked can be good but the page loading as you stated is slow. Overall doesn't look worthy of a subscription bit. Even forticlient free web filter seems to be a lot faster by the sound of it.

~LDogg
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
That's could be the downside to this product then. If tweaked can be good but the page loading as you stated is slow. Overall doesn't look worthy of a subscription bit. Even forticlient free web filter seems to be a lot faster by the sound of it.

~LDogg
blocksi for chrome is free :)
other services on their website aren't free

if someone cares about default-deny, blocksi is a good extension. If they have good internet speed, they might not notice any slowdown. I'm too far from US or Europe
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
blocksi for chrome is free :)
other services on their website aren't free

if someone cares about default-deny, blocksi is a good extension. If they have good internet speed, they might not notice any slowdown. I'm too far from US or Europe
Would that mean I could get Blocksi via Chrome Extension for opera? If so I may give it a try!

~LDogg
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Would that mean I could get Blocksi via Chrome Extension for opera? If so I may give it a try!

~LDogg
there is no official support for opera in the webstore but you can try to port it opera by
Install Chrome Extensions
if it works, it works. If it doesn't, sorry
 

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Test 3/9/2018
With many PUP/adware links

chrome 26
malwarebytes 23
avira 20
comodo 2
WDBP 10
blocksi block unrated 27
ublock squidblacklist 10
hphosts (full+partial) 14
IE/Edge 22 or 23 (1 warned but didn't block)

ThorRC 16
Forticlient 25
kaspersky 21

a bad show from Kaspersky (as expected, against PUPs)
I won't test Norton Safe web and DNS security.
Neustar DNS always wins

Screenshot comparing Thor RC and hphosts. Thor is left, hphosts is right. Same files are highlighted
Thor actually prevented 1 link from downloading (without any notification) because the link contacted via port 8081. It can only be downloaded with thor disabled
@Nightwalker

Most of that stuff was block by these host file in UBO that i added.
CHEF-KOCH's Malware Filter List
 
Last edited by a moderator:
F

ForgottenSeer 69673

I only clicked on a few links but the last one on the list showed a to download and I clicked cancel but about 20 seconds later Cylance quarantined it anyway, even if I chose not to download it.
The next one I clicked on was blocked with Windows smart screen, Edge. I do have the Ublock extension for Edge but don't think I have all the right filters set up for it yet. I will check out the other links later.
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Test 6/9/2018, all from VT 60 links
Code:
a.doko.moe/izgvrd
aile.pub/newsletter/En/Invoice-Corrections-for-75/65
aktha.in/O4qS2n
aspettaprimavera.it/4LmlHpS
azathra.kmfkuii.org/oldplugins/9223896WDXZ/PAYMENT/US
barcounterstools.info/13EQ/PAYMENT/US
biciculturabcn.com/Receipts-09-18
bo2.co.id/60740SUFKAD/com/Business
clipkadeh.ir/wp-includes/xerox/EN_en/Overdue-payment
conservatoriocimarosa.gov.it/QtJJky
dev.pacificsymposium.org/UKZvz1aj
emmlallagosta.cat/DOC/En/Summit-Companies-Invoice-4045545
empire-pi.co.za/040QVJZM/com/US
enet.cm/ZGWLBkF8F
engage.tb-webdev.com/0739ITKSNY/ACH/Smallbusiness
fib.usu.ac.id/templates/files/US/Inv-87109-PO-6D135435
fidfinance.com/Receipts/
flowerella.ca/For-Check
gospelldigital.com.ng/INFO/En/Invoice-receipt
gutshaus-hugoldsdorf.de/Invoice-09-18
habarimoto24.com/667MJB/oamo/Commercial
hotellaspalmashmo.com/305102X/SWIFT/US
hps.nz/Document/EN_en/Outstanding-Invoices
hukukportal.com/default/US_us/Overdue-payment
iconnectedintelligence.com/uXHtKU
imish.ru/UKd94kPc7U/
ingridkaslik.com/payment/
kristianmarlow.com/Documents
lashedbykylie.com/Receipts
lumoura.com/0496GIIF/PAYROLL/Commercial/
masjedkong.ir/8LCEWFVLF/com/US/
mebel-m.com.ua/493A/SWIFT/Commercial
morrissan.com/57HN/BIZ/Commercial
neatappletech.readysetselfie.com/74679OE/PAYMENT/Personal
newble.com/410632UNWK/PAY/Commercial
ni3s.com/2140018T/identity/Personal
noithattdc.com/cgi-bin/539USEZUYTB/SEP/Commercial
old.gkinfotechs.com/inIDT
oliveiras.com.br/Payments-09-18/
omlinux.com/xerox/En/Past-Due-Invoices
outsourcingpros.com/n4Gi3D31d8
pardis-decor.com/Receipts/
prestashop.inksupport08.com/604EQ/SWIFT/Commercial
psp.express/XMYMS
ruirucatholicfund.org/scan/EN_en/Invoice
sabritru.com/Documents
saqibsalon.com/INVOICE
sethoresg.com.br/4215SVQW/WIRE/Business
shop.irpointcenter.com/957NTPCW/com/Business
sokam-holding.com/FILE/US_us/Invoice
stsnetworkllc.com/1716RIACO/BIZ/Commercial
tabloid.id/iKZ9NWTm4V
test.fratiterrasanta.it/70564WF/SWIFT/Personal
treesurveys.infrontdesigns.com/payment-09-18
uvurkhangai-aimag.barilga.com/4992PU/biz/Commercial
viswavsp.com/zmaxmovment.exe
vpnetcanada.com/Corrections/
webartikelbaru.web.id/1143ZHEJ/oamo/Personal
[URL='http://www.mozambiquecomputers.com/files/etna.exe']www.mozambiquecomputers.com/files/etna.exe[/URL]
[URL='http://www.truongnao.com/tyoinvur/951670HWGNEE/PAYROLL/US']www.truongnao.com/tyoinvur/951670HWGNEE/PAYROLL/US[/URL]

chrome 49/60
ublock (custom) 35/60 => all blocks were from hphosts (full + partial = EMD+PSH+HJK+...)
avira 2/60
blocksi (block unrated) 60/60
comodo 0/60
malwarebytes 39/60
WDBP 4/60
Norton 3/60
Edge/IE 19/59

Forticlient 53/60
Kaspersky 53/60
K9 (default/custom = same result) 59/60


Thor RC 18/60
hphosts 35/60
Missed item analysis:
- 19 items are identical
- 5 items are exclusive in hphosts, 24 are in Thor RC
Windows 7-2018-09-06-05-53-58.png

ublock custom filters
Capture.PNG

k9 custom filters
Windows 7-2018-09-06-06-24-07.png
 
Last edited by a moderator:

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,139
Test 6/9/2018, all from VT 60 links


chrome 49/60
ublock (custom) 35/60 => all blocks were from hphosts (full + partial = EMD+PSH+HJK+...)
avira 2/60
blocksi (block unrated) 60/60
comodo 0/60
malwarebytes 39/60
WDBP 4/60
Norton 3/60
Edge/IE 19/59

Forticlient 53/60
Kaspersky 53/60
K9 (default/custom = same result) 59/60


Thor RC 18/60
hphosts 35/60
Missed item analysis:
- 19 items are identical
- 5 items are exclusive in hphosts, 24 are in Thor RC
View attachment 197107

ublock custom filters
View attachment 197106

k9 custom filters
View attachment 197108
So, from the tests it seems I can get rid of uBlock Origin or not? Can Blocksi blocks google analytics and those pesky cookie popup messages? Anything here that I needs UBO?

When I installed the Chrome extension it says

Blocksi Manager Dashboard locks-in the Filtering Policy, reports analytics and allows dynamic filtering policy changes.

So, does that mean it BLOCKS google analytics?

Thanks
 
Last edited by a moderator:

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
So, from the tests it seems I can get rid of uBlock Origin or not? Can Blocksi blocks google analytics? Anything here that I needs UBO?

Thanks
no you can't get rid of ublock because it's a true adblocker while blocksi or malwarebytes are not
blocksi is a domain blocker only while adblockers can block everything including domains, urls, hide elements,...
I don't know if blocksi can block analytics but it it can, it will be limited compared to true adblockers
even ghostery, disconnect are not comparable to ublock/adguard with sufficient number of filters at analytic blocking

never uninstall an adblocker because they are unique and useful
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,139
no you can't get rid of ublock because it's a true adblocker while blocksi or malwarebytes are not
blocksi is a domain blocker only while adblockers can block everything including domains, urls, hide elements,...
I don't know if blocksi can block analytics but it it can, it will be limited compared to true adblockers
even ghostery, disconnect are not comparable to ublock/adguard with sufficient number of filters at analytic blocking

never uninstall an adblocker because they are unique and useful
I have revised my earlier post. Can re-comment?

I just visted wilderssecurity.com and Blocksi blocks it saying

URL : wilderssecurity.com
Category : Unrated

So, Blocksi does blocks URLs

However, if I type hxxps://wilderssecurity.com Blocksi allows it

Thanks
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
So, from the tests it seems I can get rid of uBlock Origin or not? Can Blocksi blocks google analytics and those pesky cookie popup messages? Anything here that I needs UBO?

When I installed the Chrome extension it says

Blocksi Manager Dashboard locks-in the Filtering Policy, reports analytics and allows dynamic filtering policy changes.

So, does that mean it BLOCKS google analytics?

Thanks
Or you can enable advance mode in uBlock. And use its dynamic filtering.
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I have revised my earlier post. Can re-comment?

I just visted wilderssecurity.com and Blocksi blocks it saying

URL : wilderssecurity.com
Category : Unrated

So, Blocksi does blocks URLs

However, if I type hxxps://wilderssecurity.com Blocksi allows it

Thanks
I read your previous comment but I don't have a proper answer because I'm not familiar with blocksi. I'm sure that blocksi won't be great against ad/tracker
I don't like blocksi to be honest. I test it because some people are interested in it
wilderssecurity.com or www.wilderssecurity.com is a domain
Code:
https://www.wilderssecurity.com/find-new/4975955/posts
is an url (full)
blocksi doesn't block full url as it only blocks domain

for example, example.com/malware.exe is a full url. blocksi blocks example.com as a blacklisted domain
ublock can either block example.com or example.com/malware.exe specifically if there is rule for it

however, some malwares are distributed via githab, gitlab, email services or some reputable hosts => blocksi will be useless in this case because blocksi should not/cannot block github, gitlab,... domains because everyone uses them
adblocker or malware blocking extensions are more flexible as they can block specific urls such as

NOTE: all the links I posted above are not clickable, they are just examples
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top