Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

goodjohnjr

Level 2
Jul 11, 2018
58
282
Link test 10/7/2018

chrome: 27/29
norton: 4/29!!!
Avira: 24/29
WDBP: 24/29 -> warned still downloaded
malwarebytes: 26/29
squidblacklist (ublock filter): 17/29
comodo: 27/29
Edge: 27/29

resource usage:
Norton < comodo < WDBP < ublock < malwarebytes < avira

comodo for safe websites is really really fast but when it detected malwares, it will redirect to a comodo page, which extremely slow to load (n)

WDBP needs respawn/recovery time, at least 1-2 seconds

Hello Evjl's Rain,

Now that Comodo finally did pretty well do you plan on adding Comodo DNS to your tests to see if it is finally worth using after all of these years?

Thank you,
-John Jr
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
Hello Evjl's Rain,

Now that Comodo finally did pretty well do you plan on adding Comodo DNS to your tests to see if it is finally worth using after all of these years?

Thank you,
-John Jr
I will consider it but I doubt it will do very badly
DNS and extension are entirely different

the best DNS malware blocking is Neustar recursive DNS
 

goodjohnjr

Level 2
Jul 11, 2018
58
282
I will consider it but I doubt it will do very badly
DNS and extension are entirely different

the best DNS malware blocking is Neustar recursive DNS

Thank you for answering that Evjl's Rain, yeah, I noticed how well Neustar Recursive DNS performed in one of your previous tests and I was surprised because I had never heard of it really or I heard of it but never tried it or saw it tested before.

All these years I have never seen a test where Comodo DNS has done good, though it has been a while since I have ever seen anyone test it, and so I am curious to see if it has improved since then to match or surpass the other DNS services that you have tested.

-John Jr
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
Updated 18/7/2018

sorry, no time to test more
Dropbox - test 18-7-2018.txt

chrome: 20/25
WDBP: 16/25
comodo: 15/25
ublock (default): 1/25
ublock (+custom): 20/25
avira: 20/25
Malwarebytes: 24/25
Bitdefender TL: 1/25 (expected)
avast: 0/25 (expected)
adguard (+custom): 1/25 (expected)
Edge: 24/25

DNS:
norton: 2/25
Quad9: 2/25
Neustar: 9/25

best list: hphosts > squidblacklist >>> AdZ >>> others = 1 or 0

list of applied ublock filters: default + these
hphosts+hphosts partial = all individual hosts combine (emd, hjk, exp, fsh,...)
1.PNG

my setup: Chrome + ublock (hphosts EMD+PUP) + comodo online security + WDBP + Norton Safe Web = 25/25
 
Last edited:

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,234
41,284
Updated 18/7/2018

sorry, no time to test more

chrome: 20/25
WDBP: 16/25
comodo: 15/25
ublock (default): 1/25
ublock (+custom): 20/25
avira: 20/25
Malwarebytes: 24/25
Bitdefender TL: 1/25 (expected)
avast: 0/25 (expected)
adguard (+custom): 1/25 (expected)
Edge: 24/25

DNS:
norton: 2/25
Quad9: 2/25
Neustar: 9/25

best list: hphosts > squidblacklist >>> AdZ >>> others = 1 or 0

list of applied ublock filters: default + these
hphosts+hphosts partial = all individual hosts combine (emd, hjk, exp, fsh,...)

my setup: Chrome + ublock (hphosts EMD) + comodo online security + WDBP + Norton Safe Web = 25/25

Thanks for your testing (y)
Can you give me the links you tested?
I'm curious how my setup with Kaspersky Free performs.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,234
41,284
The results for my config (Google Chrome with AdGuard extension and KFA 2019 en Comodo Firewall 11 as protection): 24/25
Kaspersky: 22/25
AdGuard: 2/25 (1 unique detection)
Comodo: 1/25 (1 unique detection)
Google: 1/25

The missed url dropped a file and I submitted that undetected file to Kaspersky and they found the file malicious and detection will be added.
The 3 missed urls are reported to Kaspersky.
 
Last edited:

Moonhorse

Level 30
Verified
Content Creator
May 29, 2018
1,991
9,964
The results for my config (Google Chrome with AdGuard extension and KFA 2019 en Comodo Firewall 11 as protection): 24/25
Kaspersky: 22/25
AdGuard: 2/25 (1 unique detection)
Comodo: 1/25 (1 unique detection)
Google: 1/25

The missed url dropped a file and I submitted that undetected file to Kaspersky and they found the file malicious and detection will be added.
sad the comodo firewalls web filter and online security have different results:confused:
 

Decopi

Level 3
Oct 29, 2017
122
431
Hi @Evjl's Rain , thank you for all your updated tests.

Using your dropbox-test-sample, I achieved 25/25 with Pi-Hole.

However and to be fair with your test, I used the following computer-on-board tools: K9 (minimum configuration) + Avast AV Free (Web Shield)... and also achieved 25/25 with your dropbox-test-sample.
That's all, not hosts, neither add-ons.

Both, K9 and Avast AV have the less system-impact, with the highest rates of blocking. As far as I know, both are the best combo considering browser performance (RAM, CPU, battery-life, and browser speed). Not to mention that both will work at system level, watching not just 1 browser but 100% of all computer traffic communication.

For privacy and ads, a tiny/lightweight 3rd-party blocker does the best job, at almost zero system-impact.

I still believe that blocking rates with system-impact, is a zero-sum-game .

PS: It is always good to remember, that VTZilla add-on can block 99,99% of malwares. There is no reason anymore to use add-ons with hosts.
 
Last edited:

Moonhorse

Level 30
Verified
Content Creator
May 29, 2018
1,991
9,964
Hi @Evjl's Rain , thank you for all your updated tests.

Using your dropbox-test-sample, I achieved 25/25 with Pi-Hole.

However and to be fair with your test, I used the following computer-on-board tools: K9 (minimum configuration) + Avast AV Free (Web Shield)... and also achieved 25/25 with your dropbox-test-sample.
That's all, not hosts, neither add-ons.

Both, K9 and Avast AV have the less system-impact, with the highest rates of blocking. As far as I know, both are the best combo considering browser performance (RAM, CPU, battery-life, and browser speed). Not to mention that both will work at system level, watching not just 1 browser but 100% of all computer traffic communication.

For privacy and ads, a tiny/lightweight 3rd-party blocker does the best job, at almost zero system-impact.

I still believe that blocking rates with system-impact, is a zero-sum-game .
decent antivirus software and only thing you need is up to date browser, with adguard client or built in adblocker you dont even need extensions :unsure:
 

Decopi

Level 3
Oct 29, 2017
122
431
decent antivirus software and only thing you need is up to date browser, with adguard client or built in adblocker you dont even need extensions :unsure:

Personally I only use CF+CS settings, Pi-Hole and VTZilla... nothing else.
I tested this combo for more than 1 year, with the worst pests, and nothing passed.
My security/privacy model is based always prioritizing browser and system performance. I always look for the best block-combo with the lower system performance impact.

Now I used K9 and Avast AV... just to be fair with @Evjl's Rain test.

I'm trying to offer here a second opinion, prioritizing system performance, with high rate blocking.
 
Last edited:

Moonhorse

Level 30
Verified
Content Creator
May 29, 2018
1,991
9,964
Personally I only use CF+CS settings, Pi-Hole and VTZilla... nothing more.
I tested this combo for more than 1 year, with the worst pests, and nothing passed.
My security/privacy model is based always prioritizing browser and system performance. I always look for the best block-combo with the lower system performance impact.

Now I used K9 and Avast AV... just to be fair with @Evjl's Rain test.

I'm trying to offer here a second opinion, prioritizing system performance, with high rate blocking.
Yeah any default deny alone should be enough for advanced user, but good antivirus or extension or two doesnt hurt at all this day
 

Decopi

Level 3
Oct 29, 2017
122
431
Yeah any default deny alone should be enough for advanced user, but good antivirus or extension or two doesnt hurt at all this day

I do respect your opinion.
In fact, I believe that the "best combo" is just the combo the user like.
It doesn't exist such thing like "the best universal solution".

Having said that, technically speaking, sometimes the less the better.
For example, even recognizing that Avast AV have the lowest system impact, its Web Shield slows down browser speed, and also creates conflicts with TLS. In other words, many users don't feel system impact, or don't care. But not just system impact always exists, but worse, it creates conflicts. Firefox has interesting researches showing how add-ons, antivirus etc interfere with the browser. It is a fact: The less, the better.
So, instead antivirus, even average users should be better protected with an anti-executable + a kind of K9 blocker working at system level (if they can't use Pi-Hole).

My very personal subjective opinion is that having thousand of new malwares and risk-wares appearing everyday... antivirus/anti-malwares are obsolete. And add-ons with hosts... are extincted dinosaurs.
Intelligent anti-executables should replace them. CF+CS settings is a good start. VTZilla is another piece of art.

Conclusion: If we have less system resources strategies, with high blocking rates... then we should focus on them.
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
sad the comodo firewalls web filter and online security have different results:confused:
I did a test of comodo firewall web filter before he posted the result
first test: 0/25 => I said WTH!???
I went to the settings and update comodo firewall web signatures
re-test: 20/25 => same as the extension

CF by default update their web database every 6 hours but nobody can make sure they are always up-to-date

the extension is much better because it's 100% updated in realtime while CF isn't updated
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
Google: 1/25
hi, I think google chrome will warn you about the safety of the files after you download them and I think it should be counted
chrome only shows a red/block page sometimes
on my test, chrome scored very high

similarly to Edge. It lets you download then ask you to keep or delete the files
 
Top