Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,233
hi, I think google chrome will warn you about the safety of the files after you download them and I think it should be counted
chrome only shows a red/block page sometimes
on my test, chrome scored very high

similarly to Edge. It lets you download then ask you to keep or delete the files
You could be right, but my test was not fair to Chrome because Kaspersky was enabled and blocked the links first.
To test just Chrome I should have disabled or uninstalled Kaspersky.
I just wanted to know how my setup worked and especially Kaspersky.
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
@Evjl's Rain , please, can you explain more details about your settings at CF web filter?
Do you just enable it and updated?
Or do you changed filters, other settings etc?
I ask because the CF web filter always was known as terrible.
Thks
I enabled the web filter and updated it. Then, it started to work properly
I never use comodo web filter because I also heard it was terrible. I don't do any change to it
I think if we disable it and update, CF won't download the new database for it
it only downloads for enabled components
 
  • Like
Reactions: Nestor and Decopi

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
I do respect your opinion.
In fact, I believe that the "best combo" is just the combo the user like.
It doesn't exist such thing like "the best universal solution".

Having said that, technically speaking, sometimes the less the better.
For example, even recognizing that Avast AV have the lowest system impact, its Web Shield slows down browser speed, and also creates conflicts with TLS. In other words, many users don't feel system impact, or don't care. But not just system impact always exists, but worse, it creates conflicts. Firefox has interesting researches showing how add-ons, antivirus etc interfere with the browser. It is a fact: The less, the better.
So, instead antivirus, even average users should be better protected with an anti-executable + a kind of K9 blocker working at system level (if they can't use Pi-Hole).

My very personal subjective opinion is that having thousand of new malwares and risk-wares appearing everyday... antivirus/anti-malwares are obsolete. And add-ons with hosts... are extincted dinosaurs.
Intelligent anti-executables should replace them. CF+CS settings is a good start. VTZilla is another piece of art.

Conclusion: If we have less system resources strategies, with high blocking rates... then we should focus on them.
either voodooshield or comodo firewall is enough, you can have the antivirus but just disable web shield if you want to

Personally im running neustar business production dns, since i feel most of stuff comes from either adult sites / torrenting, i dont use them and only visit same sites day by day but theres always possiblities im gonna get clickbaited to something like that wich could contain something sketchy

I prefer use k9 or forticlient to do web filtering outside of browser ( system level) and only have adblocker in browser ( built-in better)

Just cant use k9 at the moment because it conflicts with the game client i use, causes me to disconnect from game every 5 minutes.

I already contacted them last week , but no answer yet
 

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
When I run Firefox as another (limited) user in Windows7, MBAM seems to be the cause that 2 Firefox processes are not closed (under that other limited and contained user). Luckily thanks to your tests :emoji_ok_hand: (@Evjl's Rain ) I have replaced it with Comodo add-on which run with no problem (y)
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
When I run Firefox as another (limited) user in Windows7, MBAM seems to be the cause that 2 Firefox processes are not closed (under that other limited and contained user). Luckily thanks to your tests :emoji_ok_hand: (@Evjl's Rain ) I have replaced it with Comodo add-on which run with no problem (y)
Im using malwarebytes, but have to disable ad/tracker protection either it conflicts with ublock origin. Also using half less ram that way
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Im using malwarebytes, but have to disable ad/tracker protection either it conflicts with ublock origin. Also using half less ram that way
malwarebytes is still in beta
I admit it did cause a problem for me so I was forced to remove it
it caused a few websites not displaying correctly although I disabled everything and added those websites to exclusion

I used hphosts emd and pup instead. They are not as good but okay
 

Decopi

Level 8
Verified
Oct 29, 2017
359
@Evjl's Rain ... I couldn't wait, I did a quick test now on CF web filter (enabled/disabled it + updated it many times before testing + restarted computer)... and results were bad: 14/25.
But, considering that 2 links of your sample seem to be already dead, my real result was 12/23.
I will do further tests during the week. But my first impression is not good.

PS: With regards Pi-Hole, a have tons of lists there. It is a mess. I need to organize and clean it. Because it is not affecting my system performance + it is blocking almost everything, I became negligent with the lists. In the other hand, this is another positive point for Pi-Hole, it doesn't matter if you put thousand lists there, it is almost not affecting computer or browser performance. The main advantage of Pi-Hole is not the lists, but the computer performance.
 
  • Like
Reactions: Moonhorse

goodjohnjr

Level 5
Verified
Jul 11, 2018
227
Updated 18/7/2018

sorry, no time to test more
Dropbox - test 18-7-2018.txt

chrome: 20/25
WDBP: 16/25
comodo: 15/25
ublock (default): 1/25
ublock (+custom): 20/25
avira: 20/25
Malwarebytes: 24/25
Bitdefender TL: 1/25 (expected)
avast: 0/25 (expected)
adguard (+custom): 1/25 (expected)
Edge: 24/25

DNS:
norton: 2/25
Quad9: 2/25
Neustar: 9/25

best list: hphosts > squidblacklist >>> AdZ >>> others = 1 or 0

list of applied ublock filters: default + these
hphosts+hphosts partial = all individual hosts combine (emd, hjk, exp, fsh,...)

my setup: Chrome + ublock (hphosts EMD+PUP) + comodo online security + WDBP + Norton Safe Web = 25/25

Thank you Evjl's Rain for the new test and for adding the Avast and Bitdefender and Adguard browser extensions; I am disappointed in how they performed, and this proves that you were correct about them and now I clearly can understand their removal from these tests (unless they magically improve one day).

Are the Avira, Malwarebytes, and Norton browser extensions the only browser extensions in your tests that also scan file downloads made in the browser?

Keep up the good work,
-John Jr
 
Last edited:
  • Like
Reactions: Evjl's Rain

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Are the Avira, Malwarebytes, and Norton browser extensions the only ones in your tests that also scan file downloads made in the browser?
hi, avira, norton, malwarebytes are able to block the links before the browser can download the files but I don't think they are able to scan the files after being downloaded
Only google chrome safe browsing and edge browser can do that effectively
firefox is lacking behind those 2 for some reasons although firefox also uses google safe browsing
WDBP can also block links but it still allows some of blocked files to be downloaded => I think it's bug. I may report it later but won't hope for a reply from MS

I don't know why norton has been crap in recent tests!?? perhaps something is wrong in the company?
same as avira last month
 

goodjohnjr

Level 5
Verified
Jul 11, 2018
227
hi, avira, norton, malwarebytes are able to block the links before the browser can download the files but I don't think they are able to scan the files after being downloaded
Only google chrome safe browsing and edge browser can do that effectively
firefox is lacking behind those 2 for some reasons although firefox also uses google safe browsing
WDBP can also block links but it still allows some of blocked files to be downloaded => I think it's bug. I may report it later but won't hope for a reply from MS

I don't know why norton has been crap in recent tests!?? perhaps something is wrong in the company?
same as avira last month

Hello Evjl's Rain,

Thank you for explaining that.

I have also always wondered why Firefox always lags behind the others when it uses the Google Safe Browsing api or whatever too.

A few weeks ago or less I emailed my suggestions to Microsoft about the Windows Defender Browser Protection extension, I mentioned the recovery bug and that they should follow this thread, but I have not gotten a response yet; but I think that you should report the bug to them and your suggestions as well because I would like to see this extension improve to at least equal or surpass Microsoft Edge's protection, and for them to add more features.

Out of those extensions that we named the Norton extension is the only one that has not be updated this year yet (I think that Microsoft quietly updated their extension recently), I wonder if Norton are phasing it out and / or if the lack of updates is hurting its performance, and if something else is going on; I would like to see Norton fully integrate K9 and continue improving it so that all of their products can equal or surpass it (like the browser extension).

Thank you for responding,
-John Jr
 
  • Like
Reactions: Evjl's Rain

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Updated 18/7/2018


Malwarebytes: 24/25
Edge: 24/25

DNS:
norton: 2/25
Neustar: 9/25

Another good test. Thank you Evjl's Rain.

Great showings from Malwarebytes and Edge.

Norton DNS -- not so good. Don't confuse this with previous tests of Norton Safe Web.

Neustar.... good stuff. I switched to this based on Evjl's Rain's tests. It's good.

(y)
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,139
hi, avira, norton, malwarebytes are able to block the links before the browser can download the files but I don't think they are able to scan the files after being downloaded
Only google chrome safe browsing and edge browser can do that effectively
firefox is lacking behind those 2 for some reasons although firefox also uses google safe browsing
WDBP can also block links but it still allows some of blocked files to be downloaded => I think it's bug. I may report it later but won't hope for a reply from MS

I don't know why norton has been crap in recent tests!?? perhaps something is wrong in the company?
same as avira last month
If I'm not wrong FF uses Disconnect for tracking protection and calls upon Google Safe Browsing as and when needed
 
  • Like
Reactions: Evjl's Rain

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
If I'm not wrong FF uses Disconnect for tracking protection and calls upon Google Safe Browsing as and when needed
but the problem is we don't know why firefox uses google safe browsing but still doesn't perform as good as google chrome or other chromium's forks
perhaps firefox focuses on limiting telemetry to google so it also limits the full strength of safe browsing or firefox uses only a delayed version, similar to adguard desktop
they will never perform as good as google chrome
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,139
but the problem is we don't know why firefox uses google safe browsing but still doesn't perform as good as google chrome or other chromium's forks
perhaps firefox focuses on limiting telemetry to google so it also limits the full strength of safe browsing or firefox uses only a delayed version, similar to adguard desktop
they will never perform as good as google chrome
Read the cached copy of the article here

https://web.archive.org/web/2018062....nz/posts/how-safe-browsing-works-in-firefox/
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Read the cached copy of the article here

How Safe Browsing works in Firefox
"Firefox downloads a list of bad URLs every 30 minutes from the server"
that's the reason

google chrome updates in realtime
I saw a link was failed to be blocked but when I refreshed the page immediately after that, it was blocked
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
but the problem is we don't know why firefox uses google safe browsing but still doesn't perform as good as google chrome or other chromium's forks
perhaps firefox focuses on limiting telemetry to google so it also limits the full strength of safe browsing or firefox uses only a delayed version, similar to adguard desktop
they will never perform as good as google chrome
Agree with you. The most secure browser for me is google chrome. I love opera browser but only for secure surfing, and always with https everywhere avira or malwarebytes or....or...... extension. Google chrome only with WDBP
is enough
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top