Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,414
Thanks @Evjl's Rain (y)
My setup: 19/20
Realtime KFA & Comodo Firewall. Google Chrome with extensions: AdGuard, Comodo Online Security, WDBP.
1 by Comodo, the rest by WDBP and KFA
As expected no beep from AdGuard, but strange results from Comodo this time!
EDIT: seems that Comodo has some problems:

comodo.PNG
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Thanks @Evjl's Rain (y)
My setup: 19/20
Realtime KFA & Comodo Firewall. Google Chrome with extensions: AdGuard, Comodo Online Security, WDBP.
1 by Comodo, the rest by WDBP and KFA
As expected no beep from AdGuard, but strange results from Comodo this time!
EDIT: seems that Comodo has some problems:

View attachment 192902
I have no idea what's the problem is
in this test, I grabbed the links outside vxvault so I expect many extensions to fail because vxvault links are usually a few days old before being published

now we can see the real strength of these extensions
they are not so great against truly new links, especially comodo, norton, WD and ublock with all filters
it seems KFA and MB still shine
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
test 19/07/2018
19 links NOT from vxvault, malc0de,
1 vxvault link (1 was dead during the test so I had to replace it by this) :(
https://www.dropbox.com/s/y1w8zvi95vja9xv/test 19-7-18.txt?dl=1

chrome: 16/20
avira: 10/20
comodo: 2/20!
malwarebytes: 18/20
Norton: 0/20!
WDBP: 8/20
McAfee: 0/20 (expected)!
Panda: 0/20!
ublock (custom): 11/20
Edge: 18/20

ublock custom filters: All filters here + squidblacklist + AdZ ~2.8 millions, cosmetics don't count

Comodo firewall: 1/20
My setup: 19/20
Ever tried netcraft? cant run these since i dont have comodo firewall anymore..any other vm for testing links?
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
I only think the only good extensions out there for dedicated Malware protection (non-adblocker) would be Malwarebytes Browser Extension, WDBP, Norton Web Safe (FF)/Norton Safe Search (Chrome/Opera) & Avira Browser Safety.

~LDogg
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Yeah very buggy on chrome, malwarebytes and ubo blocking every search its trying to do

For firefox it works smooth and is available on firefox extensions
not sure how it works but in chrome it changes my search engine as usual and cannot change it back until I remove it
the detection rate is rubbish also

not sure about the firefox one
 
  • Like
Reactions: stefanos

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
I only think the only good extensions out there for dedicated Malware protection (non-adblocker) would be Malwarebytes Browser Extension, WDBP, Norton Web Safe (FF)/Norton Safe Search (Chrome/Opera) & Avira Browser Safety.

~LDogg
Avira is pretty good on webfiltering, but should disable ad blocking if you already do have adblocker
 
  • Like
Reactions: stefanos

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,414
I have no idea what's the problem is
in this test, I grabbed the links outside vxvault so I expect many extensions to fail because vxvault links are usually a few days old before being published

now we can see the real strength of these extensions
they are not so great against truly new links, especially comodo, norton, WD and ublock with all filters
it seems KFA and MB still shine
KFA: 18/20
Netcraft: 0/20
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Avira is pretty good on webfiltering, but should disable ad blocking if you already do have adblocker
the only problem with avira is its resource usage
it constantly scans every single traffic of your browser + it can cause memory leak
malwarebytes also scan every traffic but it has no memory leak. High FP rate is the problem and it might break some websites

WDBP, norton, comodo only scan the link once after they load and then, never touch any traffic => extremely lightweight
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Panda web safe have also ad/tracker blocking feature, on browserleaks it wont detect me using adblocker so i think its decent for someone using panda products, if this feature comes along with it

Better than nothing atleast :p
 
  • Like
Reactions: given and stefanos

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,414
the only problem with avira is its resource usage
it constantly scans every single traffic of your browser + it can cause memory leak
malwarebytes also scan every traffic but it has no memory leak. High FP rate is the problem and it might break some websites

WDBP, norton, comodo only scan the link once after they load and then, never touch any traffic => extremely lightweight
In my testing Avira also uses Mixpanel analytics and that was always blocked by Emsisofts PUP settings. So a nogo for me for a security company.
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
achieve 25/25
arrh, I forgot to mention
I'm sure your pihole list has vxvault's url blocklist
http://vxvault.net/URL_List.php
so pihole would be able to block almost all links because I took most links there

I didn't want to add that list to ublock because it would be unfair to other extensions

in the new test, I collected 19 links outside vxvault so I don't think your pihole list would get 100% detection rate anymore
 

Decopi

Level 8
Verified
Oct 29, 2017
361
Hi @Evjl's Rain ,

As you know, I use Pi-Hole + CF/CS + VTZilla + 3rd-party blocker... so I don't care about any other blocking method... so far, I haven't found nothing to add that can improve my privacy/security protection, without killing my system performance.
But despite my concern on system performance, the real logic behind my combo is that hosts or antivirus based on hosts... are dead. With thousand new risks appearing everyday, I don't care about hosts + AV. I prefer anti-executables and VTZilla.

But in my opinion, your tests are great! Once again, thank you for that. And thank you for your constant updates. I do enjoy them.

I find your test so interesting, that I wanted to collaborate a bit with you.
But we must forget Pi-Hole, because only a minority uses it.
That's the reason I always test your link samples with K9 + Avast AV Free... to be fair with your standard tests, using on-board software, accessible to all kind of users.

Why K9 and Avast AV?
Because in my tests, consistently both have the best blocking rate, with the low system impact.
In my opinion both are more efficient than any other add-on, extension, hosts etc.
Also, both work at system level, so they protect not just browser communications, but all computer communications.

I believe you should continue with your tests, including add-ons/extensions, hosts etc.
But at least, you should add K9, because different from Pi-Hole and as I said, K9 is "plug-and-play", freeware acessible to all kind of users.
I tested K9 with minimum settings (malware, spyware and advertising), alone it hasn't 100% blocking rate, but it always achieve around 90%, with just 6MB.

Pi-Hole is not competitor for your comparisons, but K9 is, and is a good competitor.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top