Decopi

Level 2
Hi @Evjl's Rain ,

As you know, I use Pi-Hole + CF/CS + VTZilla + 3rd-party blocker... so I don't care about any other blocking method... so far, I haven't found nothing to add that can improve my privacy/security protection, without killing my system performance.
But despite my concern on system performance, the real logic behind my combo is that hosts or antivirus based on hosts... are dead. With thousand new risks appearing everyday, I don't care about hosts + AV. I prefer anti-executables and VTZilla.

But in my opinion, your tests are great! Once again, thank you for that. And thank you for your constant updates. I do enjoy them.

I find your test so interesting, that I wanted to collaborate a bit with you.
But we must forget Pi-Hole, because only a minority uses it.
That's the reason I always test your link samples with K9 + Avast AV Free... to be fair with your standard tests, using on-board software, accessible to all kind of users.

Why K9 and Avast AV?
Because in my tests, consistently both have the best blocking rate, with the low system impact.
In my opinion both are more efficient than any other add-on, extension, hosts etc.
Also, both work at system level, so they protect not just browser communications, but all computer communications.

I believe you should continue with your tests, including add-ons/extensions, hosts etc.
But at least, you should add K9, because different from Pi-Hole and as I said, K9 is "plug-and-play", freeware acessible to all kind of users.
I tested K9 with minimum settings (malware, spyware and advertising), alone it hasn't 100% blocking rate, but it always achieve around 90%, with just 6MB.

Pi-Hole is not competitor for your comparisons, but K9 is, and is a good competitor.
 

Moonhorse

Level 26
Verified
Content Creator
Hi @Evjl's Rain ,

As you know, I use Pi-Hole + CF/CS + VTZilla + 3rd-party blocker... so I don't care about any other blocking method... so far, I haven't found nothing to add that can improve my privacy/security protection, without killing my system performance.
But despite my concern on system performance, the real logic behind my combo is that hosts or antivirus based on hosts... are dead. With thousand new risks appearing everyday, I don't care about hosts + AV. I prefer anti-executables and VTZilla.

But in my opinion, your tests are great! Once again, thank you for that. And thank you for your constant updates. I do enjoy them.

I find your test so interesting, that I wanted to collaborate a bit with you.
But we must forget Pi-Hole, because only a minority uses it.
That's the reason I always test your link samples with K9 + Avast AV Free... to be fair with your standard tests, using on-board software, accessible to all kind of users.

Why K9 and Avast AV?
Because in my tests, consistently both have the best blocking rate, with the low system impact.
In my opinion both are more efficient than any other add-on, extension, hosts etc.
Also, both work at system level, so they protect not just browser communications, but all computer communications.

I believe you should continue with your tests, including add-ons/extensions, hosts etc.
But at least, you should add K9, because different from Pi-Hole and as I said, K9 is "plug-and-play", freeware acessible to all kind of users.
I tested K9 with minimum settings (malware, spyware and advertising), alone it hasn't 100% blocking rate, but it always achieve around 90%, with just 6MB.

Pi-Hole is not competitor for your comparisons, but K9 is, and is a good competitor.
Cant you just set up browser to run isolated from other system using comodo firewall and only thing you would need is adblocker?

Everything just depends of your system, and nowadays on my med-end gaming pc i really cant see difference in browsing speed with anything i use, even with proxies the speed is mostly same. I wouldnt notice anything in performance expect i open task manager

I like the idea to set up your system to use lightest setup as possible + also maybe underlock to have beast setup
Myself i just cant achieve that, i end bloating my browser/ system with basic protection
 

Decopi

Level 2
I do like them too :)
avast is my favorite AV with tweaks, it's the one of the lightest, yet strongest AVs when it is combined with syshardener
so far, no malware in the hub has been able to bypass it yet, even KFA + syshardener can't archieve that
By the way... I tested Comodo Firewall Web Filtering... not good for me... I tested at least 4 times in two different days / hours, and it never achieved more than 60% blocking rate. As far as I know, with years using CF, the Web Filter always was terrible. What a pity!
 

LDogg

Level 29
Verified
VTZilla doesn't seem to work for me on Firefox anymore, unless an extension is conflicting with it. I uninstalled it as I was too lazy to find out what the cause xD

~LDogg
 

Evjl's Rain

Level 42
Verified
Trusted
Content Creator
Malware Hunter
Cant you just set up browser to run isolated from other system using comodo firewall and only thing you would need is adblocker?

Everything just depends of your system, and nowadays on my med-end gaming pc i really cant see difference in browsing speed with anything i use, even with proxies the speed is mostly same. I wouldnt notice anything in performance expect i open task manager
yes you can isolate your browser using comodo firewall
however, when I want to download something, it will take extra steps to drag the files out of the sandbox => inconvenient
sandboxie does a bit better in this part which we can get the downloaded files with 1-2 clicks

CF sandbox also blocks clipboard connection with the PC, if you ctrl-C some text and paste it to CF's sandboxed browser, you can't
I also noticed my browser was slower inside the sandbox than normal browsing
it's up to you but I think the most convenient solution, not necessarily the most powerful, for isolating browser is sandboxie

By the way... I tested Comodo Firewall Web Filtering... not good for me... I tested at least 4 times in two different days / hours, and it never achieved more than 60% blocking rate. As far as I know, with years using CF, the Web Filter always was terrible. What a pity!
exactly, I don't like it either
I prefer using extension
 

Moonhorse

Level 26
Verified
Content Creator
yes you can isolate your browser using comodo firewall
however, when I want to download something, it will take extra steps to drag the files out of the sandbox => inconvenient
sandboxie does a bit better in this part which we can get the downloaded files with 1-2 clicks

CF sandbox also blocks clipboard connection with the PC, if you ctrl-C some text and paste it to CF's sandboxed browser, you can't
I also noticed my browser was slower inside the sandbox than normal browsing
it's up to you but I think the most convenient solution, not necessarily the most powerful, for isolating browser is sandboxie


exactly, I don't like it either
I prefer using extension
But i would think simple guy would set up optimal setup to run with like voodooshield / cf ( default deny everything) so it wouldnt bother that person to use it isolated all the time
Also theres no way you could get infected throught browser
If you install comodo dragon, it already setup the virtualized option to go with and i really didnt see anything difference in memory usage or in browsing speed compared to run it without being virtualized

But i think its best way to go with evjl rains setup and have combined extensions like norton, comodo working together with ublock than going with one extension since theres none blocking everything for 100% day by day
 

Decopi

Level 2
Cant you just set up browser to run isolated from other system using comodo firewall and only thing you would need is adblocker?
In my opinion, CF + CS settings... is 99% enough.
In my opinion, there is no need for antivirus or similar.
In years, the only time I saw CF+CS failing, was with Ccleaner spyware, because CF database rated Ccleaner as "trusted". That is the only reason I give it 99%. But there is no 100% perfect software. So I chose CF, because it gives me great blocking rates, with minimum system impact.

Adblockers? I don't need them.
I use a tiny/lightweight 3rd-party blocker... it kills 90% of ads and other pests. Also, in Firefox, the tracker blocker list (Disconnect) blocks lot of stuff, without hurting performance. And if you learn a bit about CSS/Java/Bending, you can create some blocking codes with zero system impact.

i really cant see difference in browsing speed with anything i use
Most of the users not just can't see difference in browsing performance, but also they don't care. It is perfectly fine, and there is no reason to be paranoid.
My passion for system performance... is just my hobby, is like a game, fun.
As we already talked about it, people here are not average-users, they are nerds, they enjoy looking for more, learning more stuff, tricks, hacks etc. And that is the reason I enjoy looking the best privacy/security, with the best system performance. It is my hobby. It is personal.

If you have hundred of installed software, and you don't see difference in browser or system performance... then it is perfectly fine! Use whatever you want, don't worry, and enjoy life.

I like the idea to set up your system to use lightest setup as possible + also maybe underlock to have beast setup
Myself i just cant achieve that, i end bloating my browser/ system with basic protection
Welcome to the club! (LOL)
Time ago I was similar to you. I used to install every add-on, every software. I believe this is natural, part of the process, is the way we start by testing everything.
My advice is that now, you can test the opposite way. Try uninstalling everything, and installing just the minimum (for example an anti-executable, an AV, and a system level blocker like K9). In my opinion, you will see that the 90% of extensions and software are unnecessary.
Always it will be up to your user-profile. As long as you test more, you read more, you learn more... then you need less and less extensions/software.
 
Last edited:

HarborFront

Level 46
Verified
Content Creator
@Evjl's Rain

Sorry, just a side track question.

I believe I took the below (and more) from one of your posts if I remember correctly which I added to my Filters in uBO

# Redirect Google services
||doubleclick.net/instream/ad_status.js$script,redirect=doubleclick.net/instream/ad_status.js,important
||google-analytics.com/analytics.js$script,redirect=google-analytics.com/analytics.js,important
||google-analytics.com/ga.js$script,redirect=google-analytics.com/ga.js,important
||google-analytics.com/plugins/ga/inpage_linkid.js$script,redirect=google-analytics.com/inpage_linkid.js,important
||googletagservices.com/tag/js/gpt.js$script,redirect=googletagservices.com/gpt.js,important
||scorecardresearch.com/beacon.js$script,redirect=scorecardresearch.com/beacon.js,important
||googlesyndication.com/pagead/js/adsbygoogle.js$script,redirect=googlesyndication.com/adsbygoogle.js,important

Are they use for blocking google analytics? Any difference if I set using Windows hosts file like shown below?

How to Block Analytics on Firefox

Thanks
 
  • Like
Reactions: given

Evjl's Rain

Level 42
Verified
Trusted
Content Creator
Malware Hunter
@Evjl's Rain

Sorry, just a side track question.

I believe I took the below (and more) from one of your posts if I remember correctly which I added to my Filters in uBO

# Redirect Google services
||doubleclick.net/instream/ad_status.js$script,redirect=doubleclick.net/instream/ad_status.js,important
||google-analytics.com/analytics.js$script,redirect=google-analytics.com/analytics.js,important
||google-analytics.com/ga.js$script,redirect=google-analytics.com/ga.js,important
||google-analytics.com/plugins/ga/inpage_linkid.js$script,redirect=google-analytics.com/inpage_linkid.js,important
||googletagservices.com/tag/js/gpt.js$script,redirect=googletagservices.com/gpt.js,important
||scorecardresearch.com/beacon.js$script,redirect=scorecardresearch.com/beacon.js,important
||googlesyndication.com/pagead/js/adsbygoogle.js$script,redirect=googlesyndication.com/adsbygoogle.js,important

Are they use for blocking google analytics? Any difference if I set using Windows hosts file like shown below?

How to Block Analytics on Firefox

Thanks
they are similar but a bit different
it's easier that you add this filter to your ublock. it blocks most analytics from google, facebook, twitter and some others
http://1hosts.cf/addon/
 

Slyguy

Level 41
Verified
Blacklist blocking is akin to plugging a leaky dam with your fingers.

Dozens of overlapping extensions are probably only going to cause you more harm than good. Malware/Phishing/Scam sites can change IP's and domains as fast as they are blacklisted. Even something like Pi-Hole with a dozen+ daily updated blacklists won't be entirely effective.

Even Fortinet, while one of the best web filtration systems, 120 full time analysts watching web page (FGuard) anomalies and validating signature additions, telemetry from FortiSandbox's, IPS, and millions of FortiClient installs can't fully keep up.

I think where we are heading is a more heuristic web/traffic analysis. Sophos Home Premium and Kaspersky seem to be leaders in that area. Some newer security routers (Like Gryphon) are taking a more proactive approach by watching for 'anomolies' from web traffic. Trend Micro's TDS backend and AiProtection is doing fairly well in that after you visit a site it can't quantify, the TDS backend goes and scans the site and if necessary blacklists it automatically.

While I respect lists, and systems that implement them, like Pi-Hole, uBlock, etc. I think we're losing the battle with those technologies.
 

Moonhorse

Level 26
Verified
Content Creator
Blacklist blocking is akin to plugging a leaky dam with your fingers.

Dozens of overlapping extensions are probably only going to cause you more harm than good. Malware/Phishing/Scam sites can change IP's and domains as fast as they are blacklisted. Even something like Pi-Hole with a dozen+ daily updated blacklists won't be entirely effective.

Even Fortinet, while one of the best web filtration systems, 120 full time analysts watching web page (FGuard) anomalies and validating signature additions, telemetry from FortiSandbox's, IPS, and millions of FortiClient installs can't fully keep up.

I think where we are heading is a more heuristic web/traffic analysis. Sophos Home Premium and Kaspersky seem to be leaders in that area. Some newer security routers (Like Gryphon) are taking a more proactive approach by watching for 'anomolies' from web traffic. Trend Micro's TDS backend and AiProtection is doing fairly well in that after you visit a site it can't quantify, the TDS backend goes and scans the site and if necessary blacklists it automatically.

While I respect lists, and systems that implement them, like Pi-Hole, uBlock, etc. I think we're losing the battle with those technologies.
Off topic, but since youre here

Would forticlient webfilter work with kaspersky free + voodooshield?

Imo forticlient is very useful like sophos at adult filtering, i think kaspersky free have kaspersky kids aswell, but didnt tried it yet. They dont advertise it along their free product.

Anyways id like to know more about too many extension(overlapping) causing privacy problems and how that can lead actually into security problem

Is there any way to block sites knowing wich extensions youre using?
 
  • Like
Reactions: given

Evjl's Rain

Level 42
Verified
Trusted
Content Creator
Malware Hunter
the purpose of these extensions is to limit the number of malwares touching our PCs as many as possible with a little exchange of privacy/telemetry
malwarebytes extension seems to have good heuristics, too as it's quite aggressive. This is the only good thing about malwarebytes I can tell besides their effectiveness against PUPs

less malwares downloaded = less work for AVs/anti-exes/user-decisions

there are some extensions conflicting each other but some never do
 

Slyguy

Level 41
Verified
I haven't looked into Kaspersky Free in over a year. Does it offer web filtration in the free product? Kaspersky has one of - if not the best Web Filtration IMO. Coming from Fortinet, that's saying a lot. So Kaspersky will take care of it - but someone that knows more about the free version capabilities may be able to answer that better.

FortiClient with JUST the filtration module installed should work with almost any other product. I haven't tested it in this capacity, especially with version 6, but I don't see why it would cause headaches. By operating it in that capacity it would give you one of the top web categorization engines in the world.

I personally, rank them;

1) Kaspersky (mostly due to the heuristic analysis of traffic)
2) Fortinet (most due to their resources, engineers, and proactive lab)
3) Sophos Home Premium (sophos has a strong database, and effective heuristic analysis)
4) Zvelo (if you can get Zvelo on your network, it's recommended - quite a number of firms use Zvelo now)
5) Heimdal (mostly due to their DNS protection analysis of URL anomalies)


Anything else I don't consider very good, honestly. Zvelo (at some level) I believe is used by ESET, Untangle, Fireeye, Lookout, GFI, Trend Micro, Total Defense, etc. Interesting, Trend Micro shifted their in-house URL categorization to Zvelo fairly recently. I like Zvelo because of their darkweb scanning of newer threats, proactive updates, and effective categorization methods. I've seen some of their back end.

I suppose if one is using a couple of the above in my list they should be fine, and it should encompass 90%+ of every malicious site they'd run into. Personally for me, I use 3 of the above technologies stacked. (y) The chance of rogue malware hitting any of my systems is about 0. The chance of a targeted attack, update channel compromise or sophisticated TAO getting through is where the problem is, and there isn't any real solution to it other than the aforementioned (in another thread), switching to notepads and filing cabinets.

FYI: Gryphon Hack Resistant router uses Zvelo as an indirect result of them using ESET technologies at the gateway.
 
Last edited:

Moonhorse

Level 26
Verified
Content Creator
@Slyguy Im just using forticlient (webfilter) along with kaspersky for adult filter

I had few problems with sophos home free not blocking sites
k9 is nice but disconnect problems with game client that i have already reported to them with no answer yet

If you go to dashboard on kaspersky free, i think you can set up kaspersky kid for free but havent tried it yet.
 

Robbie

Level 28
Verified
Content Creator
You should see me.. All websites have to pass through immense layers..

1) FortiGuard DNS (Paid)
2) FortiGuard Web Filtration
3) Untangle ZVelo Web Filtration
4) Untangle SNORT w/Oink
5) Pi-Hole w/1,000,000 blacklists
6) Heimdal Pro
7) G Data Total Security
The browser process demands mercy, no more torture and injections, just end his life
 
  • Like
Reactions: upnorth and given

Moonhorse

Level 26
Verified
Content Creator
I'd do parental controls at the router/firewall level if I were you.

Look into the Gryphon router, it's best-in-class parental control like nothing I have seen.
im using 4g modem, theres no way to config like real router

Well maybe is but well, forticlient is enough for me. im just curious person and like to avoid sketchy sites :emoji_thinking:

also using 8mb of ram for decent web filter isnt bad option
 
Last edited:
  • Like
Reactions: given

Terry Ganzi

Level 24
Verified
I haven't looked into Kaspersky Free in over a year. Does it offer web filtration in the free product? Kaspersky has one of - if not the best Web Filtration IMO. Coming from Fortinet, that's saying a lot. So Kaspersky will take care of it - but someone that knows more about the free version capabilities may be able to answer that better.

FortiClient with JUST the filtration module installed should work with almost any other product. I haven't tested it in this capacity, especially with version 6, but I don't see why it would cause headaches. By operating it in that capacity it would give you one of the top web categorization engines in the world.

I personally, rank them;

1) Kaspersky (mostly due to the heuristic analysis of traffic)
2) Fortinet (most due to their resources, engineers, and proactive lab)
3) Sophos Home Premium (sophos has a strong database, and effective heuristic analysis)
4) Zvelo (if you can get Zvelo on your network, it's recommended - quite a number of firms use Zvelo now)
5) Heimdal (mostly due to their DNS protection analysis of URL anomalies)


Anything else I don't consider very good, honestly. Zvelo (at some level) I believe is used by ESET, Untangle, Fireeye, Lookout, GFI, Trend Micro, Total Defense, etc. Interesting, Trend Micro shifted their in-house URL categorization to Zvelo fairly recently. I like Zvelo because of their darkweb scanning of newer threats, proactive updates, and effective categorization methods. I've seen some of their back end.

I suppose if one is using a couple of the above in my list they should be fine, and it should encompass 90%+ of every malicious site they'd run into. Personally for me, I use 3 of the above technologies stacked. (y) The chance of rogue malware hitting any of my systems is about 0. The chance of a targeted attack, update channel compromise or sophisticated TAO getting through is where the problem is, and there isn't any real solution to it other than the aforementioned (in another thread), switching to notepads and filing cabinets.

FYI: Gryphon Hack Resistant router uses Zvelo as an indirect result of them using ESET technologies at the gateway.
How can people take these sites serious when as we speak this site (#1 URL Database for Web Filtering & Device Manufacturers)suffer from heartbleed which should be patch and is old.
 
  • Like
Reactions: Moonhorse

Evjl's Rain

Level 42
Verified
Trusted
Content Creator
Malware Hunter
Update 24/7/2018
Most links were extracted from real malwares, not from vxvault or malc0de (more recent). A few links were taken from malc0de
https://www.dropbox.com/s/7d1twqdddd7xqpi/link test 24-7-18.txt?dl=1

Browser/extension:
chrome (GSB): 17/20
norton: 2/20 (n)
ublock (custom*): 16/20
malwarebytes: 18/20 :emoji_ok_hand:
WDBP: 12/20
avira: 10/20
Comodo: 4/20 (n)
Adguard: 1/20 (n)
Edge: 17/20
IE: 17/20

AV/suite/webfilter:
Forticlient (web filter only): 20/20 :emoji_ok_hand:
Kaspersky free: 20/20 :emoji_ok_hand:
K9: 20/20 :emoji_ok_hand:
Heimdal Pro (stable): 12/20 -> only a web filter test, please, don't argue Heimdal has A, B, C features or this is not the correct way of testing it. If I execute the missed downloads, HP will be dead
Sophos Home Premium: 19/20
Avast: 20/20 :emoji_ok_hand:

Heimdal/Thor RC (late test, 2 hours after Heimdal stable): 14/20

DNS:
Quad9: 1/20
AdguardDNS: 1/20
Neustar Recursive: 7/20
NortonDNS: 2/20
Yandex: 2/20
Comodo: 0/20
Strongarm/DNSWatch: 3/20
Greenteam: 0/20
Safe DNS: 7/20
Cleanbrowsing: 12/20 or 0/20? (error not resolved)

*ublock (3,101,553+44,593 with vxvault list)
list of extra filters: some were duplicated
K9 conflicted with Kaspersky or Forticlient, don't know which one. K9 didn't block anything while Forticlient/KFA running
 
Last edited: