Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,607
28,309
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,607
28,309
I think Firefox is using Google Safebrowing too. I wonder how well Edge would do with Smartscreen. I absolutely love Norton DNS but it resolves my web searches in the wrong way. When I type a word into Chrome's omnibar I get prompted whether I want to search for "Hello" or resolve "http://hello" or something like that. That was a big dealbreaker. If anyone knows a way around it, I would be thankful.
I have no problem with it, not sure why you have that issue with omnibar

I tested chrome vs edge with the same links yesterday because vxvault and malc0de haven't updated the new files yet (still 16 & 17/3/2018)
chrome: 8+10+9+9+9 = 45
edge: 9*+10+10+10+8 = 47*
* means the file was downloaded but Edge said it was not popular & might cause harm

it was a bit unfair for chrome because the 2 files chrome missed were the ones without extensions (sdjvhg37 and dvcgt3). Perhaps chrome doesn't block files without extensions. Edge blocked them

I will wait a while and then test them again. These links are outdated
 

Slyguy

Level 44
Jan 27, 2017
3,322
14,338
Thank you for this great test! If you allow me, let me share a quick test I just did on your links with ESET web protection:


ESET Web Filtration is a third party licensed resource from Zvelo. It's performance should always be quite good, Zvelo sources from a wide range of lists, resources, researchers and dark web forums/groups. Untangle uses Zvelo at the gateway as well, it's very effective. I consider Zvelo in the top 3 of web categorization firms out there. IMO -> Google, Fortinet, Zvelo, in that order.

Experts in Web Categorization, IoT Security, & Network Security | zvelo
 
Last edited:

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,607
28,309
thank you sir for the test
avira outperformed norton the actual product or are you talking about the extension?
hi, I mean the extension
avira performed better than norton in every other tests but it was a bad day for avira in this test

& Microsoft edge out perform all.
I will test edge again when I collect enough links
now, malc0de just posts the exact same links like yesterday

Thank you for this great test! If you allow me, let me share a quick test I just did on your links with ESET web protection:

you can use this link to open multiple links at once. To speed up your test. I tested 10 links at once
Open Multiple URL – Open Multiple Links, Multi URL Opener, Bulk Links Opener, Too Many URL at once
I think it's more fair to disable the real-time protection, just leave the web shield enabled :p
 
Last edited:

LorSafari

Level 1
Mar 14, 2018
6
9
I do not use any of those. Just not clicking and browsing questionable links and websites, combined with passwords protection using the password manager. Is it good enough? Or should I use an antivirus browser extension?
 

RoboMan

Level 33
Verified
Content Creator
Jun 24, 2016
2,238
21,659
ESET Web Filtration is a third party licensed resource from Zvelo. It's performance should always be quite good, Zvelo sources from a wide range of lists, resources, researchers and dark web forums/groups. Untangle uses Zvelo at the gateway as well, it's very effective. I consider Zvelo in the top 3 of web categorization firms out there. IMO -> Google, Fortinet, Zvelo, in that order.

Experts in Web Categorization, IoT Security, & Network Security | zvelo
Good info! Zvelo seems to know what they're doing.

hi, I mean the extension
avira performed better than norton in every other tests but it was a bad day for avira in this test

I will test edge again when I collect enough links
now, malc0de just posts the exact same links like yesterday


you can use this link to open multiple links at once. To speed up your test. I tested 10 links at once
Open Multiple URL – Open Multiple Links, Multi URL Opener, Bulk Links Opener, Too Many URL at once
I think it's more fair to disable the real-time protection, just leave the web shield enabled :p

Thanks for the tip! If I upload any other video I will take it into account :) But I don't want to test for Youtube, I don't like the fame "testers" gave the procedure on that platform :p
 

mekelek

Level 28
Feb 24, 2017
1,692
7,460

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,607
28,309
well then the results aren't a surprise from Kaspersky's part.
sorry I don't understand what you mean
you mean kaspersky is good or not so good in this test?
it's a surprise for me to see google safe browsing outperforms all the contenders

but when it comes to real malwares not coming from vxvault or malc0de (because everyone can download them), I think kaspersky will perform better
 

mekelek

Level 28
Feb 24, 2017
1,692
7,460
sorry I don't understand what you mean
you mean kaspersky is good or not so good in this test?
it's a surprise for me to see google safe browsing outperforms all the contenders

but when it comes to real malwares not coming from vxvault or malc0de (because everyone can download them), I think kaspersky will perform better
i meant that Kaspersky's results are to be expected to be good :D
 

simmerskool

Level 9
Verified
Apr 16, 2017
411
1,166
but when it comes to real malwares not coming from vxvault or malc0de (because everyone can download them), I think kaspersky will perform better

Question re KFA (Kaspersky free AV (only Web Anti-virus enabled, File Anti-virus disabled))... so I can or could install KFA and only enable web av (since I have other av file protection installed? Assuming yes as that seems to be what you are saying, in another forum someone said the same thing about forticlient, that user can install just the web protection and it was suggested that forticlient is pretty strong. Assuming all that is true, could you or should you also test forticlient? Jumping back to KFA running only web av, is it light and should it cause a conflict. Since google is the winner, is there any point in running 2 or more of the web protection extensions or web av apps, eg, KFA might catch something that google missed... etc, etc. :unsure:
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,607
28,309
Question re KFA (Kaspersky free AV (only Web Anti-virus enabled, File Anti-virus disabled))... so I can or could install KFA and only enable web av (since I have other av file protection installed? Assuming yes as that seems to be what you are saying, in another forum someone said the same thing about forticlient, that user can install just the web protection and it was suggested that forticlient is pretty strong. Assuming all that is true, could you or should you also test forticlient? Jumping back to KFA running only web av, is it light and should it cause a conflict. Since google is the winner, is there any point in running 2 or more of the web protection extensions or web av apps, eg, KFA might catch something that google missed... etc, etc. :unsure:
because malwares can pass through google and get into your system, then google can't do anything but your AV can. It's always better to have 2 web filters than 1 because when you look at the tests again against 20 malwares links, google always missed something -> you AV's web filter can catch it. Even google + norton safe web or avira browser safety can catch everything + you have windows smartscreen after you download the file (it works similarly to Edge's smartscreen)
I might test forti when I have time

AVs with file shield disabled can still cause conflict because they install drivers into your system and they are active regardless of your setup especially AVs from big companies (kaspersky, norton, BD, avast,...)
the more simple the AV is, the less potential conflict it may cause

EDIT: I extracted some malware URLs from the hub Mixed Threats #20 (23.03.2018)
when I pasted them to download, google blocked nothing while kaspersky blocked almost all, Forti according to virustotal can also block most of them
when I comes to real malwares not coming from vxvault or malc0de, kaspersky and forti are >>>>> google
the great thing about Google safebrowsing is it warns you against files with poor reputation and allows you to decide whether to download it or not although it's not in the blacklist
 
Last edited:

simmerskool

Level 9
Verified
Apr 16, 2017
411
1,166
because malwares can pass through google and get into your system, then google can't do anything but your AV can. It's always better to have 2 web filters than 1 because when you look at the tests again against 20 malwares links, google always missed something -> you AV's web filter can catch it. Even google + norton safe web or avira browser safety can catch everything + you have windows smartscreen after you download the file (it works similarly to Edge's smartscreen)
I might test forti when I have time

AVs with file shield disabled can still cause conflict because they install drivers into your system and they are active regardless of your setup especially AVs from big companies (kaspersky, norton, BD, avast,...)
the more simple the AV is, the less potential conflict it may cause

EDIT: I extracted some malware URLs from the hub Mixed Threats #20 (23.03.2018)
when I pasted them to download, google blocked nothing while kaspersky blocked almost all, Forti according to virustotal can also block most of them
when I comes to real malwares not coming from vxvault or malc0de, kaspersky and forti are >>>>> google
the great thing about Google safebrowsing is it warns you against files with poor reputation and allows you to decide whether to download it or not although it's not in the blacklist

great reply, thanks and thanks for doing this (as mentioned above) :D
 

Kubla

Level 8
Verified
Jan 22, 2017
379
1,014
You should see me.. All websites have to pass through immense layers..

1) FortiGuard DNS (Paid)
2) FortiGuard Web Filtration
3) Untangle ZVelo Web Filtration
4) Untangle SNORT w/Oink
5) Pi-Hole w/1,000,000 blacklists
6) Heimdal Pro
7) G Data Total Security

How much does it slow down browsing?
 
Last edited:
Top