Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Bill K

Level 5
Jul 25, 2018
224
unfortunately, that's an irrelevant answer
I asked about CPU usage and they replied about memory usage
I thought the same thing when I saw their initial response... :confused:

I see you posted a followup to clarify the issue, and they've responded suggesting the possibility that it may be due to another extension you have installed. Don't see that as likely since you avoided the delay when you simply removed the MB extension, but hey I'm just the messenger here! :)
 

Gandalf_The_Grey

Level 59
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,834
Chrome without extensions seems to block phishing sites, but opera doesnt?

I thought they were both using google safe browsing, or whats the update cycle on opera?

Edit : netcraft added and it was blocking the site
One of the reasons I prefer Chrome over its alternatives . It just works.
 

stefanos

Level 28
Verified
Top poster
Well-known
Oct 31, 2014
1,725
Chrome without extensions seems to block phishing sites, but opera doesnt?

I thought they were both using google safe browsing, or whats the update cycle on opera?

Edit : netcraft added and it was blocking the site
I am using Opera many years. He is a browser with many extras and choices. But in terms of safety, it lags behind google. With netcraft extension and malwarebytes or avira browser safety you are enough safety and you enjoy the extra options of opera
 

oldschool

Level 66
Verified
Top poster
Well-known
Mar 29, 2018
5,584
They probably added much more lists on their lists, since its very aggressive right now. Hosts.cf + host.cf/addon are breaking many sites. Have to use ublock in medium mode to allow them back

Nice. I use Nano Adblocker medium mode as my default mode, then use 1hosts.cf, squidblacklist.org, vxvault.net in easy mode to un-break the occasional site. Works perfect for me! Just thought I'd share. (y):)
 

goodjohnjr

Level 2
Jul 11, 2018
74
Hello Everyone,

I noticed that the Comodo Online Security extension for Google Chrome was updated to version 1.4.0.63, and this is what was said about this version at the Comodo Forums:

Hi All,
Today we have released updated v1.4.0.63 of Comodo Online Security for Chromium based browsers:
Comodo Online Security

Changes:
- It has minor internal bug fixes for improved performance

At the moment we have updated browser for 1% of users, so if you already have extension installed, it may not update. You may uninstall and re-install from Google web store.

We hope to have extension for Edge browser in next weeks.


Thanks
-umesh

My version would not update yet, instead of uninstalling and reinstalling it, I will wait until it updates on its own eventually when they release the update for everyone else beyond the first 1%.

I am curious to see how Comodo Online Security and Windows Defender Browser Protection perform in the next test, I am waiting to see which of these I should keep to go along with Ublock Origin with slightly customized lists.

-John Jr
 

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
Hello Everyone,

I noticed that the Comodo Online Security extension for Google Chrome was updated to version 1.4.0.63, and this is what was said about this version at the Comodo Forums:



My version would not update yet, instead of uninstalling and reinstalling it, I will wait until it updates on its own eventually when they release the update for everyone else beyond the first 1%.

I am curious to see how Comodo Online Security and Windows Defender Browser Protection perform in the next test, I am waiting to see which of these I should keep to go along with Ublock Origin with slightly customized lists.

-John Jr
thank you for letting me know
unfortunately, I don't believe if there is any change in their databases which will directly affect the results of testing. I think they just fix some bugs but the detection rate will not change much, unless they implement some heuristics engines, like what malwarebytes extension has => better detection rate against new threats, higher rate of FPs, more impact on browsing performance
I'm looking forward to WDBP if they change some algorithms to make it as effective as edge's smartscreen. I think it's not possible because they want users to migrate to Edge rather than protecting their rival's users

1 thing I notice from comodo extension, not sure if it's true: comodo temporarily suspends a webpage from loading until it receives the result of cloud look from comodo's database (usually very quick), then comodo will allow the webpage to load => if comodo's server is down/maintained, we can't load any website until we disable the extension
avira extension has the exact same problem

WDBP and norton safe web work differently. It allows everything to load and simultaneously looks up for the reputation => everything will load independently of the server status, faster page loading time, similar result
 
Last edited:

goodjohnjr

Level 2
Jul 11, 2018
74
thank you for letting me know
unfortunately, I don't believe if there is any change in their databases which will directly affect the results of testing. I think they just fix some bugs but the detection rate will not change much, unless they implement some heuristics engines, like what malwarebytes extension has => better detection rate against new threats, higher rate of FPs, more impact on browsing performance
I'm looking forward to WDBP if they change some algorithms to make it as effective as edge's smartscreen. I think it's not possible because they want users to migrate to Edge rather than protecting their rival's users

1 thing I notice from comodo extension, not sure if it's true: comodo temporarily suspends a webpage from loading until it receives the result of cloud look from comodo's database (usually very quick), then comodo will allow the webpage to load => if comodo's server is down/maintained, we can't load any website until we disable the extension
avira extension has the exact same problem

WDBP and norton safe web work differently. It allows everything to load and simultaneously looks up for the reputation => everything will load independently of the server status, faster page loading time, similar result

You are welcome Evjl's Rain.

You are probably right about this being a minor update that will probably not impact the test results much or at all.

I hope the same about Windows Defender Browser Protection (WDBP), and I hope that you are wrong about that. ;)

I have also noticed some websites that seem to be waiting on Comodo Online Security (COS) to load or whatever before they load it seems, but I could be wrong because this possibly happens with some other extensions sometimes too or maybe it is just the browser itself waiting but who knows; but you are possibly correct about the behavior of those extensions, and so thank you for sharing this.

Do you have any early predictions on whether WDBP or COS will come out on top or which one you might recommend overall eventually?

Thank you for responding,
-John Jr
 

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
Do you have any early predictions on whether WDBP or COS will come out on top or which one you might recommend overall eventually?
I have no idea about the future development of the products because these vendors are quite conservative. I don't expect them to do something extraordinary

I only recommend WDBP and malwarebytes
- WDBP: useful, almost no resource usage
- malwarebytes: the most powerful, acceptable resource usage

comodo: not strong against new links, vxvault list for ublock should do better
 

goodjohnjr

Level 2
Jul 11, 2018
74
I have no idea about the future development of the products because these vendors are quite conservative. I don't expect them to do something extraordinary

I only recommend WDBP and malwarebytes
- WDBP: useful, almost no resource usage
- malwarebytes: the most powerful, acceptable resource usage

comodo: not strong against new links, vxvault list for ublock should do better

Thank you very much Evjl's Rain.

That was the direction that I was leaning as well, except I will probably only use one or the other, along with Ublock Origin with slightly customized lists (like the default enabled lists (except Malware Domains and Malware Domain List) plus VX Vault, Adblock Warning Removal List, and Dan Pollock’s hosts file) depending on which of those two I decide to stay with (I am currently waiting for Malwarebytes to fix the bug that I reported and that they confirmed because using it again).

-John Jr
 
Last edited:

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
Giving this a try but as my hosts file, not in Nano Adblocker.
Update: It breaks Wordpress unfortunately. I'm sticking with StevenBlack's Hosts file.
I recommend using it with ublock so you can unblock a domain if you want
so far, it hasn't given me any problem yet
1hosts addon is problematic. The developer suggests to use it with care because it breaks a lot
but there wouldn't be too much trouble with ublock because we can unblock
 

goodjohnjr

Level 2
Jul 11, 2018
74
I have no idea about the future development of the products because these vendors are quite conservative. I don't expect them to do something extraordinary

I only recommend WDBP and malwarebytes
- WDBP: useful, almost no resource usage
- malwarebytes: the most powerful, acceptable resource usage

comodo: not strong against new links, vxvault list for ublock should do better

Hello Evjl's Rain,

I am curious, I know that in your tests the VX Vault list is better than the default Ublock Origin malware lists (Malvertising filter list by Disconnect, Malware Domain List, Malware Domains, and Spam404), but how would you rank those default Ublock Origin malware lists from best to worst?

Thank you,
-John Jr