Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Mahesh Sudula

Level 17
Verified
Sep 3, 2017
810
4,977
Why, is Emsi web filtering not enough?
Emsisoft doesnt do well against zero hour phishing hosts..since it relies on black list thats not dynamically updated.
Reasons : As their cloud and user crowd is not that much, so may be the data gathered is not large scale.
Phishing champs like Webroot, Kaspersky, Trend micro, Bit defender have gigantic user database along side huge cloud data sharing from million end points, more over they reliy on multiple tactics in identifying a phishing host than a mere black list.
No wrong on Emsisoft end in my opinion
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
Code:
https://crypto4theo.com/

Is this site suspicious?
Found it reading comodo forums
Report for https://crypto4theo.com/ | Web Inspector states it is
VirusTotal Virustotal doesnt
it's a mining engine. + its main page has coinhive mining script

This page includes a JavaScript/iframe from coinhive.com that is blacklisted by McAfee, see McAfee SiteAdvisor Software – Website Safety Ratings and Secure Search

<script src="https://coinhive.com/lib/coinhive.min.js"
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
Test 24/11/2018
38 links: multiple sources including vxvault (older)
Code:
https://pastebin.com/g5zD2kQf

chrome 37/38
avira 19/38
comodo 2/38
malwarebytes 25/38
norton 6/38
bitdefender 32/38
WDBP 31/38 - downloaded 12
squidblacklist 10/38

K9 34/38
forticlient 38/38
kaspersky 38/38
Windscribe (ROBERT) 1/38
 
Last edited by a moderator:

Decopi

Level 3
Oct 29, 2017
122
431
@Evjl's Rain , thank you for including K9.

Considering that K9 works at system level, and it is not a heavy software (like Kaspersky, FortClient etc)... IMO K9 is the best in its category.

I can't see any add-on/extension contending against K9, not just because K9 works at system level, but also in terms of RAM, CPU, performance in general.

Same logic with antivirus, useless against zero-day virus/malware, and killer system resources.

... K9 + CF CS settings... when less is more...
 

Slyguy

Level 44
Jan 27, 2017
3,322
14,338
Kaspersky and Forticlient will almost always be on top. Both of them have some really nice labs and people working in those labs to keep those lists up to date. Both also pull from a variety of internal sources. Forticlient draws from it's FG IPS and FortiSandbox returns that are in millions of organizations around the world.
 
Last edited:

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,234
41,285
Test 24/11/2018
38 links: multiple sources including vxvault (older)
Code:
2d73.ru/En_us/Clients_transactions/11_18/
2ndoffice.ph/wp-content/themes/sketch/clip.exe
31.3.230.11/new/jey/jey.exe
51.254.84.55/fear.png.exe
abeautifulyouskincare.com/0325692BYAAN/identity/US/
bemnyc.com/dRqCZbI
canetafixa.com.br/98780ERLMN/BIZ/Business
coloradosyntheticlubricants.com/rJ1.exe
districoperav.icu/neifo/sysm.exe
down.wiremesh-ap.com/xiguaviewer_1122.exe
ecoconstrucciones.com.ar/wp-content/upgrade/doc/En/ACCOUNT/New-Invoice-TI39227-NK-9983
florean.be/wp-content/themes/remy/vcc.exe
ghancommercialbank.com/msn/newclient.exe
gucciai.net/Amadey.exe
ifcjohannesburg.org/JN/jfile.exe
localbusinesspromotion.co.uk/u
luvverly.com/images/default/En/ACCOUNT/Invoice-2907141048-07-16-2018
luyenthitoefl.net/wp-content/uploads/9MS/PAYMENT/Commercial
mindspeak.co/urBsC2H3s
monteglobal.co/monte/monte.exe
montrosecounselingcenter.org/lHw/
nowley-rus.ru/administrator/cache/En_us/Black-Friday
partner.targoapp.ru/En_us/Clients_information/11_18/
perfectionautomotivebexley.flywheelsites.com/US/BlackFriday2018/
potens.ru/1EOUQTEL/ACH/Business/  
psce.org.pk/4GLAVVG/SWIFT/Business/
raidking.com/99931JSF/oamo/US/
romodin.com/9dyHIxA
suryalife.in/0U/biz/Business/
travelcentreny.com/US/BlackFriday2018
trombleoff.com/bin/rig.exe
uninstall-tools.ru/officialclient.exe
vegasports.in/46OPJOBX/SEP/US/
volathailand.com/RvC2xxVB
www.aquastor.ru/7941G/WIRE/US  
www.c2cycle.com/UACS.exe
www.itwss.com/multimedia/Already.exe
www.standart-uk.ru/En_us/Clients_Messages/2018-11/

chrome 37/38
avira 19/38
comodo 2/38
malwarebytes 25/38
norton 6/38
bitdefender 32/38
WDBP 31/38 - downloaded 12
squidblacklist 10/38

K9 34/38
forticlient 38/38
kaspersky 38/38
Windscribe (ROBERT) 1/38
Thanks for testing (y)
You didn't test Microsoft Edge this time?
 

Brie

Level 9
Verified
Jan 1, 2018
449
1,229
Test 24/11/2018
38 links: multiple sources including vxvault (older)
Code:
2d73.ru/En_us/Clients_transactions/11_18/
2ndoffice.ph/wp-content/themes/sketch/clip.exe
31.3.230.11/new/jey/jey.exe
51.254.84.55/fear.png.exe
abeautifulyouskincare.com/0325692BYAAN/identity/US/
bemnyc.com/dRqCZbI
canetafixa.com.br/98780ERLMN/BIZ/Business
coloradosyntheticlubricants.com/rJ1.exe
districoperav.icu/neifo/sysm.exe
down.wiremesh-ap.com/xiguaviewer_1122.exe
ecoconstrucciones.com.ar/wp-content/upgrade/doc/En/ACCOUNT/New-Invoice-TI39227-NK-9983
florean.be/wp-content/themes/remy/vcc.exe
ghancommercialbank.com/msn/newclient.exe
gucciai.net/Amadey.exe
ifcjohannesburg.org/JN/jfile.exe
localbusinesspromotion.co.uk/u
luvverly.com/images/default/En/ACCOUNT/Invoice-2907141048-07-16-2018
luyenthitoefl.net/wp-content/uploads/9MS/PAYMENT/Commercial
mindspeak.co/urBsC2H3s
monteglobal.co/monte/monte.exe
montrosecounselingcenter.org/lHw/
nowley-rus.ru/administrator/cache/En_us/Black-Friday
partner.targoapp.ru/En_us/Clients_information/11_18/
perfectionautomotivebexley.flywheelsites.com/US/BlackFriday2018/
potens.ru/1EOUQTEL/ACH/Business/  
psce.org.pk/4GLAVVG/SWIFT/Business/
raidking.com/99931JSF/oamo/US/
romodin.com/9dyHIxA
suryalife.in/0U/biz/Business/
travelcentreny.com/US/BlackFriday2018
trombleoff.com/bin/rig.exe
uninstall-tools.ru/officialclient.exe
vegasports.in/46OPJOBX/SEP/US/
volathailand.com/RvC2xxVB
www.aquastor.ru/7941G/WIRE/US  
www.c2cycle.com/UACS.exe
www.itwss.com/multimedia/Already.exe
www.standart-uk.ru/En_us/Clients_Messages/2018-11/

chrome 37/38
avira 19/38
comodo 2/38
malwarebytes 25/38
norton 6/38
bitdefender 32/38
WDBP 31/38 - downloaded 12
squidblacklist 10/38

K9 34/38
forticlient 38/38
kaspersky 38/38
Windscribe (ROBERT) 1/38
thank you for this. i appreciate it. :giggle:
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
Any change that you can test the trendmicro toolbar / webfilter? Would love to der how this fares against malicious links! ;)
could you please share the download link or crx file of that extension for chrome? I'm not able to find any way to install it without installing trend micro suit
 

JiSingh12

Level 3
Sep 1, 2018
133
324
Hi @Evjl's Rain, and everybody else,

quick question, if a adblock filter shows "0 used out of 195,646" which is what my Energized Blu Protection is saying, or "21 used out of 107,788" which is what my adguard base filter/AdGuard English Filter is saying, does that mean all hosts/links within that filter have been covered by something else?

Thanks
 

Attachments

  • Nanoo.PNG
    Nanoo.PNG
    108.7 KB · Views: 271
Last edited:
Top