Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
new test 28/12/2018
Code:
https://pastebin.com/tpwcQ512

chrome 15/20
avira 14/20
emsisoft 18/20 (4 downloaded, tested 2 times, sandboxie and browser crashed twice)
malwarebytes 16/20
norton 3/20
bitdefender 13/20
WDBP 15/20 (14 downloaded)
squidblacklist 3/20
kaspersky 16/20
 
Last edited by a moderator:

goodjohnjr

Level 2
Jul 11, 2018
58
282
new test 28/12/2018
Code:
http://restlesz.su/t.exe
http://bachaosubsy.com/viewnow/readme.exe
http://ceoseguros.com/pf.exe
http://dekhsongshere.com/downloads/Profile.exe
http://diyngabvouche.ml/goor.exe
http://file.tancyo.blog.shinobi.jp/286c6011.doc
http://fix-autos.co.uk/doc/exe.exe
http://free.fundiyideas.com/Detailed_report.zip
http://images.tax861.gov.cn/bsdt/Install_Bsdt_DotNet20.exe
http://labphon15.labphon.org/modules/contextual/contextual.exe
http://ni220471-1.web02.nitrado.hosting/M2Bob%20-%20Patcher.exe
http://redcourt.net/files/public-docs/asp_net.exe
http://sangeetkhabar.com/Akt375.zip
http://sfpixs123.dothome.co.kr/123.exe
http://siggbienesraices.com/XAVJAV.exe
http://solumagrend.com/dataprotected.exe
http://tonghopgia.net/WEBSERVICES/REDIRECT/RedirectService.exe
https://finndev.net/selif/1x4vx6jd.exe
https://uploadexe.com/uploads/5c0eea9d8b1caunimat.exe
https://www.cjoint.com/doc/18_12/HLBnmzUX3Ll_SCAN-RESERVATIONS.rar

chrome 15/20
avira 14/20
emsisoft 18/20 (4 downloaded, tested 2 times, sandboxie and browser crashed twice)
malwarebytes 16/20
norton 3/20
bitdefender 13/20
WDBP 15/20 (14 downloaded)
squidblacklist 3/20
kaspersky 16/20


:eek: Wow! What an improvement by Emsisoft Browser Security, I guess that update really made a difference, and WDBP (Windows Defender Browser Protection) is still performing better.

I guess I will be replacing Bitdefender TrafficLight with Emsisoft Browser Security to go along with WDBP for now.

Is it just me or does anyone else sometimes get HTTPs security warnings / security certificate warnings / whatever sometimes, rarely, when trying to load websites when using TrafficLight? (It only happens sometimes and briefly)

Thank you for the test Evjl's Rain.

-John Jr
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
PUP/adware test 2/1/2019
some extensions/AVs do very well against malwares but how do they stack up against PUPs and adwares?
most of these are PUPs, some are malwares because I can't find enough links for the test
some vendors immediately show their limitations against this kind of threat, even kaspersky has trouble sometimes. BD is the worst (in the good ones). Comodo is trash as expected

chrome 13/20
avira 14/20
bitdefender 7/20
comodo 0/20
emsisoft 16/20
malwarebytes 18/20
norton 7/20
WDBP 18/20
squidblacklist 4/20

kaspersky free AV 16/20
 

Burrito

Level 24
May 16, 2018
1,363
9,227
PUP/adware test 2/1/2019
some extensions/AVs do very well against malwares but how do they stack up against PUPs and adwares?
most of these are PUPs, some are malwares because I can't find enough links for the test
some vendors immediately show their limitations against this kind of threat, even kaspersky has trouble sometimes. BD is the worst (in the good ones). Comodo is trash as expected

chrome 13/20
avira 14/20
bitdefender 7/20
comodo 0/20
emsisoft 16/20
malwarebytes 18/20
norton 7/20
WDBP 18/20
squidblacklist 4/20

kaspersky free AV 16/20


Malwarebytes still standing tall.

WDBP looking very good..


As always, thanks @Evjl's Rain.
 

Sunshine-boy

Level 27
Verified
Apr 1, 2017
1,691
7,389
Mcafee Webadvisor :
Download McAfee WebAdvisor 4.0.7.213
1 link dead
17/19
Note: the extension and App cant block the downloading process but if you tweak browser to always ask you where to save files you see the McAfee blocked the page and you will not allow the Exe to download! anyway in real world there is no such URL that end to Exe file(at least i never saw)and McAfee will protect you.
 

TairikuOkami

Level 31
Verified
Content Creator
May 13, 2017
2,048
10,351
I actually hate anything, that blocks PUP, the less it blocks the better it is, in my book. Malwarebytes is the worst, blocking good soft/webpages.
What is PUP? Whatever they decide, it is. For example: Libre/Open Office break Microsoft Office documents, so I would mark it as PUP, if I could.
 

Nightwalker

Level 22
Verified
Trusted
Content Creator
May 26, 2014
1,189
7,899
I actually hate anything, that blocks PUP, the less it blocks the better it is, in my book. Malwarebytes is the worst, blocking good soft/webpages.
What is PUP? Whatever they decide, it is. For example: Libre/Open Office break Microsoft Office documents, so I would mark it as PUP, if I could.

You are so wrong in this post that is almost a deceptive reply.

It is obvious that the industry has guidelines for what PUP is, if it wasn't the case the vendors would have to deal with many many legal problems.

About Malwarebytes and PUPs:
PUP Reconsideration Information & Request Form

For me strong PUP detection is vital, it is the number one threat in volume now days, but for people who don't care about privacy or system performance, they can always disable PUP detection, at least while using good antivirus/anti-malware solutions.
 

TairikuOkami

Level 31
Verified
Content Creator
May 13, 2017
2,048
10,351
It is obvious that the industry has guidelines for what PUP is
No, they do not, it is up to each company to choose, whatever they want. Like Malwarebytes blocking RT news, that is so PUP. :D
Not to mention they also block game boosters, but they forgot to block the most used one called game mode, which does exactly the same.
 

Nightwalker

Level 22
Verified
Trusted
Content Creator
May 26, 2014
1,189
7,899
No, they do not, it is up to each company to choose, whatever they want. Like Malwarebytes blocking RT news, that is so PUP. :D
Not to mention they also block game boosters, but they forgot to block the most used one called game mode, which does exactly the same.

Ofcourse they do:
PUP Reconsideration Information & Request Form
How Microsoft identifies malware and potentially unwanted applications

Almost all vendors follow those criterias.

Malwarebytes blocking RT news? You are confusing the HEURISTIC, CLICKBAIT false positive in the extension with deliberate PUP detection.

Anyway ...
rt news.png
 

TairikuOkami

Level 31
Verified
Content Creator
May 13, 2017
2,048
10,351
How Microsoft identifies malware and potentially unwanted applications
Exactly: How Microsoft identify PUP.

PUP Reconsideration Information & Request Form
How do we (Malwarebytes) identify potentially unwanted software?

Malwarebytes blocking RT news?
They have lifted the ban after complaints, but that only proves, that they are following no guidelines, but do whatever they want to.

PUP is generally a grey area. Just like DNS blocking bad webpages, that is so wrong, because you can not access them, unless you change DNS.
 
Top