Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,275
Exactly: How Microsoft identify PUP.


How do we (Malwarebytes) identify potentially unwanted software?


They have lifted the ban after complaints, but that only proves, that they are following no guidelines, but do whatever they want to.

PUP is generally a grey area. Just like DNS blocking bad webpages, that is so wrong, because you can not access them, unless you change DNS.

Do you serious want me to post a link for every vendor? It is obvious that there are guidelines in the industry, vendors cant get away detecting what they want or otherwise they will have to face litigation.

Configure ESET products to detect or ignore unwanted, unsafe and suspicious applications ESET criterias (anyone can see how similar it is)

Again, you are confusing a false positive from the HEURISTIC CLICKBAIT MODULE with a PUP detection; anyway I am done here, facts are facts and you are just using your opinion as one.
 

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
I actually hate anything, that blocks PUP, the less it blocks the better it is, in my book. Malwarebytes is the worst, blocking good soft/webpages.
What is PUP? Whatever they decide, it is. For example: Libre/Open Office break Microsoft Office documents, so I would mark it as PUP, if I could.
in my above test, PUPs are the malicious ones, not the graywares or anything borderline. They can be considered trojans
you can see, they have very high detection rates on VT and they actually do bad things

I have seen many PCs heavily infected by chinese PUPs/adwares/toolbars/constant popups. They were super slow
do you consider these malicious?

I don't care how people or vendors define what PUP is, they must be blocked for good
greywares if they don't do bad things are not PUPs and they should not be blocked
gamebooster is not a PUP according to many people. If it's blocked, it's vendor's mistake
 

Burrito

Level 24
Verified
Top poster
Well-known
May 16, 2018
1,384
I have seen many PCs heavily infected by chinese PUPs/adwares/toolbars/constant popups. They were super slow do you consider these malicious?

Yes.



Do you serious want me to post a link for every vendor? It is obvious that there are guidelines in the industry, vendors cant get away detecting what they want or otherwise they will have to face litigation.

Configure ESET products to detect or ignore unwanted, unsafe and suspicious applications ESET criterias (anyone can see how similar it is)

Again, you are confusing a false positive from the HEURISTIC CLICKBAIT MODULE with a PUP detection; anyway I am done here, facts are facts and you are just using your opinion as one.


Yeah.

Malwarebytes is still really good at identifying PUPs.

This is a good thing.

And yeah, MBAM alerts on multiple pages I look at (Clickbait alerts)... no big deal. You can just tell it not to alert if you so desire.

While some may disagree with specific PUP designations (and that's fine) --- it's to our benefit that MBAM and others are scouring the interwebs to ferret this crap out for us.
 

Moonhorse

Level 32
Verified
Top poster
Content Creator
Well-known
May 29, 2018
2,164
Well malwarebytes blocks many unrated (legit) sites and the pup filter is fairly agressive, zemana download has been like this half year...Doesnt mean malwarebytes is bad, but i wouldnt install it to someone pc that couldnt handle these warnings to know wich is legit and wich not
zam1.png
 

jackuars

Level 27
Verified
Top poster
Well-known
Jul 2, 2014
1,637
Well malwarebytes blocks many unrated (legit) sites and the pup filter is fairly agressive, zemana download has been like this half year...Doesnt mean malwarebytes is bad, but i wouldnt install it to someone pc that couldnt handle these warnings to know wich is legit and wich not

Which one do you recommend for newbies then?
 

Moonhorse

Level 32
Verified
Top poster
Content Creator
Well-known
May 29, 2018
2,164
Which one do you recommend for newbies then?

Its hard to say, since its user dependant, computer specs do matter, network speed matters
I would trust the web filter outside of browser and keep browser extensions as minimal as possible

How often do you have infection by by malware, pups or anything? Personaly ive had only pup in timeline before using decent adblocker years ago

But i would say netcraft is mandatory extension, you probably dont need others if you have antivirus installed on your pc

Windows defender browser protection has very minimal memory footprint so it really doesnt hurt and does decent against pups without false positives and heavy load like malwarebytes extension has

I would go with netcraft+ Windows defender browser protection

edit: On phishtank links netcraft doesnt block , but bitdefender trafficlight does...
 
Last edited:

Gandalf_The_Grey

Level 59
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,865
I'm still not sure about Netcraft. It's a good extension, but it almost never seems to block anything. For now I have it not installed.
So what you need depends on your AV. For example Kaspersky's web filtering is great, Emsisoft is getting better with their new extension.
If you still think you need an extra extension next to your AV and Adblocker Bitdefender TrafficLight or Windows Defender Browser Protection are great options.
 

Moonhorse

Level 32
Verified
Top poster
Content Creator
Well-known
May 29, 2018
2,164
I'm still not sure about Netcraft. It's a good extension, but it almost never seems to block anything. For now I have it not installed.
So what you need depends on your AV. For example Kaspersky's web filtering is great, Emsisoft is getting better with their new extension.
If you still think you need an extra extension next to your AV and Adblocker Bitdefender TrafficLight or Windows Defender Browser Protection are great options.
Yeah havent seen netcraft to block anything on those recent links, bitdefender is doing better but is bit heavier than emsisoft
And emsisoft is doing better than trafficlight

Probably im gonna go with ublock origin + emsisoft
 

Moonhorse

Level 32
Verified
Top poster
Content Creator
Well-known
May 29, 2018
2,164
I'm using AdGuard + Emsisoft right now.
What is your opinion on Windows Defender Browser Protection?
No point to install WDBP with emsisoft,

+ WDBP can compete in malware filtering with others
+ its from microsoft
+ Its bit lighter than emsisoft in memory footprint

- the phishing protection isnt good, nowhere near emsisoft

Im using myself netcraft + emsisoft for now, but waiting for evlj or someone else to submit new test against phishing links
 

Gandalf_The_Grey

Level 59
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,865
No point to install WDBP with emsisoft,

+ WDBP can compete in malware filtering with others
+ its from microsoft
+ Its bit lighter than emsisoft in memory footprint

- the phishing protection isnt good, nowhere near emsisoft

Im using myself netcraft + emsisoft for now, but waiting for evlj or someone else to submit new test against phishing links
Ok, but why still Netcraft, woudn't an Adblocker and Emsisoft not be enough protection?
 

Windows_Security

Level 24
Verified
Helper
Top poster
Content Creator
Well-known
Mar 13, 2016
1,301
Ok, that's a good reason (y)
Wouldn't such attack be countered by Google Chrome's builtin XSS Auditor?

In 2017 when I was trying to get the grips on using uBlock 0rigin sniplets in My Filters (trying to block Eval and some other stuff in scripts) I had found a few websites on MDL which were breached. I had also installed a few other extensions (e.g. to see all outbound connections) and Netcraft extension. On 2 out of 3 websites which I used for testing Netcraft warned and Google XSS auditor remained silent.

When I could not get it working I decided to use block javascript for all HTTP://* (still allowing HTTPS) and manually whitelist some high level domains I might surf to ([*.]NL, [*.]BE, [*.]EU, [*]COM, [*.]NET, [*.]ORG, [*.]UK, etc.). I kept Netcraft for some time until its silence made me uninstall it (possibly redundant due to reduced attack surface for scripts).
 
Last edited: