Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

[Evjl's Rain]

Evjl's Rain what is your opinion about Dr Web extension?I have seen some recent test which was very good.Have you ever tested it?

my recommendation is stay away from it. It's useless
it doesn't have any block function
you must right-click and scan the link with dr.web

 

[woodrowbone]

@Evjl`s Rain Did you ever check this one out:
Zenmate Web Firewall
Seems to be some sort of ublock engine inside??

/W

 

[JiSingh12]

BD consumes more cpu
moreoever, it pauses the website and waits for the result from cloud => can slow down your speed during peak hours
in overall, it's a great extension for malwares and phishing but not good against PUPs

So you recommend EBS + WDBP for best performance and protection overall i presume?

 

[Evjl's Rain]

@Evjl`s Rain Did you ever check this one out:
Zenmate Web Firewall
Seems to be some sort of ublock engine inside??

/W

I haven't tried it yet but it's not appealing to me

So you recommend EBS + WDBP for best performance and protection overall i presume?

Yes, I think so

 

[JiSingh12]

es, I think so

i see, but i lose the Search Analyzer & Tracker Detector feature from BTL, not that i ever looked at the green tick next to the links.. and i think my adblock is blocking most trackers anyway, so i guess no need to worry. EBS it is for definite now

 

[Evjl's Rain]

i see, but i lose the Search Analyzer & Tracker Detector feature from BTL, not that i ever looked at the green tick next to the links.. and i think my adblock is blocking most trackers anyway, so i guess no need to worry. EBS it is for definite now

you don't really need those features
tracker detection: you can replace it with proper filters in ublock. It will block. BDTL only detects but doesn't block + BDTL's tracker database is not good
search analyzer: if a website is malicious, you extension will block it anyway. I really think it's redundant. If it's malicious but your BDTL can't detect it and shows green, it will miss that malicious website

 

[oldschool]

i see, but i lose the Search Analyzer & Tracker Detector feature from BTL, not that i ever looked at the green tick next to the links.. and i think my adblock is blocking most trackers anyway, so i guess no need to worry. EBS it is for definite now

I see your security config looks solid already. (Maybe overkill on browser exts.?) Just follow @Evjl's Rain suggestion when it comes to extensions. I suggest relaxation techniques like meditation because if you have good web habits you are fine!

 

[JiSingh12]

(Maybe overkill on browser exts.?)

Yeah, i know, i am a happy clicker to be honest and will click so many random sites

 

[legendcampos]

Here on my system I am using a combination eset Nod32 + Adguard Basically this I think eset very good against pups, adwares, whenever I visit sites that have bitcoins, adwares, scripts of pages that open themselves... eset always blocks.

I still think WDBP and EBS inefficient against malicious advertisements. A simple test with adguard disabled in site Online Movies



And with ESET deactivated they pass unnoticed

 

[TairikuOkami]

I still think WDBP and EBS inefficient against malicious advertisements.

They are not really meant for that, they are for blocking URLs, ADs are embedded within webpages, they need a different filtering, like uBlock.
It is preferable to block ADs within the system before they reach the browser, like ESET, K9 or via DNS: adguard, alternate, cleanbrowsing.

 

[legendcampos]

They are not really meant for that, they are for blocking URLs, ADs are embedded within webpages, they need a different filtering, like uBlock.
It is preferable to block ADs within the system before they reach the browser, like ESET, K9 or via DNS: adguard, alternate, cleanbrowsing.

Yes, what you have nowadays is true pages with malicious advertising, so I see no use of these two extensions.

 

[JiSingh12]

They are not really meant for that, they are for blocking URLs, ADs are embedded within webpages, they need a different filtering, like uBlock.

So EBS + Nano Adblocker is enough?

 

[Evjl's Rain]

So EBS + Nano Adblocker is enough?

it's enough only if you have proper filters for ublock
for years, I have never had any problem with these malicious scripts

 

[JiSingh12]

it's enough only if you have proper filters for ublock
for years, I have never had any problem with these malicious scripts

i use blockzilla, adversity, squidblacklist, 1hosts, extreme measures, vxvault, and stevenblack hosts as custom filters.

Also got things like adguard base filter enabled and Disconnect malvertising filter list etc. ticked

 

[Evjl's Rain]

i use blockzilla, adversity, squidblacklist, 1hosts, extreme measures, vxvault, and stevenblack hosts as custom filters.

they are good enough besides your AV and EBS
don't worry
ESET is extremely aggressive against PUP, sometimes overly aggressive => many people complaint about ESET blocking their websites on the forum

 

[JiSingh12]

they are good enough besides your AV and EBS

thanks Seems like i got basically all avenues covered when it comes to malvertising, malware, PUPs, ads, etc. within Chrome.

 

[TairikuOkami]

Yes, what you have nowadays is true pages with malicious advertising, so I see no use of these two extensions.

I guess EBS does block something, since I have got this, until I have disabled it.

 

[legendcampos]

I guess EBS does block something, since I have got this, until I have disabled it.

Usually malicious scripts they see on those sites where the pages open alone, if not detected may have gone unnoticed, scan with malwarebytes to see if it detects something.

 

[Windows_Security]

They are not really meant for that, they are for blocking URLs, ADs are embedded within webpages, they need a different filtering, like uBlock.
It is preferable to block ADs within the system before they reach the browser, like ESET, K9 or via DNS: adguard, alternate, cleanbrowsing.

Why do people complain about AntiVirus companies going through hoops and loops to decrypt HTTPS traffic before it reaches your browser and advice positively on ad-blockers doing seemingly the same thing to block HTTPS encrypted malvertising URL's and redirects?

Can somebody explain this to me why the AV-approach is wrong and Anti-Ad approach (of Adguard, K9 etc) is okay?

 

[Arequire]

Can somebody explain this to me why the AV-approach is wrong

There's a myriad of issues that can be caused by intercepting HTTPS. Things like breaking or not using certificate validation, using broken or outdated ciphers, degrading TLS connections and using outdated TLS versions, opening up connections to TLS attacks (Beast, Freak, Logjam, Crime, etc.)

and Anti-Ad approach (of Adguard, K9 etc) is okay?

I wouldn't say it's okay (I refuse to use AdGuard for this exact reason and its one of the reasons I don't use a traditional AV) but AdGuard themselves acknowledge the issues that HTTPS interception causes and actively try to avoid them as best they can. AV vendors just seem to be either negligent or indifferent when it comes to this stuff.

Here's a research paper about it if you want to get into the nitty gritty details:
https://jhalderm.com/pub/papers/interception-ndss17.pdf
And the conclusion they came up with:

Antivirus vendors should reconsider intercepting HTTPS. Antivirus software operates locally and already has access to the local filesystem, browser memory, and any content loaded over HTTPS. Given their history of both TLS misconfigurations and RCE vulnerabilities, we strongly encourage antivirus providers to reconsider whether intercepting HTTPS is responsible.