Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
i see, but i lose the Search Analyzer & Tracker Detector feature from BTL, not that i ever looked at the green tick next to the links.. and i think my adblock is blocking most trackers anyway, so i guess no need to worry. EBS it is for definite now
you don't really need those features
tracker detection: you can replace it with proper filters in ublock. It will block. BDTL only detects but doesn't block + BDTL's tracker database is not good
search analyzer: if a website is malicious, you extension will block it anyway. I really think it's redundant. If it's malicious but your BDTL can't detect it and shows green, it will miss that malicious website
 

oldschool

Level 66
Verified
Top poster
Well-known
Mar 29, 2018
5,585
i see, but i lose the Search Analyzer & Tracker Detector feature from BTL, not that i ever looked at the green tick next to the links.. and i think my adblock is blocking most trackers anyway, so i guess no need to worry. EBS it is for definite now


I see your security config looks solid already. (Maybe overkill on browser exts.?) Just follow @Evjl's Rain suggestion when it comes to extensions. I suggest relaxation techniques like meditation :D because if you have good web habits you are fine! (y)
 

legendcampos

Level 6
Verified
Aug 22, 2014
265
Here on my system I am using a combination eset Nod32 + Adguard Basically this I think eset very good against pups, adwares, whenever I visit sites that have bitcoins, adwares, scripts of pages that open themselves... eset always blocks.

I still think WDBP and EBS inefficient against malicious advertisements. A simple test with adguard disabled in site Online Movies

eset.png

And with ESET deactivated they pass unnoticed

desativado.png
 
Last edited:

TairikuOkami

Level 31
Verified
Top poster
Content Creator
Well-known
May 13, 2017
2,074
I still think WDBP and EBS inefficient against malicious advertisements.
They are not really meant for that, they are for blocking URLs, ADs are embedded within webpages, they need a different filtering, like uBlock.
It is preferable to block ADs within the system before they reach the browser, like ESET, K9 or via DNS: adguard, alternate, cleanbrowsing.
 

legendcampos

Level 6
Verified
Aug 22, 2014
265
They are not really meant for that, they are for blocking URLs, ADs are embedded within webpages, they need a different filtering, like uBlock.
It is preferable to block ADs within the system before they reach the browser, like ESET, K9 or via DNS: adguard, alternate, cleanbrowsing.
Yes, what you have nowadays is true pages with malicious advertising, so I see no use of these two extensions.
 
  • Like
Reactions: oldschool

JiSingh12

Level 3
Sep 1, 2018
136
it's enough only if you have proper filters for ublock
for years, I have never had any problem with these malicious scripts
i use blockzilla, adversity, squidblacklist, 1hosts, extreme measures, vxvault, and stevenblack hosts as custom filters.

Also got things like adguard base filter enabled and Disconnect malvertising filter list etc. ticked
 
  • Like
Reactions: oldschool

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
i use blockzilla, adversity, squidblacklist, 1hosts, extreme measures, vxvault, and stevenblack hosts as custom filters.
they are good enough besides your AV and EBS
don't worry
ESET is extremely aggressive against PUP, sometimes overly aggressive => many people complaint about ESET blocking their websites on the forum
 

Windows_Security

Level 24
Verified
Helper
Top poster
Content Creator
Well-known
Mar 13, 2016
1,301
They are not really meant for that, they are for blocking URLs, ADs are embedded within webpages, they need a different filtering, like uBlock.
It is preferable to block ADs within the system before they reach the browser, like ESET, K9 or via DNS: adguard, alternate, cleanbrowsing.

Why do people complain about AntiVirus companies going through hoops and loops to decrypt HTTPS traffic before it reaches your browser and advice positively on ad-blockers doing seemingly the same thing to block HTTPS encrypted malvertising URL's and redirects?

Can somebody explain this to me why the AV-approach is wrong and Anti-Ad approach (of Adguard, K9 etc) is okay?
 

Arequire

Level 28
Verified
Top poster
Content Creator
Feb 10, 2017
1,704
Can somebody explain this to me why the AV-approach is wrong
There's a myriad of issues that can be caused by intercepting HTTPS. Things like breaking or not using certificate validation, using broken or outdated ciphers, degrading TLS connections and using outdated TLS versions, opening up connections to TLS attacks (Beast, Freak, Logjam, Crime, etc.)

and Anti-Ad approach (of Adguard, K9 etc) is okay?
I wouldn't say it's okay (I refuse to use AdGuard for this exact reason and its one of the reasons I don't use a traditional AV) but AdGuard themselves acknowledge the issues that HTTPS interception causes and actively try to avoid them as best they can. AV vendors just seem to be either negligent or indifferent when it comes to this stuff.

Here's a research paper about it if you want to get into the nitty gritty details:
https://jhalderm.com/pub/papers/interception-ndss17.pdf
And the conclusion they came up with:
Antivirus vendors should reconsider intercepting HTTPS. Antivirus software operates locally and already has access to the local filesystem, browser memory, and any content loaded over HTTPS. Given their history of both TLS misconfigurations and RCE vulnerabilities, we strongly encourage antivirus providers to reconsider whether intercepting HTTPS is responsible.
 
Last edited:

Andy Ful

Level 79
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
6,835
Usually malicious scripts they see on those sites where the pages open alone, if not detected may have gone unnoticed, scan with malwarebytes to see if it detects something.
I am not sure if your example with Eset can be accepted as a test for all web filtering protection methods.
  1. Most web filtering applications block the access to the content of the whole webpage (like Eset).
  2. Other solutions block often only the malicious links to files which are actually loaded by the web page.
In the first case the webpage will be blocked. In the second case it will be allowed, but the script will be blocked anyway, after clicking the malicious link.

So, another testing method should be applied for the solutions from the point 2. (like WD Network Protection).
 
Last edited: