Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Windows_Security

Level 23
Verified
Trusted
Content Creator
Mar 13, 2016
1,303
6,268
Have been playing with MBAM extension and am really impressed with its blocking. Only point of critiscism is that it is a bit over carefull (the reputation warning), but since you still can bypass the waring (continue to the site), this does not feel as paranoid security interfering with internet experience.
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
New test 3/6/2018




Malwares (x2)​



Hybrid-analysis​



Openphish​



Phishtank​



Total score​



Google​



16​



2​



5​



8​



47



Norton​



20



1​



2*​



4*​



47



Malwarebytes​



16​



2​



1​



1​



36​



Avira​



16​



3​



4​



9​



48



WDBP​



2



2​



2​



3​



11​



Bitdefender​



0



2​



5​



8​



15​



Adguard​



0



0​



5​



7​



12​



ublock default​



0



0​



1​



1​



2



ublock+squidblack​



16​



0​



3​



2​



37​



Edge​



16*​



1​



2​



3​



38​






Malware (x2)​



Hybrid-analysis​



Openphish​



Phishtank​



Total score​



WDBP (2nd test)​



2​



2​



3​



3​



12​



ublock+AdZ​



0



0​



1​



1​



2



ublock+hphosts full+partial​



16​



1​



2​



2​



37​



Kaspersky free (bonus)​



19



2​



2​



8​



50


*: warns but doesn't block

Winners: Kaspersky Free, Google Safe Browsing, Norton Safe Web, Avira Browser Safety
Losers: ublock origin (default settings), AdZ hosts
Caution: Windows Defender Browser Protection, Adguard, Bitdefender Trafficlight
 
Last edited:

Nestor

Level 8
Apr 21, 2018
400
1,998
New test 3/6/2018




Malwares (x2)​



Hybrid-analysis​



Openphish​



Phishtank​



Total score​



Google​



16​



2​



5​



8​



47



Norton​



20



1​



2*​



4*​



47



Malwarebytes​



16​



2​



1​



1​



36​



Avira​



16​



3​



4​



9​



48



WDBP​



2



2​



2​



3​



11​



Bitdefender​



0



2​



5​



8​



15​



Adguard​



0



0​



5​



7​



12​



ublock default​



0



0​



1​



1​



2



ublock+squidblack​



16​



0​



3​



2​



37​



Edge​



16*​



1​



2​



3​



38​






Malware (x2)​



Hybrid-analysis​



Openphish​



Phishtank​



Total score​



WDBP (2nd test)​



2​



2​



3​



3​



12​



ublock+AdZ​



0



0​



1​



1​



2



ublock+hphosts full+partial​



16​



1​



2​



2​



37​



Kaspersky free (bonus)​



19



2​



2​



8​



50


*: warns but doesn't block

Winners: Kaspersky Free, Google Safe Browsing, Norton Safe Web, Avira Browser Safety
Losers: ublock origin (default settings), AdZ hosts
Caution: Windows Defender Browser Protection, Adguard, Bitdefender Trafficlight
In the next test you may add K9 Web Protection, although it's not an extension i believe will be the winner.
 

Burrito

Level 24
May 16, 2018
1,363
9,227
Excellent Evjl's Rain.

Avira did very well.... although I offloaded it based on some annoying qualities. Since Norton is so close, that's good enough.

And you sold me on Squidblack. I just added that -- finally -- to uBlock.o.

In this test, which Squidblack filters were used?

As I was poking around adding Squidblack,
Ads: Advertisements and tracking
..I also added ..
Malicious: Malicious, hijacked, ransomware, dangerous websites.

And I noticed Squidblack's..
Malicious-IPMalicious host ip address list ( combined profile )
..and..
Malicious-IPMalicious host ip address list ( blocklist.de standalone ). New

Blacklist Downloads

As a regular guy... consumer... home user, would those two lists benefit me?


Fine work Evjl's Rain, it is appreciated.


-Burrito
 

Decopi

Level 3
Oct 29, 2017
122
431
As usual from you @Evjl's Rain , a very nice job! Well done, Thank you.

Just adding few commentaries for your consideration:

1) In my tests, some add-ons/extensions show different results at different hours of the day. This is because extension data-bases are not just updated when browser launches, but also in different hours of the day. It is not mandatory, but perhaps a test based on same day + 2 different hours, will be even more accurate.

2) In my tests, NetCraft always is the winner blocking phishing.

3) I believe that "browser performance" (RAM, CPU, internet speed, battery life etc) is an important category to be included in these tests. For example, in my tests Google has more negative impact in browse performance, than the NetCraft + Malwarebytes Combo. In other words, sometimes a Combo has better results + better browser performance.

4) If "browser performance category" has the same priority than "blocking power", then alternatives outside the browsers might be included in future tests. For example Pi-Hole.

5) Malwarebytes uses heuristics, and this is important for zero-day-attack. As far as I know, MB is the only add-on/extension using heuristics. So, even if MB performs a bit down than other competitors, the MB heuristics factor might be important, specially when it works complementing normal AV outside the browser.
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
Excellent Evjl's Rain.

Avira did very well.... although I offloaded it based on some annoying qualities. Since Norton is so close, that's good enough.

And you sold me on Squidblack. I just added that -- finally -- to uBlock.o.

In this test, which Squidblack filters were used?

As I was poking around adding Squidblack,
Ads: Advertisements and tracking
..I also added ..
Malicious: Malicious, hijacked, ransomware, dangerous websites.

And I noticed Squidblack's..
Malicious-IPMalicious host ip address list ( combined profile )
..and..
Malicious-IPMalicious host ip address list ( blocklist.de standalone ). New

Blacklist Downloads

As a regular guy... consumer... home user, would those two lists benefit me?


Fine work Evjl's Rain, it is appreciated.


-Burrito
I only used www.squidblacklist.org/downloads/dg-malicious.acl
this is the only thing free and we can use for this test. The others, malicious IP,... are not free and not addable to ublock
this would benefit you but I think using an extension should be better and more updated

As usual from you @Evjl's Rain , a very nice job! Well done, Thank you.

Just adding few commentaries for your consideration:

1) In my tests, some add-ons/extensions show different results at different hours of the day. This is because extension data-bases are not just updated when browser launches, but also in different hours of the day. It is not mandatory, but perhaps a test based on same day + 2 different hours, will be even more accurate.

2) In my tests, NetCraft always is the winner blocking phishing.

3) I believe that "browser performance" (RAM, CPU, internet speed, battery life etc) is an important category to be included in these tests. For example, in my tests Google has more negative impact in browse performance, than the NetCraft + Malwarebytes Combo. In other words, sometimes a Combo has better results + better browser performance.

4) If "browser performance category" has the same priority than "blocking power", then alternatives outside the browsers might be included in future tests. For example Pi-Hole.

5) Malwarebytes uses heuristics, and this is important for zero-day-attack. As far as I know, MB is the only add-on/extension using heuristics. So, even if MB performs a bit down than other competitors, the MB heuristics factor might be important, specially when it works complementing normal AV outside the browser.
thank you for your reply

2) yes netcraft is one of the kings of phishing. However, phishing is not important for MT users because most people here can spot phishing by just looking at them and phishing links usually don't last very long. Malware blocking is more important

3) Browser performance is indeed important. For me, Norton Safe Web and WDBP are extremely lite, they consume very very little CPU time after 1 hour of browsing. The heaviest should be Avira browser safety -> Malwarebytes -> Bitdefender
Avira and MB scan our traffic in realtime, 24/7, that's why they are heavier and consume more CPU
Norton, WDBP and BD only scan the website we visit once and then finish. However, BD consumes a lot of CPU although scanning only once

4) Malwarebytes is very good, no doubt. The heuristics is really strong, I admit. It can something the others can't block but in the exchange of some false positives. It blocked 1 of my pdf from downloading but I'm sure it's safe
 
Last edited:

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
In the next test you may add K9 Web Protection, although it's not an extension i believe will be the winner.
The thing is there is no browser extension version for K9. I don't like installing a program for web filter

I think the best standalone web filter in the world is Forticlient
I may do a comparison between forticlient, kaspersky and K9 but I doubt K9 doesn't have an extensive database as the other 2
 

71Hemi

Level 2
Dec 12, 2015
70
163
@Decopi


Hello, I have seen you mention this before "For privacy/anti-tracking I have a tiny lightweight 3rd-party blocker." and have been meaning to ask you what blocker this is? Thanks...
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
yes, you are right
I mean squidblack malicious is the only one for security we can add
the other lists are also worth checking for other purposes
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
Why adguard detect 0 ?! which filters you had on it ?
default + malware filter
even if I enable all filters, it won't be much better

I have tested many times with similar results
adguard is only good at blocking phishing, very very poor at malware blocking

adguard for desktop is different because it also has google safe browsing while adguard extension doesn't have
 

Quassar

Level 12
Verified
Feb 10, 2012
584
1,466
default + malware filter
even if I enable all filters, it won't be much better

I have tested many times with similar results
adguard is only good at blocking phishing, very very poor at malware blocking

adguard for desktop is different because it also has google safe browsing while adguard extension doesn't have

I already check list on which you used to test im not wonder why adguard didn't check it. casue they are download files exe...
Adguard its not exe virus/malware scaner, adguard protect you from site code..
In this situation you need use some Security antivuris/antimalware scanner not web-blockersb like adguard adblocki
but ublock and umatrix are more scirp blocker so if you configure, you can block download exe extension file.

So in this test some software are not made with mind for this job,
other way i can use classic firewall (with out hips) which only monitor conection and be wonder why it not scan system files against virus lol...
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,604
28,273
I already check list on which you used to test im not wonder why adguard didn't check it. casue they are download files exe...
Adguard its not exe virus/malware scaner, adguard protect you from site code..
In this situation you need use some Security antivuris/antimalware scanner not web-blockersb like adguard adblocki
but ublock and umatrix are more scirp blocker so if you configure, you can block download exe extension file.

So in this test some software are not made with mind for this job,
other way i can use classic firewall (with out hips) which only monitor conection and be wonder why it not scan system files against virus lol...
I think adguard malware filter is made for this purpose. They are designed to block malicious links including malware urls. most of these extensions block malware domains, not many of them block malware files based on the malware activity
malwarebytes, google safe browsing and norton somehow can scan the downloaded files and block them

for me, I'm always against adguard because there is almost zero flexibility and customization. Users can only use what they provide
on the other hand, ublock allows us to add whatever we want including adding malware filters and block third-party domains

blocking all exe is not an option for many users because they need to download something and it's inconvenient to do so. Also blocking all third-party using ublock cannot block malware from being downloaded because when we click on a link, that link is first-party so 3rd-party blocking is ineffective

adblockers can help us to block malicious ads and trackers or ads with malicious codes with potential exploits
 

Decopi

Level 3
Oct 29, 2017
122
431
@Decopi

Hello, I have seen you mention this before "For privacy/anti-tracking I have a tiny lightweight 3rd-party blocker." and have been meaning to ask you what blocker this is? Thanks...

Hi @Darrin ,

In Firefox you have several 3rd-party blockers, tiny, lightweight. The same for Chrome.
Which one to use? It depends on you! Some of them are very basic. Other are more technical.

This one is very basic:
Policy Control - JavaScript and Flash blocker – Add-ons for Firefox

More technical:
Third-party Request Blocker – Add-ons for Firefox

My advice? Go to the Firefox add-on page (or Chrome Web Store), search for "blocker", lot of alternatives will appear. Test those with less than 200KiB size.

Here is important to understand that "privacy/security" without performance... is not an option.
The reason to substitute ad-blockers, or UBlock, hosts lists blockers etc etc etc... is because they kill browser performance. All of them were great 5 years ago. Not today! They are part of the past... dinosaurs.
I am saying that "browser performance" has the same priority as "privacy/security". And we should prefer solutions satisfying both categories.

In this context, the best alternatives for "privacy/security" are those solutions outside from browsers, at OS level, or even better outside from OS, like Pi-Hole. Sadly, most of the users prefer nothing, or prefer add-ons/extensions.

If you prefer add-ons/extensions, tiny/lightweight 3rd-parties blocker will stop at least 70% of the webgarbage (ads, trackers, phishing, malwares etc). And with the Firefox built-in anti-tracking (strict mode) + FPI + Containers + DNS/DoH encryption... it will be more than enough for privacy. Paranoids don't care about browser performance, so they can use Tor, VPNs, heavy extensions etc.

Now, for security, I recommend you to use the Firefox built-in protection (Safebrowsing - Google) + VirusTotal add-on/extension (VTzilla 2.0 ) + an external AV (Avast) + firewall (Comodo CS' settings). In my opinion this is the less intrusive combo, with the best protection.

Malwerbytes + Netcraft is better than Safebrowsing - Google. But if you have a 3rd-party blocker, it will overlap. In other words, you have plenty of combinations here. The best way to approach "privacy/security" is by thinking in terms of combos. But, "system performance" should be equal important than "privacy/security".
 
Last edited:

oldschool

Level 63
Verified
Mar 29, 2018
5,245
38,279
There is a McAfee web Extension for Edge (I think it's new) and from various test I have seen, it scores pretty good for malware and phising url's!

Get McAfee WebAdvisor - Microsoft Store

It's been around for quite awhile but it was renamed and been improved a couple of years ago. If you want all the features e.g. search results show website rating, you must use Yahoo as your search engine - a sacrifice I wasn't willing to make.
 
Top