Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Decopi

Level 8
Verified
Oct 29, 2017
359
hi,... update everyday


Thank you @Evjl's Rain for answering me ... is always a pleasure to read and learn from your posts.

I tested Forticlient webfilter... didn't like it. Categories are too rigid for my needs, and zero ads blocking.
I am not saying "Forticlient is bad". I repeat, I'm just saying "I didn't like it".
Forticlient definitely is not a replacement for K9 (which had great customized categories, including spectacular malware blocking + enough anti-tracking/ads blocking power... everything with almost zero system impact + working at system level). K9 was fantastic!

Pi-hole is the best solution in terms of results (highest rates of blocking malwares/ads+tracking). But it is unpractical if you need 24 hours mobility.
Extensions/Add-ons?... never again! For me they are prehistory.
Blocking lists?... 15 years ago they were the first and sole solution against web-garbage. Today, in my opinion they became into web-garbage, specially if you are not an European/American user. Lists are an extremely inefficient alternative, like killing mosquitoes with bazookas.
DNS solutions?... they don't work for me, I travel a lot, not always have servers near me, and the negative impact on browser speed is huge.
Yeah, I know, my opinions are totally subjective, valid only for me. But I can live with that :)

I thought Adguard-desktop could be an alternative for me. However, in my tests it significantly slows down my browser experience. I reduced the number of lists (removed malware lists, I kept only the basics: ads + tracking), and even with few lists... it impacts negatively my browser experience.
Also, I checked my firewall, and can confirm that many trackers are not blocked by Adguard at system level (K9 was so good, that even Windows' telemetry was blocked at system level).

Well, it seems that without K9... I am f@ck :) ... I can't find a good solution for my user profile. So, focused on system performance, I guess my final decision will be:
1) To use only native internal anti-tracking browser alternative (not because it blocks everything, but only because it blocks in the most efficient way, with the less system impact).
2) To use native internal safebrowsing browser alternative (google)... for the same reason at "1)".
3) For ads, I will use "Policy Control" (by Jeremy Schomery). Based on my best knowledge, it is the lightest extension for general blocking content (not just ads). Compared to UMatrix, Policy Control uses just 20% of system resources, and it is unbeatable compared to other blockers. As I said, extensions/add-ons (for me) are a regression, but at the moment I can't see other alternative.

Thank you once again @Evjl's Rain !
 
Last edited:

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Thank you @Evjl's Rain for answering me ... is always a pleasure to read and learn from your posts.

I tested Forticlient webfilter... didn't like it. Categories are too rigid for my needs, and zero ads blocking.
I am not saying "Forticlient is bad". I repeat, I'm just saying "I didn't like it".
Forticlient definitely is not a replacement for K9 (which had great customized categories, including spectacular malware blocking + enough anti-tracking/ads blocking power... everything with almost zero system impact + working at system level). K9 was fantastic!

Pi-hole is the best solution in terms of results (highest rates of blocking malwares/ads+tracking). But it is unpractical if you need 24 hours mobility.
Extensions/Add-ons?... never again! For me they are prehistory.
Blocking lists?... 15 years ago they were the first and sole solution against web-garbage. Today, in my opinion they became into web-garbage, specially if you are not an European/American user. Lists are an extremely inefficient alternative, like killing mosquitoes with bazookas.
DNS solutions?... they don't work for me, I travel a lot, not always have servers near me, and the negative impact on browser speed is huge.
Yeah, I know, my opinions are totally subjective, valid only for me. But I can live with that :)

I thought Adguard-desktop could be an alternative for me. However, in my tests it significantly slows down my browser experience. I reduced the number of lists (removed malware lists, I kept only the basics: ads + tracking), and even with few lists... it impacts negatively my browser experience.
Also, I checked my firewall, and can confirm that many trackers are not blocked by Adguard at system level (K9 was so good, that even Windows' telemetry was blocked at system level).

Well, it seems that without K9... I am f@ck :) ... I can't find a good solution for my user profile. So, focused on system performance, I guess my final decision will be:
1) To use only native internal anti-tracking browser alternative (not because it blocks everything, but only because it blocks in the most efficient way, with the less system impact).
2) To use native internal safebrowsing browser alternative (google)... for the same reason at "1)".
3) For ads, I will use "Policy Control" (by Jeremy Schomery). Based on my best knowledge, it is the lightest extension for general blocking content (not just ads). Compared to UMatrix, Policy Control uses just 20% of system resources, and it is unbeatable compared to other blockers. As I said, extensions/add-ons (for me) are a regression, but at the moment I can't see other alternative.

Thank you once again @Evjl's Rain !
you are right. Each person has different way of using their PCs
at the end of the day, it's hard to find something that fits everyone

to be honest, for several months of observation, extensions and my AV have barely blocked anything since I changed my way of using my laptop from testing various softwares to reading newspapers and messaging
I test these extensions to find which solutions to install on my parents' PCs, not mine, because they need more protection and are prone to be infected
I don't really like forticlient (also K9) too because I simply don't want to install anything more on my already-slow laptop
I do admit that blocking malwares is tougher in countries other than in Europe and US
some AVs always score exceptionally well but fail here, such as Norton
I uninstall everything I can and just install something which is as light as possible without straining my CPU and hard drive + high usability

I think your knowledge is enough to remove any dedicated webfilter like adguard, forti and K9. Let windows smartscreen do its job at blocking malwares
 
Last edited:

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
you are right. Each person has different way of using their PCs
at the end of the day, it's hard to find something that fits everyone

to be honest, for several months of observation, extensions and my AV have barely blocked anything since I changed my way of using my laptop from testing various softwares to reading newspapers and messaging
I test these extensions to find which solutions to install on my parents' PCs, not mine, because they need more protection and are prone to be infected
I don't really like forticlient (also K9) too because I simply don't want to install anything more on my already-slow laptop
I do admit that blocking malwares is tougher in countries other than in Europe and US
some AVs always score exceptionally well but fail here, such as Norton
I uninstall everything I can and just install something which is as light as possible without straining my CPU and hard drive + high usability

I think your knowledge is enough to remove any dedicated webfilter like adguard, forti and K9. Let windows smartscreen do its job at blocking malwares
I found the combo CleanBrowsing DNS + Blocksi Web Filter to be quite effective.
I tested some phishtank links and CleanBrowsing blocked most of them, only missed few hours old links (whick Blocksi blocked, while both Emsisoft and Windows Defender Chrome extensions didn't)
 
Last edited:

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
I found the combo CleanBrowsing DNS + Blocksi Web Filter to be quite effective.
I tested some phishtank links and CleanBrowsing blocked most of them, only missed few hours old links (whick Blocksi blocked, while both Emsisoft and Windows Defender Chrome extensions didn't)
Their whitelist is that huge so its easy to block all fake sites with block unrated rule

Actually you can just go throught phishtank and see blocksi blocking more than others do,
Im actually gonna use blocksi + netcraft from now, since netcraft has the xss blocking(y)
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I found the combo CleanBrowsing DNS + Blocksi Web Filter to be quite effective.
I tested some phishtank links and CleanBrowsing blocked most of them, only missed few hours old links (whick Blocksi blocked, while both Emsisoft and Windows Defender Chrome extensions didn't)
the only downside of blocksi for me is that in my country, too many safe websites are classified as unrated :( => blocked
the default preset is not good enough here
I have no choice other than using WDBP and emsisoft
cleanbrowsing has no server in asia => too high latency
 

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
the only downside of blocksi for me is that in my country, too many safe websites are classified as unrated :( => blocked
the default preset is not good enough here
I have no choice other than using WDBP and emsisoft
cleanbrowsing has no server in asia => too high latency
Yeah, a partial workaround could be to set Blocksi to "warn" instead of "block". Like that you can manually access the website and you can also avoid their promo web page
If you try it, be sure to set the filters to "warn" instead of "block". With the latter, Blocksi will redirect to a promo web page where they advertise their router premium offer
 

Decopi

Level 8
Verified
Oct 29, 2017
359
you are right... do its job at blocking malwares


Thank you again @Evjl's Rain for your answer!

I don't use and I don't believe in legacy (passive data base function) AV/AM. I just use proactive CF+CS' settings.
During the past 12 months I've being testing some AI' alternatives for AV/AM, but didn't find yet nothing enough robust/mature. I found two different AI' free AV/AM software, but they are beta and too "local" for my needs (most of their protection is focused on local threats: China and Korea).
So, I am still married to CF/CS, feels comfortable for the last 3 years, excellent proactive protection, almost zero system impact... no other security software in my system (even not WD, smartscreen, UAC etc, everthyng is removed)... once a month I do a second opinion complete scan, and zero, always 100% clean... so honestly, I don't really worry about virus/malware.
I just used K9' categories for virus/malwares because it had no system impact. The same with safebrowsing, after removing K9 I turned safebrowsing "on" at my browser just because it has a minimum system impact.
That is the reason "why" I never will use again extensions/add-ons for virus/malware... in my opinion is a complete waste of system resources. And the use of "blocking lists" for virus/malwares... it is the worst idea nowadays (where zero-days attacks rule the game).

So, my present focus really is anti-tracking and ads-blocking.
But as I said, if you are not European/American... forget blocking-list!... bazookas for mosquitoes.
VPN's, DNS's, PiHole etc... are unpractical for mobility, or useless if you don't have servers near your city.
Now without K9, this new context pushes me to Policy Control extension. After removing K9, this is the only tool I have against ads. The true is that by blocking third-parties content (JS, XHR/XML, Frames, CSP, websocket and Cookies), is possible to kill 70% of trackers and ads... good enough for me.
It is good to mention that most of the privacy/security issues are hiding behind advertising. So, blocking ads is also a way to hardening security/privacy. Yeah, ads are my major fight.

But I intend to keep reading your posts, because in my opinion you are "an authority" in this field, you are always testing stuff, bringing news and new stuff etc, so you always will be my source of inspiration :), source of innovations.

Thanks again!
 
Last edited:

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
@Evjl's Rain Welcome back to the forum bro (y)I checked your computer security config thread but there are no new updates from you. Would you please share a list of extensions and malware/phishing/ad/tracker filters you are currently using? thanks bro.
hi, thank you :)
I haven't updated my config because there is no change. I will update it soon
spoiler: Avast (configured for maximum speed + HM aggressive) + syshardener
browser: chromium (by woolyss)
extension: ublock (no malware filter, only for blocking ads), WDBP, emsisoft
windows 8.1 pro (not updated for a year)
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
I have reported such site like 8 hours ago, the url has reviewed 2 times from netcraft, still allowing it
212746



Blocksi blocks it, because of com-nit.xyz like domain
212747


How common are xss attacks anyways? Never thought the power or avoiding of them

The phishing throught twitch.tv wich is common platform, you can visit the site anytime anyday and you find such links passing netcraft etc

VirusTotal

VirusTotal
 
Last edited:

Decopi

Level 8
Verified
Oct 29, 2017
359
spoiler: Avast (configured for maximum speed + HM aggressive) + syshardener

Hi @Evjl's Rain , please just a simple question about your AVAST:

Time ago you wrote several posts about OSArmor.
What happened?
Have you stopped using OSArmor?

In other posts, I saw your AVAST' settings. And I might be wrong, but I saw there few configurations similar to OSArmor, in the sense of trying to add to AVAST some extra protection to several potential dangerous file extensions. Am I wrong? Did you prefer to hardening AVAST instead to use several security protections? (OSArmor, VodooShield, Comodo Firewall etc). Was this your logic?

As I said in previous comments, I don't use Legacy AV/AM.
However, among Legacy AV/AM, my opinion is that AVAST has the best (gain/loss) equation between light system impact and reasonable protection.
After years, are you still using AVAST for this reason?

I understand that lot of your choices are made based on simply solutions for your family/friends.
But I am really interested in the solutions you choose for your profile.

Please, can you share your AVAST and SysHardener' settings?

Thank you in advance!
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Hi @Evjl's Rain , please just a simple question about your AVAST:

Time ago you wrote several posts about OSArmor.
What happened?
Have you stopped using OSArmor?

In other posts, I saw your AVAST' settings. And I might be wrong, but I saw there few configurations similar to OSArmor, in the sense of trying to add to AVAST some extra protection to several potential dangerous file extensions. Am I wrong? Did you prefer to hardening AVAST instead to use several security protections? (OSArmor, VodooShield, Comodo Firewall etc). Was this your logic?

As I said in previous comments, I don't use Legacy AV/AM.
However, among Legacy AV/AM, my opinion is that AVAST has the best (gain/loss) equation between light system impact and reasonable protection.
After years, are you still using AVAST for this reason?

I understand that lot of your choices are made based on simply solutions for your family/friends.
But I am really interested in the solutions you choose for your profile.

Please, can you share your AVAST and SysHardener' settings?

Thank you in advance!
hi, avast has the best balance between performance and protection so that's the reason I use for years. I don't mind about other flaws such as privacy or bugs because I can deal with it by some tweaks or workaround
I don't like installing any extra in my computer. OSArmor used to be my favorite softwares but it's incompatible with avast on windows 8.1. Some users also reported the same issue on windows 10. Many people don't have this issue and the developer couldn't reproduce it so he couldn't fix it
moreover, OSArmor did cause some false positives on my side and it consumed some resource (quite significant) while I was running some cmd commands

syshardener works very similarly but requires zero installation and it consumes absolutely 0 resource. It's enough for me especially when I have avast's hardened mode aggressive enabled. The chance of being bypassed is really slim against regular malwares, even less than other better AVs like kaspersky, BD, norton/symantec,... because avast has hardened mode (aka default-deny against new, not yet-reputable exe files). Those better free AVs don't have default-deny module
besides avast, there are also windows smartscreen, google safe browsing (my browser), emsisoft and windows defender extensions

this is my avast's setting

I also blocked some telemetry using hosts file

my syshardener
 
Last edited:

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I installed Emsisoft Browser Security because like some have said here, it's the most barebones and does not send your browsing history around. What I have done so far is just whitelist all known encrypted TLDs for Javascript in Chrome using [*.]com:443. This restrict Javascript to run only on HTTPS websites of popular domains. While there can be malware and phishing on encrypted sites it's unlikely that those are also registered under popular top level domains.
 
  • Like
Reactions: oldschool

Decopi

Level 8
Verified
Oct 29, 2017
359
hi, avast... my syshardener

Thank you @Evjl's Rain for your interesting detailed answer.
Always is possible to learn a lot from you.

I just will finish my questions by asking you:
1) About the blocked telemetry in your host file... is it the same I saw in your very old posts? Or have you changed/updated it? Please, do you mind posting again your blocked telemetry items?
2) I understand you have conflicts with OsArmor/Win8. But I am curious about your opinion of AVAST + OSArmor + SysHardener. Do you recommend to use the 3 at the same time? Is it your dream combo?

Thanks a lot and have a nice weekend!

PS: As I mentioned, no legacy AV/AM in my system, just CF/CS settings. And for the last 12 months, I only tested new generation AI AV/AM solutions. However, as you, I also mess with other computers (work, family, friends etc), and there for average users I use legacy stuff. At most of these computers I like to have AVAST (because all the positive reasons you already quoted). But my way of hardening AVAST, usually is CF/CF or OSArmor or SysHardener. I never had issues with OSArmor using Windows 10. Also zero conflicts with CF/CS and SysHardener.
 
Last edited:
  • Like
Reactions: oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top