Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
As regards blocking malicious and phishing sites and general browsing security how does CleanBrowsing DNS compare to Neustar DNS?
That is a bit hard to say, since CleanBrowsing does not display warnings, the webpage simply fails to load, but technically it is blocked. As far as I can say, it is comparable to Neustar, if you pick Family filter, which also blocks proxies and such, it gets a little better. As for blocking malicious content, DNS can not block malicious downloads, they are mostly hosted on legitimate webpages, but I have seen Neustar to block C&C botnet.
 

Attachments

  • capture_04272019_162804.jpg
    capture_04272019_162804.jpg
    219.7 KB · Views: 746

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
That is a bit hard to say, since CleanBrowsing does not display warnings, the webpage simply fails to load, but technically it is blocked. As far as I can say, it is comparable to Neustar, if you pick Family filter, which also blocks proxies and such, it gets a little better. As for blocking malicious content, DNS can not block malicious downloads, they are mostly hosted on legitimate webpages, but I have seen Neustar to block C&C botnet.
Thanks for the info. Seems CleandBrowsing and Neustar are on par. I was thinking more on blocking malicious sites not downloads. Thanks again I appreciate the info.
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
CleanBrowsing DNS compare to Neustar DNS?
Neustars servers = usa
Cleanbrowsing = europe
what i have been testing the phishtank urls mostly, cleanbrowsing actually blocks some of the phishing links...but the extensions are doing it much better still

I have never seen neustar block phishing url, but its very good to block torrent /hack/warez sites. I tried business protection once and it was very effective family filter wide, but still blocksi extension is better since you can whitelist

Currently im using google dns with google chrome , and last phishtank urls like 100 of them...google blocked everything

Im not sure if the google DNS can do any better than actual safe browsing (doubt that)
 

Decopi

Level 8
Verified
Oct 29, 2017
361
@Decopi[/USER] - You can also uyse... if it works for you.

Thanks!
It took me years, but I believe I already tested 90% of them, including VoodooShield, AndyFul' HC etc.
Most of them are great, but none of them are for my taste, mainly because they conflict or are too much redundant with CF/CS (my main protection).

For my user profile, the less the better: CF/CS + New generation AI AV/AM.
For my friends/family etc: AVAST + CF/CS. In the worst case, if the user is a dangerous happy-clicker or addicted to porn etc, then I add SysHardener and OSArmor (but I rarely do that). For average users, I prefer basic solutions, because they don't know (and don't want) to deal with popups, messages, blocked stuff etc.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
Neustars servers = usa
Cleanbrowsing = europe
what i have been testing the phishtank urls mostly, cleanbrowsing actually blocks some of the phishing links...but the extensions are doing it much better still

I have never seen neustar block phishing url, but its very good to block torrent /hack/warez sites. I tried business protection once and it was very effective family filter wide, but still blocksi extension is better since you can whitelist

Currently im using google dns with google chrome , and last phishtank urls like 100 of them...google blocked everything

Im not sure if the google DNS can do any better than actual safe browsing (doubt that)
Thank you for the detailed reply I really appreciate it.
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
1) About the blocked telemetry in your host file... is it the same I saw in your very old posts? Or have you changed/updated it? Please, do you mind posting again your blocked telemetry items?
2) I understand you have conflicts with OsArmor/Windows 8. But I am curious about your opinion of AVAST + OSArmor + SysHardener. Do you recommend to use the 3 at the same time? Is it your dream combo?
1) yes, they are basically the same. Firstly, you have to disable avast's self-defense (to prevent it from deleting those hosts entries)then add hosts entries -> right-click the hosts file -> properties -> security -> edit -> choose "SYSTEM" account -> tick "Deny" on "Write" permission -> done
finally, you can re-enable avast's self-defense
blocking avast's telemetry can eliminate most of its ads too, without having to block avastui.exe by firewall
2/ you can use them together because they work differently. However, when you want to unblock something, you have to unblock it in OSArmor and syshardener (rarely)
syshardener can do something OSArmor can't like blocking scripts from downloading payloads or blocking vulnerable/unnecessary windows services. OSarmor does more than syshardener so usually, OSA alone is enough, no need SH
SH is problem-free for most users while OSA can be troublesome, especially with HP printers (not sure if the dev has fixed it or not). HP software uses scripts to function -> blocked by OSA


avast's telemetry
0.0.0.0 a.fortumo.com
0.0.0.0 ad.flurry.com
0.0.0.0 adlog.flurry.com
0.0.0.0 ads.flurry.com
0.0.0.0 analytics.ff.avast.com
0.0.0.0 analytics.flurry-cdn.com
0.0.0.0 api.flurry.com
0.0.0.0 api.fortumo.com
0.0.0.0 app.igodigital.com
0.0.0.0 cdn.flurry.com
0.0.0.0 data.altbeacon.org
0.0.0.0 data.flurry.com
0.0.0.0 dev.flurry.com
0.0.0.0 e.crashlytics.com
0.0.0.0 get-avast.com
0.0.0.0 googleads.g.doubleclick.net
0.0.0.0 googletagmanager.com
0.0.0.0 pagead2.googlesyndication.com
0.0.0.0 pay.fortumo.com
0.0.0.0 proton.flurry.com
0.0.0.0 stage.app.igodigital.com
0.0.0.0 v7.stats.avast.com
0.0.0.0 v7event.stats.avast.com
0.0.0.0 wutlar.fortumo.com
0.0.0.0 mobile-campaigns.avast.com
0.0.0.0 ipm-provider.ff.avast.com
0.0.0.0 stats.avg.com
 

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Has anyone tested Cryptonite? It's supposed to be free the first 30 days. :unsure:



 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Has anyone tested Cryptonite? It's supposed to be free the first 30 days. :unsure:



just had a quick look
1/ it's a 30-day trial extension => not a good sign
2/ visited some known safe websites including banking sites in my country (yahoo.com, google.com, symantec.com...) and some phishings: it only showed Green (safe) only when the website is verified by metacert!!!! (only, metacert made this extension). Otherwise, it would show a black icon (not verified by metacert, Unknown so proceed with caution )
even yahoo and google.com showed "Black", only symantec.com was green. Phishing sites were of course black
some banking sites in Vietnam, all were black

conclusion: not recommended, the database is not big enough

I'm really questioning the effectiveness of emsisoft browser security
it almost never blocks anything for me while Google Safe Browsing API and Windows Defender Browser protection have blocked a lot (FPs included)
I guess it's good against known malicious websites and has a big database but not great against something very new
WDBP and google have more number of users over the world so it could be a factor that they are more effective for me
nobody knows about emsisoft in my country, literally
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
The last two months i use Bitdefender extension. I am very pleased. Especially in Greek sites

And is not heavy.
View attachment 213656
I have just tested phishtank urls only, and with google safe browsing, blocksi and the only urls that it misses are detected by bitdefender only in virustotal ...but once again running 2x extensions i rather decide to go with one and thats blocksi... thats why i have been thinking moving to bitdefender antivirus for webfilter + blocksi as extension...and then again harden the whole configure with + H_C with allow exe. rules
 

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
674
I'm really questioning the effectiveness of emsisoft browser security
it almost never blocks anything for me while Google Safe Browsing API and Windows Defender Browser protection have blocked a lot (FPs included)
I guess it's good against known malicious websites and has a big database but not great against something very new
WDBP and google have more number of users over the world so it could be a factor that they are more effective for me
nobody knows about emsisoft in my country, literally
[/QUOTE]

I have Adguard extension with Nocoin filter list activated, Google Safe Browsing, Windows Defender Browser Protection and Emsisoft Browser Security. I never watch EBS block or tell me something. It's gonna be bye bye.....
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
I'm really questioning the effectiveness of emsisoft browser security
it almost never blocks anything for me while Google Safe Browsing API and Windows Defender Browser protection have blocked a lot (FPs included)
I guess it's good against known malicious websites and has a big database but not great against something very new
WDBP and google have more number of users over the world so it could be a factor that they are more effective for me
nobody knows about emsisoft in my country, literally

I have Adguard extension with Nocoin filter list activated, Google Safe Browsing, Windows Defender Browser Protection and Emsisoft Browser Security. I never watch EBS block or tell me something. It's gonna be bye bye.....
But remember testing the extensions throught malc0de or phishtank is different situation than visiting malicious/phishing site in real life

You probably just have safe enough internet habits, and you probably dont even benefit from these extensions at all..but extension or two doesnt hurt
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,704
Anyone noticed this? Opera is using netcraft services to block out phishing sites
Aswell promotion: With built-in VPN & adblocker you only need noscript extension to have suberb browser:emoji_ok_hand:
View attachment 213819

I haven't used it in ages. I think it is a favorite of @stefanos. Thanks for the info, though. I may try it again at some point.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top