Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I did a quick test with 10 links to see how these extensions perform
very disappointed results from some

avira: 7/10
Emsisoft: 1/10 (repeated 3 times)
Netcraft: 0/10 (same result against vxvault links => what happened to its malware filter?)

BDTL: 9/10
malwarebytes: 7/10 (it ignored all .doc samples by design, IMO)
google chrome: 10/10
WDBP: 8/10
Edge/IE: 10/10 (it warned 2 about 2 links WDBP missed: the files could harm your computer)
 

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Netcraft originally was just an anti-phishing extension and giving infos about the site you visit. I never considered as an anti-malware extension.
What's new in v1.15.0?
• Added more protections against malicious JavaScript
Added protections against malware
• Minor bugfixes
since they have added this feature, it's valid to verify its effectiveness although nobody expects it to outperform the others
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Netcraft originally was just an anti-phishing extension and giving infos about the site you visit. I never considered as an anti-malware extension.
You're correct but they themselves claim it also protects against malware:
What's new in v1.15.0?
• Added more protections against malicious JavaScript
• Added protections against malware
• Minor bugfixes
@Evjl's Rain was quicker to respond :eek:
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
I did a quick test with 10 links to see how these extensions perform
very disappointed results from some

avira: 7/10
Emsisoft: 1/10 (repeated 3 times)
Netcraft: 0/10 (same result against vxvault links => what happened to its malware filter?)

BDTL: 9/10
malwarebytes: 7/10 (it ignored all .doc samples by design, IMO)
google chrome: 10/10
WDBP: 8/10
Edge/IE: 10/10 (it warned 2 about 2 links WDBP missed: the files could harm your computer)
Thanks for testing again (y)

What I find interesting is that while pages are blocked by Edge Dev, Ziggo Safe Online still blocked some network traffic:

Schermopname (10).png
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
:emoji_disappointed:, so netcraft is down the gutter, what must I use now?
no, netcraft is one of the best anti-phishing extensions
it isn't good at blocking malware but extremely good against phishing. There are some additional features you might find helpful

Windows Defender browser protection and bitdefender trafficlight are my picks if you are not super picky about privacy
default browser's malware protection (chrome and edge) are also extremely good
 

Glynn

Level 2
Verified
Aug 16, 2017
67
no, netcraft is one of the best anti-phishing extensions
it isn't good at blocking malware but extremely good against phishing. There are some additional features you might find helpful

Windows Defender browser protection and bitdefender trafficlight are my picks if you are not super picky about privacy
default browser's malware protection (chrome and edge) are also extremely good
I’m on linux firefox and I’m paranoid about privacy, I removed BDTL because of privacy concerns.
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I’m on linux firefox and I’m paranoid about privacy, I removed BDTL because of privacy concerns.
so do not use any extension. Use only firefox's default protection
you don't use Windows so there is much less concern about malware infection
by the way, almost every browsing protection requires URL lookup on their servers = sending URL to servers
it's the same for firefox or any browser unless it doesn't have any malware protection
 
F

ForgottenSeer 823865

since they have added this feature, it's valid to verify its effectiveness although nobody expects it to outperform the others
Exactly. You know sometimes, some vendors add stuff to their products to get a boost in popularity, knowing that they won't outperform the big players.
Reason why when i choose a product, I select it for its main purpose. In the case of Netcraft only the infos it gives me about the visited site and anti-phishing. For malicious sites, I rely on something else. Half a decade, I didn't use BDTL, may give it a spin. Lol.

Also, I don't understand how people want a webfilter to filter without some sort of lookup.
 

Glynn

Level 2
Verified
Aug 16, 2017
67
Exactly. You know sometimes, some vendors add stuff to their products to get a boost in popularity, knowing that they won't outperform the big players.
Reason why when i choose a product, I select it for its main purpose. In the case of Netcraft only the infos it gives me about the visited site and anti-phishing. For malicious sites, I rely on something else. Half a decade, I didn't use BDTL, may give it a spin. Lol.

Also, I don't understand how people want a webfilter to filter without some sort of lookup.
I installed BDTL because every security configuration I looked at had it, so I thought it must be very good, then found out every url visited is sent to them, yea I am not having any of that on my pc(n):emoji_punch:(n)
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
In my minor IT-security this was an interesting discussion, that enhanced security always comes with the cost of lesser privacy, because you can't have one with out the other (remember the song love & marriage: the URL has to be sent to server to check whether it is safe or not :) ).

The loss of privacy depends whether the URL is hashed or not and whether the check is on domain level or page level

WIKIPEDIA said:
Google maintains the Safe Browsing Lookup API, which has a privacy drawback: "The URLs to be looked up are not hashed so the server knows which URLs the API users have looked up". The Safe Browsing Update API, on the other hand, compares 32-bit hash prefixes of the URL to preserve privacy. The Chrome, Firefox and Safari browsers use the latter.

When the URL is not hashed knowing on (visited) page level provides more insights in the users preferences, for instance when my extension knows that I often visit:

Justanotherporndomain/tinyteens a lot and Consumergoodsportal/sextoys provides different insights as knowing I visit justanotherpornsite and consumergoodsportal

So the conclusion we draw: use the browsers build-in safety feature (and when using Chrome or Chromium based browser) use the site preferences settings for javascript to block javascript and allow only HTTPS://* (as explained by several members on this forum often). When you use an extension which supports adblock plus format, you could also add 1 line to implement that for third-party connections (||*^$third-party,~stylesheet,~image) as often advocated by user Windows_Security).


As pointed out often on this forum 80 to 90 percent of the malware and phishing domains are from HTTP websites and 99% of the self respecting legal websites are on HTTPS nowadays.
 
Last edited:

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
:emoji_disappointed:, so netcraft is down the gutter, what must I use now?
Still it's key features can add to your protection especially on Linux where there is not much change to get a malware infection.
Key Features:

• Protection against phishing sites — The Netcraft anti-phishing community is effectively a giant neighbourhood watch scheme, empowering the most alert and most expert members to defend everyone within the community. As soon as the first recipients of a phishing mail report it, we can block it for all users of the extension providing an additional level of protection from Phishing. Netcraft processes reports of fraudulent URLs from a diverse variety of sources and proactively searches for new fraudulent sites.

• Protection against malicious JavaScript — Prevent your credit card details from being stolen by shopping site skimmers or your computer's processing power being harvested by web miners. Netcraft has been detecting shopping site skimmers, web miners, and other malicious JavaScript since 2017. The extension blocks sites that we have found to be compromised with malicious JavaScript. Additionally, it detects JavaScript that we have identified as being malicious, blocks pages that use it from loading, and automatically reports them to Netcraft to protect the rest of the community.

• Detailed site reports –the extension displays a wealth of information about the sites you visit, helping you to make informed choices about their safety.

• Risk Ratings – we evaluate the characteristics of the site and compare these against those depicted by fraudulent sites. The result is a simple visual summary displayed on the site report.
 

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
As pointed out often on this forum 80 to 90 percent of the malware and phishing domains are from HTTP websites
Indeed, not to mention privacy as well, because as the recent article posted on MT showed, people can use an encrypted DNS, connect via https, but as long as some parts of the webpage load via http, the whole idea is busted and ISP can easily see, to what webpage is the user connecting.
 

goodjohnjr

Level 5
Verified
Jul 11, 2018
231
Cleanbrowsing 10/10
Neustar 10/10
Yandex 0/10 (one dead link, just to show, that above results are not flawed)


Not to mention, it slow down browsing on my browser to the crawl, it took webpages 5-10 secs till they even started loading. They have ruined it.

Hello @TairikuOkami , thank you, could you test Quad9 DNS and Adguard DNS as well?

-John Jr
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,701
Not to mention, it slow down browsing on my browser to the crawl, it took webpages 5-10 secs till they even started loading. They have ruined it.

I tried it just for the heck of it and had exactly this experience so I trashed it.

Edit: But as @Gandalf_The_Grey points out, Netcraft's malware protection is from malicious Javascript, not malware downloads. So I use Edge's native JS blocking that @Lenny_Linux referred to - a simple and creative solution from @Windows_Security.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top