oldschool

Level 38
Verified
With SmartScreen enabled Edge Download protection (9/16) warned/blocked all VX Vault and URLhaus downloads.
Without SmartScreen Windows Defender (9/16) blocked all VX Vault and URLhaus downloads.

So there is definitely something wrong with the latest version of Bitdefender TrafficLight on the latest Edge Dev!
Edge Dev with SmartScreen should be enough in this test and the only option for me now could be Malwarebytes Browser Guard. :unsure:

Disclaimer: too small a set of links to take this test seriously. Just an indication.
Thanks for your tests.
 

Evjl's Rain

Level 44
Verified
Trusted
Content Creator
Malware Hunter
I did a quick test with 10 links to see how these extensions perform
very disappointed results from some

avira: 7/10
Emsisoft: 1/10 (repeated 3 times)
Netcraft: 0/10 (same result against vxvault links => what happened to its malware filter?)

BDTL: 9/10
malwarebytes: 7/10 (it ignored all .doc samples by design, IMO)
google chrome: 10/10
WDBP: 8/10
Edge/IE: 10/10 (it warned 2 about 2 links WDBP missed: the files could harm your computer)
 

TairikuOkami

Level 24
Verified
Content Creator

Evjl's Rain

Level 44
Verified
Trusted
Content Creator
Malware Hunter
Netcraft originally was just an anti-phishing extension and giving infos about the site you visit. I never considered as an anti-malware extension.
What's new in v1.15.0?
• Added more protections against malicious JavaScript
Added protections against malware
• Minor bugfixes
since they have added this feature, it's valid to verify its effectiveness although nobody expects it to outperform the others
 

Gandalf_The_Grey

Level 22
Verified
Netcraft originally was just an anti-phishing extension and giving infos about the site you visit. I never considered as an anti-malware extension.
You're correct but they themselves claim it also protects against malware:
What's new in v1.15.0?
• Added more protections against malicious JavaScript
• Added protections against malware
• Minor bugfixes
@Evjl's Rain was quicker to respond :eek:
 

Gandalf_The_Grey

Level 22
Verified
I did a quick test with 10 links to see how these extensions perform
very disappointed results from some

avira: 7/10
Emsisoft: 1/10 (repeated 3 times)
Netcraft: 0/10 (same result against vxvault links => what happened to its malware filter?)

BDTL: 9/10
malwarebytes: 7/10 (it ignored all .doc samples by design, IMO)
google chrome: 10/10
WDBP: 8/10
Edge/IE: 10/10 (it warned 2 about 2 links WDBP missed: the files could harm your computer)
Thanks for testing again (y)

What I find interesting is that while pages are blocked by Edge Dev, Ziggo Safe Online still blocked some network traffic:

Schermopname (10).png
 

Evjl's Rain

Level 44
Verified
Trusted
Content Creator
Malware Hunter
:emoji_disappointed:, so netcraft is down the gutter, what must I use now?
no, netcraft is one of the best anti-phishing extensions
it isn't good at blocking malware but extremely good against phishing. There are some additional features you might find helpful

Windows Defender browser protection and bitdefender trafficlight are my picks if you are not super picky about privacy
default browser's malware protection (chrome and edge) are also extremely good
 

Glynn

Level 2
no, netcraft is one of the best anti-phishing extensions
it isn't good at blocking malware but extremely good against phishing. There are some additional features you might find helpful

Windows Defender browser protection and bitdefender trafficlight are my picks if you are not super picky about privacy
default browser's malware protection (chrome and edge) are also extremely good
I’m on linux firefox and I’m paranoid about privacy, I removed BDTL because of privacy concerns.
 

Evjl's Rain

Level 44
Verified
Trusted
Content Creator
Malware Hunter
I’m on linux firefox and I’m paranoid about privacy, I removed BDTL because of privacy concerns.
so do not use any extension. Use only firefox's default protection
you don't use Windows so there is much less concern about malware infection
by the way, almost every browsing protection requires URL lookup on their servers = sending URL to servers
it's the same for firefox or any browser unless it doesn't have any malware protection
 

Umbra

Level 15
Verified
since they have added this feature, it's valid to verify its effectiveness although nobody expects it to outperform the others
Exactly. You know sometimes, some vendors add stuff to their products to get a boost in popularity, knowing that they won't outperform the big players.
Reason why when i choose a product, I select it for its main purpose. In the case of Netcraft only the infos it gives me about the visited site and anti-phishing. For malicious sites, I rely on something else. Half a decade, I didn't use BDTL, may give it a spin. Lol.

Also, I don't understand how people want a webfilter to filter without some sort of lookup.
 

Glynn

Level 2
Exactly. You know sometimes, some vendors add stuff to their products to get a boost in popularity, knowing that they won't outperform the big players.
Reason why when i choose a product, I select it for its main purpose. In the case of Netcraft only the infos it gives me about the visited site and anti-phishing. For malicious sites, I rely on something else. Half a decade, I didn't use BDTL, may give it a spin. Lol.

Also, I don't understand how people want a webfilter to filter without some sort of lookup.
I installed BDTL because every security configuration I looked at had it, so I thought it must be very good, then found out every url visited is sent to them, yea I am not having any of that on my pc(n):emoji_punch:(n)
 
In my minor IT-security this was an interesting discussion, that enhanced security always comes with the cost of lesser privacy, because you can't have one with out the other (remember the song love & marriage: the URL has to be sent to server to check whether it is safe or not :) ).

The loss of privacy depends whether the URL is hashed or not and whether the check is on domain level or page level

WIKIPEDIA said:
Google maintains the Safe Browsing Lookup API, which has a privacy drawback: "The URLs to be looked up are not hashed so the server knows which URLs the API users have looked up". The Safe Browsing Update API, on the other hand, compares 32-bit hash prefixes of the URL to preserve privacy. The Chrome, Firefox and Safari browsers use the latter.
When the URL is not hashed knowing on (visited) page level provides more insights in the users preferences, for instance when my extension knows that I often visit:

Justanotherporndomain/tinyteens a lot and Consumergoodsportal/sextoys provides different insights as knowing I visit justanotherpornsite and consumergoodsportal

So the conclusion we draw: use the browsers build-in safety feature (and when using Chrome or Chromium based browser) use the site preferences settings for javascript to block javascript and allow only HTTPS://* (as explained by several members on this forum often). When you use an extension which supports adblock plus format, you could also add 1 line to implement that for third-party connections (||*^$third-party,~stylesheet,~image) as often advocated by user Windows_Security).


As pointed out often on this forum 80 to 90 percent of the malware and phishing domains are from HTTP websites and 99% of the self respecting legal websites are on HTTPS nowadays.
 
Last edited:

Gandalf_The_Grey

Level 22
Verified
:emoji_disappointed:, so netcraft is down the gutter, what must I use now?
Still it's key features can add to your protection especially on Linux where there is not much change to get a malware infection.
Key Features:

• Protection against phishing sites — The Netcraft anti-phishing community is effectively a giant neighbourhood watch scheme, empowering the most alert and most expert members to defend everyone within the community. As soon as the first recipients of a phishing mail report it, we can block it for all users of the extension providing an additional level of protection from Phishing. Netcraft processes reports of fraudulent URLs from a diverse variety of sources and proactively searches for new fraudulent sites.

• Protection against malicious JavaScript — Prevent your credit card details from being stolen by shopping site skimmers or your computer's processing power being harvested by web miners. Netcraft has been detecting shopping site skimmers, web miners, and other malicious JavaScript since 2017. The extension blocks sites that we have found to be compromised with malicious JavaScript. Additionally, it detects JavaScript that we have identified as being malicious, blocks pages that use it from loading, and automatically reports them to Netcraft to protect the rest of the community.

• Detailed site reports –the extension displays a wealth of information about the sites you visit, helping you to make informed choices about their safety.

• Risk Ratings – we evaluate the characteristics of the site and compare these against those depicted by fraudulent sites. The result is a simple visual summary displayed on the site report.
 

TairikuOkami

Level 24
Verified
Content Creator
As pointed out often on this forum 80 to 90 percent of the malware and phishing domains are from HTTP websites
Indeed, not to mention privacy as well, because as the recent article posted on MT showed, people can use an encrypted DNS, connect via https, but as long as some parts of the webpage load via http, the whole idea is busted and ISP can easily see, to what webpage is the user connecting.
 

oldschool

Level 38
Verified
Not to mention, it slow down browsing on my browser to the crawl, it took webpages 5-10 secs till they even started loading. They have ruined it.
I tried it just for the heck of it and had exactly this experience so I trashed it.

Edit: But as @Gandalf_The_Grey points out, Netcraft's malware protection is from malicious Javascript, not malware downloads. So I use Edge's native JS blocking that @Lenny_Linux referred to - a simple and creative solution from @Windows_Security.
 
Last edited: