Andy Ful

Level 63
Verified
Trusted
Content Creator
Although the browser anti-phishing/malware extensions can be useful sometimes, they are not as efficient as one could think:
"In fact, over a 60-day period, Akamai observed more than 2,064,053,300 unique domains commonly associated with malicious activity. Of those, 89% had a lifespan of less than 24 hours, ...".

I suspect that many of the tested phishing/malware links can be already dead.:unsure::(
 
F

ForgottenSeer 823865

89% had a lifespan of less than 24 hours, ...".
I suspect that many of the tested phishing/malware links can be already dead.:unsure::(
Exactly, it is why focusing too much on extensions is silly, people must learn to pinpoint suspicious sites and avoid wandering in unknown territories.
Pick some "trusted" (if i dare say the word) sites who inform about everything and stick to them.
for example some sites are specialized to answer all kind of questions; so no need going to low-reputation sites.
 

Tiamati

Level 8
Verified
Any point in using an extension with the av of the same company? (e.g Bitdefender Trafficlight with BIS, MalwareBytes extension with the premiun AV, Avira extension with Avira AV, WDBP with windows defender)
 

SeriousHoax

Level 29
Verified
Malware Tester
Although the browser anti-phishing/malware extensions can be useful sometimes, they are not as efficient as one could think:
"In fact, over a 60-day period, Akamai observed more than 2,064,053,300 unique domains commonly associated with malicious activity. Of those, 89% had a lifespan of less than 24 hours, ...".

I suspect that many of the tested phishing/malware links can be already dead.:unsure::(
This is why I don't really care much about phishing in general. Besides my browsing habit is pretty safe too. If I'm using a security suite like ESET or Kaspersky, I don't install any extension as this two are very capable. I even disable the extension Kaspersky forcefully installs (Won't let me uninstall :emoji_expressionless:). If I'm using Windows Defender, I keep Emsisoft Browser Security just in case. It's decent protection wise, light and fast. I would probably only keep WDBP if it was available for Firefox.

Probably someone mentioned/noticed this in the thread before that most of testing for malicious links done in this thread are from this source. You can easily subscribe to this list in your Adblocker like uBlock Origin:
https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter-online.txt
To subscribe easily, visit here: Filterlist search urlhaus and click Subscribe.
 
Last edited:

Gandalf_The_Grey

Level 35
Verified
Trusted
Content Creator
I don't think so.
Don't know for BDTL but Malwarebytes recommend using both:
I have Malwarebytes Premium. Do I still need Browser Guard?
Browser Guard does have extra protection features, as well as benefits for privacy, including ad and tracker blocking. And of course, Malwarebytes Premium versions have anti-exploit technology, real-time malware protection, anti-ransomware, and stalkerware protections that Browser Guard does not.

Where the web blocking module of Malwarebytes Premium and Browser Guard share a database of blocked IPs and domain, there is an overlap.

Looking at Malwarebytes Premium, it blocks the IPs and domains for all running applications, where Browser Guard does this only for the browser the extension is installed on.

On the other hand, Browser Guard blocks more than just domains and IP addresses. Not only does it recognize malicious websites based on their behavior that are not in the database (yet), it also blocks advertisements and trackers. These are not always malicious, but they usually do not improve user experience and blocking them can speed up your browsing up to four times.
 

Lenny_Fox

Level 14
Verified
Had to catch up some classes I missed last trimester, killing time during lunch break, anxiously waiting thumbs up/down of teacher on my project. Decided to play a little with mentioned extensions, similar results ("lood om oud ijzer" as we say in Dutch) noticed that Firefox seems to have improved (are they using a different Google Safe Browser API?), occasional intervention of Microsoft Network protection and only one stopped by Quad9.

This Elon Musk phishing websites (with HTTPS) promises a new Tesla, ,which is tempting when you have to use public transport like I do. Should i give it a shot because BTL says it is safe :LOL: ? Nahh member @Umbra advice is sound: use common sense when it is to good to be true, it probably is not true and most likely is a phishing bate.


1572521540500.png



Funny BitDefender on Virus Total is the only one who says it is fishy
1572522068600.png


Second check, now BTL also flags it
1572522236900.png
 
Last edited:

bjm_

Level 8
Verified
@Evjl's Rain once mentioned that google chromes safe browsing is being updated in real time, and firefox every 30 minutes ( if i remember correct, but i have been on that belief)
[...] When Safe Browsing is enabled in Chrome, Chrome contacts Google's servers periodically to download the most recent Safe Browsing list of unsafe sites including sites associated with phishing, social engineering, malware, unwanted software, malicious ads, intrusive ads, and abusive websites or Chrome extensions. [...]
.
https://www.google.com/chrome/privacy/whitepaper.html#malware
 
Last edited:

Zartarra

Level 2
The past couple days I did a browser extension test. I used 1045 phishinglinks, 38 recent (1 day old) phishing links, 47 malwarelinks and 41 new malwarelinks. I did the test with the latest Firefox browser, except for Windows Defender Browser protection. I used the latest Google Chrome version.

The results are:



Sophos​

Malwarebytes​

Emsisoft​

Avast online​

Avira​

Netcraft​

Bitdefender traffic light​

Norton safe web​

Windows Defender Browser protection​

Malware links​

92,31%​

94,50%​

7,07%​

31,77%​

83,53%​

15,56%​

82,56%​

11,36%​

36,67%​

Fresh malware links​

83,10%​

33,21%​

5,00%​

1,79%​

28,93%​

2,50%​

90,71%​

2,50%​

42,18%​

Phishing​

82,97%​

92,75%​

66,36%​

89,89%​

92,63%​

75,55%​

98,29%​

88,48%​

88,07%​

Fresh phishing links​

31,58%​

42,11%​

18,42%​

26,32%​

36,84%​

23,68%​

85,00%​

78,95%​

35,29%​

Total​

72,49%​

65,64%​

24,21%​

37,44%​

60,48%​

29,32%​

89,14%​

45,32%​

50,55%​



 
Last edited by a moderator:

Tiamati

Level 8
Verified
The past couple days I did a browser extension test. I used 1045 phishinglinks, 38 recent (1 day old) phishing links, 47 malwarelinks and 41 new malwarelinks. I did the test with the latest Firefox browser, except for Windows Defender Browser protection. I used the latest Google Chrome version.

The results are:



Sophos​

Malwarebytes​

Emsisoft​

Avast online​

Avira​

Netcraft​

Bitdefender traffic light​

Norton safe web​

Windows Defender Browser protection​

Malware links​

92,31%​

94,50%​

7,07%​

31,77%​

83,53%​

15,56%​

82,56%​

11,36%​

36,67%​

Fresh malware links​

83,10%​

33,21%​

5,00%​

1,79%​

28,93%​

2,50%​

90,71%​

2,50%​

42,18%​

Phishing​

82,97%​

92,75%​

66,36%​

89,89%​

92,63%​

75,55%​

98,29%​

88,48%​

88,07%​

Fresh phishing links​

31,58%​

42,11%​

18,42%​

26,32%​

36,84%​

23,68%​

85,00%​

78,95%​

35,29%​

Total​

72,49%​

65,64%​

24,21%​

37,44%​

60,48%​

29,32%​

89,14%​

45,32%​

50,55%​

Great results for BTL
 

bjm_

Level 8
Verified
That's not Cloudflare DNS, it doesn't block anything and couldn't put a block message as the website is HTTPS. That's Cloudflare on the website itself after receiving a phishing report.
Hmm, I've recently seen a few Cloudflare page blocks. I thought my 1.1.1.1 rendered page block, too. What does "Cloudflare on the website" mean? Cloudflare CDN?
 
Last edited:
  • Like
Reactions: Jack and Moonhorse

Threadripper

Level 8
Hmm, I've recently seen a few Cloudflare page blocks. I thought my 1.1.1.1 rendered page block, too. What does "Cloudflare on the website" mean?
The website uses the Cloudflare CDN and after Cloudflare received reports that the website is phishing, they put up that warning - because they don't host the website that's all they can do, along with passing the report to the web host.
 
Last edited:
Top