Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Those are exactly what everyone need the most...
Extensions blocking malicious sites are useless, those sites (the really malicious ones) rarely stay more than few hours, the time the extension vendor get the signature, the site is already gone...
However malicious scripts and XSS embedded in compromised legit sites are the most dangerous especially when coupled with fileless malwares.
I partially agree but I still won't mind about those malicious scripts. Too much headache
I found WD, BDTL and chrome have been blocking tons to stuffs which still persist till today. That's enough for me to recommend them for everyone who doesn't know much about computing

AV webfilter can handle malicious scripts. Kaspersky and avast have approved they are capable to block scripts

all mentioned products have never failed me
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Those are exactly what everyone need the most...
Extensions blocking malicious sites are useless, those sites (the really malicious ones) rarely stay more than few hours, the time the extension vendor get the signature, the site is already gone...
However malicious scripts and XSS embedded in compromised legit sites are the most dangerous especially when coupled with fileless malwares.

I believe you are correct, but this isn't the whole truth.

I found WD, BDTL and chrome have been blocking tons to stuffs which still persist till today. That's enough for me to recommend them for everyone who doesn't know much about computing

I generally agree with this. These two worked well in my informal testing, which I've done a lot of lately. I'll stick with my above recommendations generally depending on browser and AV used.
 

71Hemi

Level 2
Verified
Dec 12, 2015
82
Allrighty then, I think I finally found my setup for add-ons. Currently I'm running Netcraft, BDTL, Bluehell Firewall, @ Privacy Possum. I'm still on the fence on Privacy Possum due to blocking third party cookies in firefox and having "privacy.firstparty.isolate" enabled in about:config. This setup feels very light, doesn't slow page loading/opening down, and is pretty secure considering what Umbra, SeriousHoax, oldschool mentioned. I found uBlock is still having issues with settings changing to default values unless I run it by itself. Propriety? Maybe it's a setting or settings I made in about:config. I also found if I do a manual firefox browser history clean with all fields checked except site preferences, it breaks/defaults Netcraft optional settings, but... if I let firefox automatically clean history on closing, then my settings remain unchanged. This behavior has no bearing on running in Private mode or not. Bug in Firefox? Running Bluehell Firewall makes this a maintenance free setup however I would prefer running uBlock if I can figure out what about:config setting broke it or if there "is" a compatibility issue Netcraft. Any thoughts?
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Allrighty then, I think I finally found my setup for add-ons. Currently I'm running Netcraft, BDTL, Bluehell Firewall, @ Privacy Possum. I'm still on the fence on Privacy Possum due to blocking third party cookies in firefox and having "privacy.firstparty.isolate" enabled in about:config. This setup feels very light, doesn't slow page loading/opening down, and is pretty secure considering what Umbra, SeriousHoax, oldschool mentioned. I found uBlock is still having issues with settings changing to default values unless I run it by itself. Propriety? Maybe it's a setting or settings I made in about:config. I also found if I do a manual firefox browser history clean with all fields checked except site preferences, it breaks/defaults Netcraft optional settings, but... if I let firefox automatically clean history on closing, then my settings remain unchanged. This behavior has no bearing on running in Private mode or not. Bug in Firefox? Running Bluehell Firewall makes this a maintenance free setup however I would prefer running uBlock if I can figure out what about:config setting broke it or if there "is" a compatibility issue Netcraft. Any thoughts?

I don't use Firefox so I can't comment about your issues specifically. I can't find any good info about Bluehell anywhere except the FF Add-on site, which doesn't tell you much about the extension or the developer. It's also not available on Chromium browsers. The first party isolation flag you've enabled is not affecting uBO otherwise ****loads of users would have complained to FF and/or uBO. uBO has way more users overall than Bluehell, 5,000,000+ vs 16,000+!

In fact, I've never experienced settings changes to Netcraft, or any other extension I've used. You don't mention exactly which flags you've enabled in FF. You might want to post a new thread directed to FF users for help.

BTW: Privacy Possum blocks/spoofs a lot more than you may be aware of: referrer headers, fingerprinting, etags, etc. which most built-in or add-on blockers don't cover. I consider this a "must have" in my browser.
 

71Hemi

Level 2
Verified
Dec 12, 2015
82
Thanks oldschool! Looks like I'm getting schooled by oldschool! LOL Anyway I think it's time for a reset of firefox to undo all the about:config changes I've made recently and start over rather than waste anybody else's time with this. I didn't know about Privacy Possum extra features so it looks like a keeper. Thanks for the first party isolation flag info. and your help. See you can still teach an old dog new tricks! It's funny how I've rarely had any infections but have caused more issues when playing with or trying new ****. I will keep you posted...
 

71Hemi

Level 2
Verified
Dec 12, 2015
82
Well after a reset and re-configuration of firefox, without any about:config changes I can honestly say that manual history cleaning with all check boxes(fields) except "site preferences" checked, does in fact reverse any custom settings in uBlock Origin and Netcraft to default. Only in Privacy mode does this automatic history cleaning Not effect any extension custom settings. Go figure...
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
Even if MalwareBytes Browser Guard is heavier, does it give me more privacy than TrafficLight? Can BitDefender use my private information, like the sites I visit?

Would recommend reading Fabian's posts in that thread.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Even if MalwareBytes Browser Guard is heavier, does it give me more privacy than TrafficLight?

Yes, generally speaking.

Can BitDefender use my private information, like the sites I visit?

Yes, in theory. Are they selling your data? Maybe. Are they otherwise abusing your private info? Not likely, as far as I know.
 
F

ForgottenSeer 823865

Things to know:
1- almost all apps collect your datas, by datas I mean telemetry, which is mostly system configuration and eventually. Iocation/IPs. This isn't harmful to anyone. Unless you are a privacy freak.
2- some collect more datas, like URLs. Depending on the app purpose this is legit or not.
3- some will sell those datas to 3rd parties/advertisers. Again this is legit if notified in the user agreement (if you cared to read it).
4- almost none will collect your files for spying/peeping intents. Most AVs will only collect hashes for comparison or anonymize them.
5- No, your naked photos or sensitive docs won't be uploaded and read by a dude behind his desk, unless they are malicious (some AV cloud network may do it, HMP or Kaspersky for example). Be sure to read the user agreement if you are really anxious about it.
6- and no, even if collected, your shameful files/URLs won't be shared and exposed on the net with your name on it.

So basically all the fuss about privacy is demesured paranoia instigated by some privacy freaks or haters, or just people who don't like getting no cent from their collected datas.
The same way hospital collect your blood for free and resell them. Seems unfair, but you agreed by default by letting them do.

I use Google services heavily, I was never bombarded by shower of ads or saw my files exposed on the net.
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,948
No, your naked photos or sensitive docs won't be uploaded and read by a dude behind his desk, unless they are malicious (some AV cloud network may do it, HMP or Kaspersky for example).
Agree, but in general I found here a myth with Kaspersky auto file uploading... @MacDefender provided me his POC RiPlacer (a week ago today) to run some tests with different security products (I tested Kaspersky among them)... He suggested not to send to KLabs in order to test the tool undetected by signatures, so I ran in different systems his tool with KTS2020 in default settings, I haven't send his tool to KVirusDesk, and I can say that after a week it remains undetected by Kaspersky and still unknown in KSN... all this considering that @MacDefender's tool behaves similarly to a ransomware...
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,948
Yeah, but probably a specific upload took place after Kaspersky product detected very suspicious activities of those NSA unknown tools during a while :D
 
Last edited:
  • HaHa
Reactions: SeriousHoax

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top