Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,627
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Moonhorse

Level 33
Verified
Top poster
Content Creator
Well-known
May 29, 2018
2,208
It is, blocks malware, adult content (which most filters omit) and can be customized, like allow proxy images on duckduckgo. I love it thus far.
I do not like running a realtime software, but I think, that I will make an exception. 0,04% CPU and 544B/s nonstop, I can live with that. :cautious:

K9 + UltraDNS should do the trick. UltraDNS is able to catch URLs, which bypass browser's dnscrypt somehow (direct downloads?).

EDIT: It seems, that I do not even need Netcraft anymore, that should make things a little lighter, less of multiple filtering. :p


Seems i have to get rid of forticlient web filter and replace it with k9:unsure:
 

TairikuOkami

Level 31
Verified
Top poster
Content Creator
Well-known
May 13, 2017
2,077
Seems i have to get rid of forticlient web filter and replace it with k9:unsure:
Indeed, K9 seems to just work as expected, Forticlient caused me BSOD, even with realtime being disabled.
I was thinking about getting rid of IDN Safe as well, but nuh, it blocks everything, K9 just blacklisted IDN.
Code:
Tested with: xn--bcher-kva.ch
 

HarborFront

Level 61
Verified
Top poster
Content Creator
Oct 9, 2016
5,094
For PhishProtect Beta it says

The tool redirects the browser to a warning page when IDN/Unicode URL or zero-day phishing website is detected and the full punycode (ascii) representation is displayed.

Real-time zero-day phishing prevention is currently only available for enterprise

Does that means the extension does NOT protect against real-time zero-day phishing?


As for Blockade

Blockade is DNS based server software designed to block third party tracking software, analytical software, ads and access to sites known to carry malware for all computers and devices on your network that can browse the internet.

A single server software license is all that is needed to protect all of the devices (computers, servers, laptops, Chromebooks, handhelds, smart TVs, tablets, phones) connected on your network and across your WI-FI from internet tracking software and ads.

Load Blockade directly onto any Windows or Linux computer on your network not currently running DNS services or web services. Blockade keeps advertisements, tracking, and analytical software off of your network.
  1. Blockade will protect you no matter what browser you choose or what device you are on.
  2. Stop invasive tracking software and ads from reaching any device on your network.
  3. Greatly improve network performance by stopping unwanted and intrusive traffic in your environment.
  4. Shield your privacy from tracking, profiling, and advertising companies and entities.
  5. Protect all of your devices from malware attempts and malicious websites.
So is it free or free to try? Looks like it's more suitable if you are running a network at home
 
Last edited:

TairikuOkami

Level 31
Verified
Top poster
Content Creator
Well-known
May 13, 2017
2,077
It looks, that K9 blocks some unknown webpages by default as suspicious, like lazytruckers, it sounds strange. :D
Anyway I reported it using the built-in form and I got a reply within 6 hours, that it was cleared and set as I demanded.
By the way, I have not realized, that K9 is owned by Symantec, no wonder it blocks malware so good, even better than Norton.
 

Attachments

  • capture_06082018_163123.jpg
    capture_06082018_163123.jpg
    149.5 KB · Views: 629
  • capture_06082018_164012.jpg
    capture_06082018_164012.jpg
    136.8 KB · Views: 556
Last edited:

Moonhorse

Level 33
Verified
Top poster
Content Creator
Well-known
May 29, 2018
2,208
It looks, that K9 blocks some unknown webpages by default as suspicious, like lazytruckers, it sounds strange. :D
Anyway I reported it using the built-in form and I got a reply within 6 hours, that it was cleared and set as I demanded.
By the way, I have not realized, that K9 is owned by Symantec, no wonder it blocks malware so good, even better than Norton.
Yes i googled about them yesterday and noticed the same, since i was wondering where are the filters from. Anyways its very aggressive blocking stuff, but very easy to whitelist sites you usually visit to. Im running default settings without open image/media search filter and i have no issues
 

Burrito

Level 24
Verified
Top poster
Well-known
May 16, 2018
1,382
Best AV's web filter: Kaspersky Free, Forticlient, K9 Web Protection
Best extension (malware): Avira Browser Safety, Malwarebytes
Best DNS: Neustar Recursive DNS

Losers: Adguard Adblocker, Quad9 DNS, Adguard DNS
[/QUOTE]

It's interesting how much better WDBP did in this test as compared with the last one.

In terms of product improvement between tests, WDBP is a winner.

For malware, I'm surprised that K9 did better than Norton, as I'd guess they both draw from Blue Coat.

I've made the switch to Neustar. So far, so good.

Thanks Evjl's Rain for another good test.
 

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,627
sorry, I found a problem in my test with WDBP
WDBP requires recovery time before each test.
in my test, I always open all links simultaneously => WDBP can only block 5-6 links maximum
when I execute all links 1 by 1 with 3-4 seconds delay, WDBP can block a lot more links. It doesn't happen with edge

there is no improvement in WDBP. It's just my problem
 

Moonhorse

Level 33
Verified
Top poster
Content Creator
Well-known
May 29, 2018
2,208
But if you have forticlient , k9 or kaspersky that means you dont need extension with filters
On that situation we get to point that you still need adblock, wich adblock is most lightweight / best for actual adblocking?
 

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,627
But if you have forticlient , k9 or kaspersky that means you dont need extension with filters
On that situation we get to point that you still need adblock, wich adblock is most lightweight / best for actual adblocking?
it's true that we don't need any extension if we use the 3 products you mentioned
but IMO, if the extension is turbo lightweight, close to no impact, I can keep it running because the best product can always miss something
I keep norton safe web because it's the lightest and effective, minimal CPU usage

we still need adblocker to speedup browsing and remove annoying ads/banners. It can partially block some malicious ads/malvertising, no need malicious blocking filter
 

Burrito

Level 24
Verified
Top poster
Well-known
May 16, 2018
1,382
sorry, I found a problem in my test with WDBP
WDBP requires recovery time before each test.
in my test, I always open all links simultaneously => WDBP can only block 5-6 links maximum
when I execute all links 1 by 1 with 3-4 seconds delay, WDBP can block a lot more links. It doesn't happen with edge

there is no improvement in WDBP. It's just my problem

So.... my hypothesis is... most attacks would probably be less than 5-6 simultaneous events.

If I'm correct in that, and if I'm understanding you correctly, then the better score is still valid for most real-world situations. So the needed recovery time is not optimal, but would still protect in most real-world scenarios.


Thanks again.
 
Last edited:

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,627
So.... my hypothesis is... most attacks would probably be less than 5-6 simultaneous events.

If I'm correct in that, and if I'm understanding you correctly, then the better score is still valid for most real-world situations. So the needed recovery time is not optimal, but would still protect in most real-world scenarios.

But, maybe I'm not understanding correctly.

Thanks again.
yes, WDBP is still sufficient because nobody will open >2-3 malicious links at the exact same time
by the way, no matter the recovery time, WDBP is not the best at blocking malwares but it's definitely one of the best in resource usage. That's the only reason I keep it running in my PC
 

Burrito

Level 24
Verified
Top poster
Well-known
May 16, 2018
1,382
,
Thank you very much! Indeed it is very aggresive,i use it with configured settings (only malware,spyware,fishing) and it is very good!I think Blue Coat,owned the last years by Norton.

Evjl's Rain, which categories in K9 did you include for your testing.

I finally downloaded it to try it out. I don't like many restrictions on my surfing.

Like Nestor, I only have two categories blocked, "Spyware / Malware Sources" and "Phishing."

And I'm going to experiment with "Web Advertisements."

I'm still skeptical that this provides more protection than Norton Safe Web. But I dunno.

Thank you.
 

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,627
Evjl's Rain, which categories in K9 did you include for your testing.

I finally downloaded it to try it out. I don't like many restrictions on my surfing.

Like Nestor, I only have two categories blocked, "Spyware / Malware Sources" and "Phishing."

And I'm going to experiment with "Web Advertisements."

I'm still skeptical that this provides more protection than Norton Safe Web. But I dunno.

Thank you.
I used the default settings for the test to provide the fairest test as possible
I also don't like it because it blocks youtube
I personally don't use it because I have kaspersky already

I think the 2 categories you mention should be good enough
you can add as many as you want unless they block too many things

K9 is based on behavior analysis, I think
while norton is based on reputation
 

Burrito

Level 24
Verified
Top poster
Well-known
May 16, 2018
1,382
Ok, I experimented with K9.

When looking at the activity log, it's in there messing with all sorts of things..

And now it goes to the trash heap.

And on this particular laptop, it caused the 1st ever unexpected shutdown.

K9 is for the dogs (bad pun intended).

MBAM BE, Norton Smart Web, WDBP, Neustar DNS, and uBO with 'the squid' is more than enough for me.

I was probably getting a little ridiculous with filtering anyway.
 
Last edited:

Moonhorse

Level 33
Verified
Top poster
Content Creator
Well-known
May 29, 2018
2,208
Ok, I experimented with K9.

And now it goes to the trash heap.

When looking at the activity log, it's in there messing with all sorts of things..

And on this particular laptop, it caused the 1st ever BSOD.

MBAM BE, Norton Smart Web, WDBP, Neustar DNS, and uBO with 'the squid' is more than enough anyway. I was probably getting a little ridiculous with filtering.
k9 = symantec
Symantec = norton
if you have norton as main antivirus, you dont need k9

Imo perfect solution is :
cruelsisters comodo firewall
K9
Cloud av
chrome with decent adblock
 
  • Like
Reactions: simmerskool

HarborFront

Level 61
Verified
Top poster
Content Creator
Oct 9, 2016
5,094
Can uBlock Origin be replaced if used in the easy mode?

I never like micro managing of websites unless I have 10 or less trusted sites to surf. Hence, uBlock Origin (in medium mode), uMatrix or NoScript is not my liking.

I use uBlock Origin in easy mode and add filters/hosts. I also disabled Google Safe Browsing and Tracking Protection in FF Quantum. Won't be trusting MS/Google/FF to keep my privacy as far as their extension/Safe Browsing/Tracking Protection is concerned.

As for DNS filtering unless there's one with features like either DNSCrypt/DNS-over-HTTPS/DNS-over TLS, supports DNSSEC, fast and keeps NO log otherwise I'll take one which supports the latter features and leave the filtering to other extensions.

Now, I wonder what other extensions can be used together to replace uBO?

I'll start off with the use of Malwarebytes extension which blocks
- malicious sites
- clickbait links
- stops in-browser cryptojackers
- ads and ad trackers
- browser hijackers
- browser lockers
- phishing and online scams
- PUPs, toolbars and pop ups

What MalwareBytes cannot protect from are

- analytics
- social media widgets
- ransomware

which can be provided by filters/hosts to uBO

Disconnect blocks
- ads
- analytics
- social
- content

Any users like to contribute other effective extensions to replace uBO? Besides those mentioned what uBO Origin (in easy mode) have that these extensions together lack?
 
Last edited:

Moonhorse

Level 33
Verified
Top poster
Content Creator
Well-known
May 29, 2018
2,208
Can uBlock Origin be replaced if used in the easy mode?

I never like micro managing of websites unless I have 10 or less trusted sites to surf. Hence, uBlock Origin (in medium mode), uMatrix or NoScript is not my liking.

I use uBlock Origin in easy mode and add filters/hosts. I also disabled Google Safe Browsing and Tracking Protection in FF Quantum. Won't be trusting MS/Google/FF to keep my privacy as far as their extension/Safe Browsing/Tracking Protection is concerned.

Now, I wonder what other extensions can be used together to replace uBO?

I'll start off with the use of Malwarebytes extension which blocks
- malicious sites
- clickbait links
- stops in-browser cryptojackers
- ads and ad trackers
- browser hijackers
- browser lockers
- phishing and online scams
- PUPs, toolbars and pop ups

What MalwareBytes cannot protect from are

- google analytics
- social media widgets
- ransomware

which can be provided by filters/hosts to uBO

Any users like to contribute other effective extensions to replace uBO? Besides those mentioned what uBO Origin (in easy mode) have that these extensions together lack?
Nanoblocker as default + defender addon as anti adblock killer
K9 isnt extension, but it pretty much can block everything and just allow manually, imo best webfilter out there
 
  • Like
Reactions: Nestor