Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

[Evjl's Rain]

Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings

Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings

Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings

Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings

Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings

Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings

Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings

Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings

Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings

Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings

Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings

Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings

Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings

Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings

Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings

Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings


Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links

Spoiler: Links

Dropbox - link test 17-3-2018.txt

Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

Spoiler: ublock origin filters

http://hosts-file.net/emd.txt
http://hosts-file.net/exp.txt
http://hosts-file.net/pup.txt
http://hosts-file.net/psh.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
https://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:

Winner: Google Safe Browsing

 

[ForgottenSeer 823865]

Nothing was proven about Kaspersky's wrong doing or ties with KGB as far as I'm aware, right? Eugune even wanted to show them the source code to prove there was nothing shady going on under the hood.

indeed, the issue wasn't that they were tied to the FSB/KGB or not, even if we all know that in communist countries, big corporations can't grow without some "partnership" with the government. The issue was the upload of a file who shouldn't be, unfortunately it was a Russian company collecting a file from an American intel agency employee...if the AV was Norton, i bet we won't even heard about it...

 

[Azure]

indeed, the issue wasn't that they were tied to the FSB/KGB or not, even if we all know that in communist countries, big corporations can't grow without some "partnership" with the government. The issue was the upload of a file who shouldn't be, unfortunately it was a Russian company collecting a file from an American intel agency employee...if the AV was Norton, i bet we won't even heard about it...

I'm surprised he didn't know how AVs even work. I would imagine someone working for the government should have basic understanding of the cloud and its influence on a security product.

Do people seriously still believe antivirus only use signatures?

 

[ForgottenSeer 823865]

Do people seriously still believe antivirus only use signatures?

sadly yes, and Average Joe even ignores what are signatures.

 

[Tiamati]

When you get bored Try this link start randomly typing text, you can use the icons as if it were your desktop icons.
OMG, ty!

When people are looking over your shoulder when you are answering email, this is a nice prank.

Additionally you could block the SCRIPT EXECUTION from top 20 shady domains published by Symantec, top 10 spam domains of Spamhaus and Sophos Dirty Dozen Spampionship in Chrome's content setting in the format [*.]TLD (Top Level Domain the bytes behind the dot in a domain name).

Hey, there is any way to do this through ublock origin?

 

[Lenny_Fox]

Hey, there is any way to do this through ublock origin?

YES just type in My Filters
||*.TLD^

where TLD stands for Top Level Domain., e.g. (example from first TLD mentioned in Symantec 20 shady domains)
||*.country^
||*.stream^
etc




PS @oldschool not W_S just providing a helpful answer

 

[Zartarra]

YES just type in My Filters
||*.TLD^

where TLD stands for Top Level Domain., e.g. (example from first TLD mentioned in Symantec 20 shady domains)
||*.country^
||*.stream^
etc




PS @oldschool not W_S just providing a helpful answer

Thanks for the info.

 

[RoboMan]

Is it worth isntalling Windows Defender Browser Protection if I use Edge Chrome? Does it have it already included?

 

[Protomartyr]

I'd say it's redundant since Edge Chrome already incorporates SmartScreen.

 

[Pat MacKnife]

Is it worth isntalling Windows Defender Browser Protection if I use Edge Chrome? Does it have it already included?

Windows Defender Browser Protection is build in -> smartscreen and is more up to date than the extension.

 

[Tiamati]

YES just type in My Filters

Spoiler: ...

||*.TLD^

where TLD stands for Top Level Domain., e.g. (example from first TLD mentioned in Symantec 20 shady domains)
||*.country^
||*.stream^
etc




PS @oldschool not W_S just providing a helpful answer

Ty!

BTW, i checked the last results and opinions. But i was curious about performance impact of Malwarebytes (opening browser, loading pages, etc). How is it doing, compared with BDTL and EMSISOFT?

And, about Netcraft, can it be trusted? After the WOT incident, i'm a little skeptical with """unknown""" groups

 

[Lenny_Fox]

Thanks for the info.

After reading the old posts of W_S, I think it is better to change the My Filters block rules to:
||*.country^$all,~document,~css,~image,~media
||*.stream^$all,~document,~css,~image,~media
etc

Note: this will display websites, but disables elements which might contain code (so they should be harmless)
1 - This will block all, except (~) page (document), stylesheets (css), images and media files (e.g. videos)
2 - $all only works with uB0 and is not AdBlock Plus syntax

 

[Zartarra]

After reading the old posts of W_S, I think it is better to change the My Filters block rules to:
||*.country^$all,~document,~css,~image,~media
||*.stream^$all,~document,~css,~image,~media
etc

Note: this will display websites, but disables elements which might contain code (so they should be harmless)
1 - This will block all, except (~) page (document), stylesheets (css), images and media files (e.g. videos)
2 - $all only works with uB0 and is not AdBlock Plus syntax

Thanks for the extra information.

 

[Handsome Recluse]

And, about Netcraft, can it be trusted? After the WOT incident, i'm a little skeptical with """unknown""" groups

Netcraft existed for a long time.

 

[Evjl's Rain]

Today test. Sorry, most links were dead. These are only live links I could find on vxvault and urlhaus
DNS was changed by DNS jumper + DNS cache was flushed + Browser was restarted on every time

Spoiler: malware links

link malware 4/3/2020 - Pastebin.com

pastebin.com

cloudflare (1.1.1.2/1.0.0.2) 1+1 = 2/9
quad9 1+2 = 3/9
adguard 2+1 = 3/9
neustar 2+3 = 5/9
cleanbrowsing 2+0 = 2/9
openDNS 1+0 = 1/9

avira 3+4 = 7/9
Bitdefender 3+6 = 9/9
emsisoft 0+0 = 0/9 !!!
malwarebytes 3+6 = 9/9
norton 3+2 = 5/9
WDBP 3+6 = 9/9
google 3+3 + 1 warn = 7/9

optional:
Netcraft 0+0 (not for malware blocking)

 

[jackuars]

Today test. Sorry, most links were dead. These are only live links I could find on vxvault and urlhaus
DNS was changed by DNS jumper + DNS cache was flushed + Browser was restarted on every time

Spoiler: malware links

link malware 4/3/2020 - Pastebin.com

pastebin.com

cloudflare (1.1.1.2/1.0.0.2) 1+1 = 2/9
quad9 1+2 = 3/9
adguard 2+1 = 3/9
neustar 2+3 = 5/9
cleanbrowsing 2+0 = 2/9
openDNS 1+0 = 1/9

avira 3+4 = 7/9
Bitdefender 3+6 = 9/9
emsisoft 0+0 = 0/9 !!!
malwarebytes 3+6 = 9/9
norton 3+2 = 5/9
WDBP 3+6 = 9/9
google 3+3 + 1 warn = 7/9

optional:
Netcraft 0+0 (not for malware blocking)

I was thinking to install WDBP, but is it required if I already have ESET? ESET seems to block all the pages.

 

[Evjl's Rain]

I was thinking to install WDBP, but is it required if I already have ESET? ESET seems to block all the pages.

it's up to you. if you use Edge, the extension is redundant. If you use browsers with google safe browsing. It may be worth to have WDBP because it virtually doesn't slow your browsing speed. Moreover, Edge's user number has increased substantially => blocking will definitely get better

 

[Moonhorse]

Today test. Sorry, most links were dead. These are only live links I could find on vxvault and urlhaus
DNS was changed by DNS jumper + DNS cache was flushed + Browser was restarted on every time

Spoiler: malware links

link malware 4/3/2020 - Pastebin.com

pastebin.com

cloudflare (1.1.1.2/1.0.0.2) 1+1 = 2/9
quad9 1+2 = 3/9
adguard 2+1 = 3/9
neustar 2+3 = 5/9
cleanbrowsing 2+0 = 2/9
openDNS 1+0 = 1/9

avira 3+4 = 7/9
Bitdefender 3+6 = 9/9
emsisoft 0+0 = 0/9 !!!
malwarebytes 3+6 = 9/9
norton 3+2 = 5/9
WDBP 3+6 = 9/9
google 3+3 + 1 warn = 7/9

optional:
Netcraft 0+0 (not for malware blocking)

Feels good having bitdefender free 9/9 , microsoft edge = 9/9 and the cloudflare malware dns 2/9 , yet im using netcraft for skimmers/malicious scripts (phishing)... might try neustar once again, since it will block illegal peering sites aswell

 

[TairikuOkami]

might try neustar once again, since it will block illegal peering sites aswell

And C&C servers too, so botnets/malware dependant on DNS will have a hard time.

 

[Arequire]

@Evjl's Rain
Does WDBP still have the issue of allowing malware to download even when the page is blocked?

 

[SeriousHoax]

NextDNS does better than all the DNS based solutions because the sources that are used to test the effectiveness of phishing and malware blocking here in this thread are covered by Nextdns and many more. A total of 34 sources right now. Source: nextdns/metadata