Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Gonna give this thread a bump, can someone @Evjl's Rain or some else update this thread to current state

what ive seen is:
- comodo extension is dead
- malwarebytes extension is updated most frequently
- emsisoft update is been updated 2 years ago last time
- its hard to beat bitdefender trafficlight, as it blocks pretty much everything

And as bonus, this domain been up for 9 days and nothing is blocking it, if you can submit it to your vendor go on (y)
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,868
Gonna give this thread a bump, can someone @Evjl's Rain or some else update this thread to current state

what ive seen is:
- comodo extension is dead
- malwarebytes extension is updated most frequently
- emsisoft update is been updated 2 years ago last time
- its hard to beat bitdefender trafficlight, as it blocks pretty much everything

And as bonus, this domain been up for 9 days and nothing is blocking it, if you can submit it to your vendor go on (y)
Already detected by TrafficLight. I just submitted to almost all the popular AV vendors including smartscreen and Google safe browsing.
 

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
And as bonus, this domain been up for 9 days and nothing is blocking it, if you can submit it to your vendor go on (y)
That webpage itself is just a frontline, check the login (once you click on Try Free), that should be blocked.
 

Attachments

  • capture_07262020_175607.jpg
    capture_07262020_175607.jpg
    43.5 KB · Views: 440

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
Gonna give this thread a bump, can someone @Evjl's Rain or some else update this thread to current state

what ive seen is:
- comodo extension is dead
- malwarebytes extension is updated most frequently
- emsisoft update is been updated 2 years ago last time
- its hard to beat bitdefender trafficlight, as it blocks pretty much everything

And as bonus, this domain been up for 9 days and nothing is blocking it, if you can submit it to your vendor go on (y)
Blocked by Blocksi Web Filter set to block unrated websites
Immagine.jpg
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I have some free time today and performed a test
15 links from urlhaus. No time for phishing

Extensions:
Chrome's safebrowsing: block 12/15 + warn: 3/15 = 15/15
Bitdefender: 14/15
Malwarebytes: 10/15
Avira: 8/15
Norton: 7/15
Emsisoft: 5/15
Microsoft WDBP: 5/15 (tested a few times, same result)

DNS:
neustar (Threat Protection): 14/15
nextDNS: 14/15
quad9: 9/15
adguard family: malware 2/15 | adult 4/15 = 6/15
cleanbrowsing secure: 5/15
cloudflare malwares+adults: 2/15
openDNS family: 2/15
 

razorfancy

Level 4
Verified
Well-known
Nov 27, 2016
168
I have some free time today and performed a test
15 links from urlhaus. No time for phishing

Extensions:
Chrome's safebrowsing: block 12/15 + warn: 3/15 = 15/15
Bitdefender: 14/15
Malwarebytes: 10/15
Avira: 8/15
Norton: 7/15
Emsisoft: 5/15
Microsoft WDBP: 5/15 (tested a few times, same result)

DNS:
neustar (Threat Protection): 14/15
nextDNS: 14/15
quad9: 9/15
adguard family: malware 2/15 | adult 4/15 = 6/15
cleanbrowsing secure: 5/15
cloudflare malwares+adults: 2/15
openDNS family: 2/15
At least for me on Edge Chromium with SmartScreen and PUA options enable was able to blocked 8 downloads, but didnt block any of the .doc files.
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
At least for me on Edge Chromium with SmartScreen and PUA options enable was able to blocked 8 downloads, but didnt block any of the .doc files.
true, smartscreen is definitely better than the extension
but somehow, in this test, it failed to block .doc files. It usually performs well in this category according to last tests
 

razorfancy

Level 4
Verified
Well-known
Nov 27, 2016
168
true, smartscreen is definitely better than the extension
but somehow, in this test, it failed to block .doc files. It usually performs well in this category according to last tests
btw I test the links with McAfee WebAdvisor extension for Edge Chromium and it wasnt able to block any of them.
Really weird usually in my tests McAfee WebAdvisor extension performs well.
 

sepik

Level 11
Verified
Well-known
Aug 21, 2018
505
Only i'm using is nano adblocker and html5 video autoblocker. Never got infected. My Trend Micro scans all the HTTP(S) by default, so i'm pretty safe. Dozens of stupid "privacy" browser extensions which clash each others are worthless actually, you will get tracked down.
 
F

ForgottenSeer 85179

Only i'm using is nano adblocker and html5 video autoblocker. Never got infected. My Trend Micro scans all the HTTP(S) by default, so i'm pretty safe. Dozens of stupid "privacy" browser extensions which clash each others are worthless actually, you will get tracked down.
You can config video autoplay in browser.

Https scanning is dangerous as all your https connections are compromised and can't be verified. Maybe they even decrease to TLS 1.2
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Https scanning is dangerous as all your https connections are compromised and can't be verified. Maybe they even decrease to TLS 1.2
Almost all major AV vendors scanning HTTPS connections by default to be able detecting malicious activities on all websites, there are working real security experts for these companies, so why those people believe it's necessary to scan even on HTTPS ;)
 
F

ForgottenSeer 72227

Almost all major AV vendors scanning HTTPS connections by default to be able detecting malicious activities on all websites, there are working real security experts for these companies, so why those people believe it's necessary to scan even on HTTPS ;)
Just playing devils advocate :p, but has anyone proved it was better, or are we just basing it on AV vendors telling us it is better?;)

I guess the question is, what ate they actually trying to stop? If it's downlowing files, then what's the purpose of the file scanner? Shouldn't it be scanning all downloaded files? I guess we could say detecting credit card skimmers, but many of those still go undetected by most AVs. So i guess the question is, what is the real purpose of scanning https traffic? After all its been known to cause quite a few issues, as https wasn't designed to work in this manner.

Not saying it's not worth it, just trying to inject some thought into the conversation. After all all I've seen from AV companies is them s aying, to stop the bad guys, but in all honesty, that's a pretty generic statement.:cool::emoji_beer:
 
F

ForgottenSeer 85179

Almost all major AV vendors scanning HTTPS connections by default to be able detecting malicious activities on all websites, there are working real security experts for these companies, so why those people believe it's necessary to scan even on HTTPS ;)
Microsoft Defender don't destroy TLS ;)

these security experts AV manufacturer only want selling their product so they include as much as possible features and "shine" with looks-important stuff like https scanning. In fact this only makes trouble and decrease security.
HTTPS scanning is only a option for companies.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top