Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,607
28,312
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Moonhorse

Level 30
Verified
Content Creator
May 29, 2018
1,999
10,009
Gonna give this thread a bump, can someone @Evjl's Rain or some else update this thread to current state

what ive seen is:
- comodo extension is dead
- malwarebytes extension is updated most frequently
- emsisoft update is been updated 2 years ago last time
- its hard to beat bitdefender trafficlight, as it blocks pretty much everything

And as bonus, this domain been up for 9 days and nothing is blocking it, if you can submit it to your vendor go on (y)
 

SeriousHoax

Level 39
Verified
Mar 16, 2019
2,821
23,281
Gonna give this thread a bump, can someone @Evjl's Rain or some else update this thread to current state

what ive seen is:
- comodo extension is dead
- malwarebytes extension is updated most frequently
- emsisoft update is been updated 2 years ago last time
- its hard to beat bitdefender trafficlight, as it blocks pretty much everything

And as bonus, this domain been up for 9 days and nothing is blocking it, if you can submit it to your vendor go on (y)
Already detected by TrafficLight. I just submitted to almost all the popular AV vendors including smartscreen and Google safe browsing.
 

imuade

Level 12
Verified
Jul 29, 2018
563
2,973
Gonna give this thread a bump, can someone @Evjl's Rain or some else update this thread to current state

what ive seen is:
- comodo extension is dead
- malwarebytes extension is updated most frequently
- emsisoft update is been updated 2 years ago last time
- its hard to beat bitdefender trafficlight, as it blocks pretty much everything

And as bonus, this domain been up for 9 days and nothing is blocking it, if you can submit it to your vendor go on (y)
Blocked by Blocksi Web Filter set to block unrated websites
Immagine.jpg
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,607
28,312
I have some free time today and performed a test
15 links from urlhaus. No time for phishing

Extensions:
Chrome's safebrowsing: block 12/15 + warn: 3/15 = 15/15
Bitdefender: 14/15
Malwarebytes: 10/15
Avira: 8/15
Norton: 7/15
Emsisoft: 5/15
Microsoft WDBP: 5/15 (tested a few times, same result)

DNS:
neustar (Threat Protection): 14/15
nextDNS: 14/15
quad9: 9/15
adguard family: malware 2/15 | adult 4/15 = 6/15
cleanbrowsing secure: 5/15
cloudflare malwares+adults: 2/15
openDNS family: 2/15
 

razorfancy

Level 3
Verified
Nov 27, 2016
147
948
I have some free time today and performed a test
15 links from urlhaus. No time for phishing

Extensions:
Chrome's safebrowsing: block 12/15 + warn: 3/15 = 15/15
Bitdefender: 14/15
Malwarebytes: 10/15
Avira: 8/15
Norton: 7/15
Emsisoft: 5/15
Microsoft WDBP: 5/15 (tested a few times, same result)

DNS:
neustar (Threat Protection): 14/15
nextDNS: 14/15
quad9: 9/15
adguard family: malware 2/15 | adult 4/15 = 6/15
cleanbrowsing secure: 5/15
cloudflare malwares+adults: 2/15
openDNS family: 2/15
At least for me on Edge Chromium with SmartScreen and PUA options enable was able to blocked 8 downloads, but didnt block any of the .doc files.
 

Evjl's Rain

Level 47
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,607
28,312
At least for me on Edge Chromium with SmartScreen and PUA options enable was able to blocked 8 downloads, but didnt block any of the .doc files.
true, smartscreen is definitely better than the extension
but somehow, in this test, it failed to block .doc files. It usually performs well in this category according to last tests
 

razorfancy

Level 3
Verified
Nov 27, 2016
147
948
true, smartscreen is definitely better than the extension
but somehow, in this test, it failed to block .doc files. It usually performs well in this category according to last tests
btw I test the links with McAfee WebAdvisor extension for Edge Chromium and it wasnt able to block any of them.
Really weird usually in my tests McAfee WebAdvisor extension performs well.
 

sepik

Level 11
Aug 21, 2018
521
2,483
Only i'm using is nano adblocker and html5 video autoblocker. Never got infected. My Trend Micro scans all the HTTP(S) by default, so i'm pretty safe. Dozens of stupid "privacy" browser extensions which clash each others are worthless actually, you will get tracked down.
 
F

ForgottenSeer 85179

Only i'm using is nano adblocker and html5 video autoblocker. Never got infected. My Trend Micro scans all the HTTP(S) by default, so i'm pretty safe. Dozens of stupid "privacy" browser extensions which clash each others are worthless actually, you will get tracked down.
You can config video autoplay in browser.

Https scanning is dangerous as all your https connections are compromised and can't be verified. Maybe they even decrease to TLS 1.2
 

silversurfer

Level 76
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,624
71,946
Https scanning is dangerous as all your https connections are compromised and can't be verified. Maybe they even decrease to TLS 1.2
Almost all major AV vendors scanning HTTPS connections by default to be able detecting malicious activities on all websites, there are working real security experts for these companies, so why those people believe it's necessary to scan even on HTTPS ;)
 

Raiden

Level 19
Verified
Content Creator
May 7, 2018
900
7,449
Almost all major AV vendors scanning HTTPS connections by default to be able detecting malicious activities on all websites, there are working real security experts for these companies, so why those people believe it's necessary to scan even on HTTPS ;)
Just playing devils advocate :p, but has anyone proved it was better, or are we just basing it on AV vendors telling us it is better?;)

I guess the question is, what ate they actually trying to stop? If it's downlowing files, then what's the purpose of the file scanner? Shouldn't it be scanning all downloaded files? I guess we could say detecting credit card skimmers, but many of those still go undetected by most AVs. So i guess the question is, what is the real purpose of scanning https traffic? After all its been known to cause quite a few issues, as https wasn't designed to work in this manner.

Not saying it's not worth it, just trying to inject some thought into the conversation. After all all I've seen from AV companies is them s aying, to stop the bad guys, but in all honesty, that's a pretty generic statement.:cool::emoji_beer:
 
F

ForgottenSeer 85179

Almost all major AV vendors scanning HTTPS connections by default to be able detecting malicious activities on all websites, there are working real security experts for these companies, so why those people believe it's necessary to scan even on HTTPS ;)
Microsoft Defender don't destroy TLS ;)

these security experts AV manufacturer only want selling their product so they include as much as possible features and "shine" with looks-important stuff like https scanning. In fact this only makes trouble and decrease security.
HTTPS scanning is only a option for companies.
 
Top