Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 46
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,584
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Moonhorse

Level 30
Verified
Content Creator
May 29, 2018
1,955
Is there any way to get frontline page of phishing blocked by av vendors?

This is frontline page as example

It redirects you to random sites wich will be either, surveys like you won an iphone, you have post waiting as example
Sometimes its fake dating site or something too good to be true
Goal of these sites is money trapping, i dont know wich is the real word for it but you pay 1€for something like iphone, but in reality you have joined to random dating site wich will bill you 30€ every month until you close your card

Frontline page stays up forever, but the scam sites problably will get flagged ...but when taking a look at this example i believe its been going for a year without any blocking by av vendors

I just wanted to report that site to vendors like microsoft, netcraft as i did but they wont flag frontline pages as they are not malicious
 
Last edited by a moderator:

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,444
@Moonhorse , because of the adult content that site redirects to I had to remove the link. It's a too big risk people that shouldn't test ( minors ), still do.

But I understand your point. Extra so when one starts to check Whois records and are faced with " Not Disclosed! " on registrant information. Seems these people wants to cover their tracks, but if you search a bit you will find some connections to a company in Cyprus. I haven't searched more.
 

Moonhorse

Level 30
Verified
Content Creator
May 29, 2018
1,955
@Moonhorse , because of the adult content that site redirects to I had to remove the link. It's a too big risk people that shouldn't test ( minors ), still do.

But I understand your point. Extra so when one starts to check Whois records and are faced with " Not Disclosed! " on registrant information. Seems these people wants to cover their tracks, but if you search a bit you will find some connections to a company in Cyprus. I haven't searched more.
Sorry, it will redirect to bunch of sites, but thats why i posted a VT url so people wont go that far but i understand

Such companies do bill money from people but dont exist , they dont have office and the dating sites they have just wont work at all, its shady stuff and i just want to report such sites as they are spam on some forum/chanlikes i visit sometimes

With registering to VT i can find a lot but its just wasted time to go throught all sites, when we could just blacklist frontline page
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,444
Sorry, it will redirect to bunch of sites, but thats why i posted a VT url so people wont go that far but i understand

Such companies do bill money from people but dont exist , they dont have office and the dating sites they have just wont work at all, its shady stuff and i just want to report such sites as they are spam on some forum/chanlikes i visit sometimes

With registering to VT i can find a lot but its just wasted time to go throught all sites, when we could just blacklist frontline page
2 ways of report that I personal found from time to time effective, and that I highly recommend you test. But please be aware, that this can take time and is not always a fail safe method.
  • Submit the url/link to several major AV companies/vendors. Also include a bit extra information, like screenshots, AnyRun result etc. You want these vendors to notice the actual issue. More included information, is better then less. Make sure they can contact you back!
  • Report the url/domain to the main registrants abuse department. For example if the domain is registered at GoDaddy. " Registrar Abuse Contact information " at Whois.
 

Zartarra

Level 4
May 9, 2019
184
Hello

I tested the protection from some AV's against malware- and phishing links. There is a small error margin because some links where dead after a few days. I didn't had time to test all the products on the same day.


AVG​
Bitdefender​
Emsisoft​
F-Secure​
Eset​
G Data​
Kaspersky​
Sophos​
Malwarelinks (1100 links)​
81,09%​
92,82%​
43,36%​
86,45%​
89,09%​
89,55%​
73,55%​
84,73%​
Malwarelinks: downloaded samples detected (signatures and ML)​
40%​
68,75%​
89%​
68%​
11,11%​
50%​
56,52%​
1,43%​
Phising links 1 (1000 links)​
97,64%​
84,47%​
51,4%​
97,58%​
58,95%​
73,52%​
88,84%​
84,11%​
Phising links 2 (1500 links)​
98,07%​
95,6%​
93,53%​
92,67%​
99,2%​
46,62%​
94,6%​
94,73%​

If you count all the results the top 3 is: F-secure, Bitdefender and AVG.

If you count the link detection, the top 3 is: AVG , F-Secure and Bitdefender.

The best download detection rate top 3 is: Emsisoft, Bitdefender and F-secure.
 

Kuttz

Level 13
Verified
May 9, 2015
603
Phishing links 1 and Phishing links 2 ESET performance variance was quite high what could be the reason ? I was evaluating between BitDefender and ESET and found everything convincing except the inconsistency in ESET Phishing detection performance. Great nonetheless (y)
 
  • Like
Reactions: Moonhorse

Zartarra

Level 4
May 9, 2019
184
Phishing links 1 and Phishing links 2 ESET performance variance was quite high what could be the reason ? I was evaluating between BitDefender and ESET and found everything convincing except the inconsistency in ESET Phishing detection performance. Great nonetheless (y)
The first phishing links were links from January, link collection 2 from June. Don't know what the reason is but I have a simular result with Emsisoft and G Data.
 

Evjl's Rain

Level 46
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,584
I did a test today with 25 links from urlhaus

Google safebrowsing
- Enhanced: 23/25
- Standard: 22/25
- Bypass non-HTTPS message: 22/25
EDIT: forgot to count the true blocks = really detected as malwares

Avira Browser Safety: 19/25

Emsisoft: 21/25

Malwarebytes: 24/25
- Default: 24/25
- Malwares + PUPs + Scam only: 24/25
- Malwares + PUPs only: missed a lot

Microsoft Defender Browser Protection:
- Warns: 20/25
- Blocks: 18/25 (2 links were warned as unsafe but still downloaded)

Norton Safe Web: 14/25 (1 dead link, 10 files downloaded)

Bitdefender Traffilight: 1/25 !!! (re-tested several times, different methods)

Bonus:
Wisevector Web Protection: 17/25

p/s: I don't have MS Edge on my laptop. Please someone test and report if you have time
 
Last edited:

Andrew3000

Level 8
Verified
Malware Tester
Feb 8, 2016
368
I did a test today with 25 links from urlhaus

Google safebrowsing
- Enhanced: 23/25
- Standard: 22/25
- Bypass non-HTTPS message: 22/25

Avira Browser Safety: 19/25

Emsisoft: 21/25

Malwarebytes: 24/25
- Default: 24/25
- Malwares + PUPs + Scam only: 24/25
- Malwares + PUPs only: missed a lot

Microsoft Defender Browser Protection:
- Warns: 20/25
- Blocks: 18/25 (2 links were warned as unsafe but still downloaded)

Norton Safe Web: 14/25 (1 dead link, 10 files downloaded)

Bitdefender Traffilight: 1/25 !!! (re-tested several times, different methods)

Bonus:
Wisevector Web Protection: 17/25

p/s: I don't have MS Edge on my laptop. Please someone test and report if you have time
Fast test with Avast One, Kaspersky and Webroot (don't count dead links).
Avast One = 1 miss (mtz_ami_vyber.exe)
Webroot = 2 miss (mtz_ami_vyber.exe and 1005_2457398972604.doc)
Kaspersky = 1 miss (mtz_ami_vyber.exe)

Edit: Added Kaspersky.
Also tested again Avast. Now it takes all the links.
 
Last edited:

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,979
MS Edge blocked 19/25
The missed 6 (1, 13, 15, 18, 24 and 25) were intercepted by Ziggo Safe Online (F-Secure safe).
Ziggo Safe Online (F-Secure Safe) blocked 23/23 (2 dead links (17 and 21) when testing again with Edge SmartScreen disabled).
AdGuard phishing- en malware-protection blocked 0/25

Edit: added Ziggo Safe Online and AdGuard results.
 
Last edited:

Evjl's Rain

Level 46
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,584
maybe, I made a mistake that makes google safe browsing detected so many
I found links with my main browser with safebrowsing enabled. During that time, it might collect enough info and blocked the links
next time, I will turn off safebrowsing before finding links

something is deeply wrong with bitdefender today. Re-tested, it only detected 4 links
 

Kees1958

Level 2
Verified
Sep 5, 2021
63
QUAD9 and Next DNS also did very poorly. Probably because the IP-addresses don't need to be resolved.

'Trend Micro in the router' did very well (by the time I tested, 8 links were dead) Trend-Micro only missed two.
One was caught by Next DNS and the other one was intercepted by Microsoft Defender (the doc download).


PS. I also had to disable one site permission in Edge Chromium otherwise 23 links would NOT have started the download.
1633615056506.png
 
Last edited:

Evjl's Rain

Level 46
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,584
QUAD9 and Next DNS also did very poorly. Probably because the IP-addresses don't need to be resolved.

'Trend Micro in the router' did very well (by the time I tested, 8 links were dead) Trend-Micro only missed two.
One was caught by Next DNS and the other one was intercepted by Microsoft Defender (the doc download).


PS. I also had to disable one site permission in Edge Chromium otherwise 23 links would NOT have started the download.
View attachment 261077
true. Most malwares are delivered via http, not https. Blocking http will prevent most malwares
google chrome also warns about this and prevents http downloads to start. Links must be accepted manually and most people won't accept or they don't know how to accept
 
Top