Q&A [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

silversurfer

Level 83
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,275
@Evjl's Rain what are your browsers, probably Chrome/Chromium ?

NOTE: I just tried randomly one link (below) this time it was blocked by Bitdefender TrafficLight, but on Firefox only!

Code:
hxxp://squadlegion.crabdance.com/e.exe

Blocked on Firefox only, BUT really missed on Edge, so may be it's a bug of BD TrafficLight only related to chromium-based browsers :unsure:

bd.png
 

SeriousHoax

Level 41
Verified
Top poster
Well-known
Mar 16, 2019
3,090
tested BDTL with my main browser
same result, nothing was blocked -> tried again with firefox
BD Trafficlight is working and blocking everything on my Firefox and Edge. Something is definitely wrong on your end :unsure:
Edit: Only the discord related pctools file is not blocked on Edge by BDTL but everything else is and even pctools is blocked by BDTL on Firefox.
 

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
Seems the issue is with BDTL and chrome. FF and Edge seems to be ok.

UBlock Origin also seems to detect several of the malware samples. If you have some time please test it. Has i dont have a VM installed. 😅
could you tell which filters to test with ublock? I can't find many good blocklist to test because they are not up-to-date and did poorly in my previous tests
I found these links from urlhaus = "Online Malicious URL Blocklist" in ublock => all or almost all should be blocked -> cheating :D
 

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
557
could you tell which filters to test with ublock? I can't find many good blocklist to test because they are not up-to-date and did poorly in my previous tests
I found these links from urlhaus = "Online Malicious URL Blocklist" in ublock => all or almost all should be blocked -> cheating :D
I am using that :LOL:
ublock.jpg
 

Gandalf_The_Grey

Level 59
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,834
I don't know what happened to my trafficlight
I copied some links to virustotal and the results ftom BD were all safe. When a file was downloaded, BDTL icon was still green but I clicked on it, it said a threat was detected
I don't know how to describe it


maybe, we should disqualify the unsafe messages because links were downloaded from http. Only the true blocks should be counted
if the links are https, I don't think we could see the unsafe message and the files will be download thoroughly
Changed the Edge verdict to 19/20.
Tested F-Secure Safe: 20/20
Edge: 19 pages blocked, 1 one warning of a potentially unsafe file (nr. 6)==> 19/20
F-Secure Safe
(Ziggo Safe Online): 19 pages blocked and 1 downloaded file put in quarantine (nr. 9) ==> 20/20
That page (nr. 9) was blocked by HomeCare by Trend Micro on my router after turning that off and tried again the file was quarantined by F-Secure.
 

rain2reign

Level 6
Verified
Well-known
Jun 21, 2020
294
could you tell which filters to test with ublock? I can't find many good blocklist to test because they are not up-to-date and did poorly in my previous tests
I found these links from urlhaus = "Online Malicious URL Blocklist" in ublock => all or almost all should be blocked -> cheating :D
You could also take a look at StevenBlack/hosts and Phishing Army. The former being a collection of several reputable lists including 2/3 multi-purpose lists that comes with uBlock Origin and one of URLHaus' simplified lists. Curious how they would hold up in comparison, actually. :p
 

Jan Willy

Level 7
Verified
Well-known
Jul 5, 2019
338
You could also take a look at StevenBlack/hosts and Phishing Army. The former being a collection of several reputable lists including 2/3 multi-purpose lists that comes with uBlock Origin and one of URLHaus' simplified lists. Curious how they would hold up in comparison, actually. :p
Will malware-blocking by an adblocker (list) not be suboptimal? See message # 1491 from Kees1958.
 
  • Like
Reactions: Gandalf_The_Grey

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
You could also take a look at StevenBlack/hosts and Phishing Army. The former being a collection of several reputable lists including 2/3 multi-purpose lists that comes with uBlock Origin and one of URLHaus' simplified lists. Curious how they would hold up in comparison, actually. :p
actually, I don't really like using adblock list to block malware links because it takes minutes-hours (periodically) for ublock/adguard to update the filters
during that time, the filters are not up-to-date -> miss
for the test, I always update all filters -> unrealistic. However, the results are usually disappointing
I only use ublock/adguard for blocking ads, without malwares, to reduce the load of CPU
let the extensions do the job because they are always up-to-date and they don't use as much CPU as using adblock lists

I reduced my ublock filters from ~300k to ~170k and did notice a slight improvement in browsing speed
 

rain2reign

Level 6
Verified
Well-known
Jun 21, 2020
294
actually, I don't really like using adblock list to block malware links because it takes minutes-hours (periodically) for ublock/adguard to update the filters
during that time, the filters are not up-to-date -> miss
for the test, I always update all filters -> unrealistic. However, the results are usually disappointing
I only use ublock/adguard for blocking ads, without malwares, to reduce the load of CPU
let the extensions do the job because they are always up-to-date and they don't use as much CPU as using adblock lists

I reduced my ublock filters from ~300k to ~170k and did notice a slight improvement in browsing speed
If you use nextdns they are both already included and enabled. One as part of the threat intelligence feed feature and the other as part if the nextdns recommended list.

I use them on dns (local) router level as host files myself, with quad9. But that may going offtopic here. :)
 

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
If you use nextdns they are both already included and enabled. One as part of the threat intelligence feed feature and the other as part if the nextdns recommended list.

I use them on dns (local) router level as host files myself, with quad9. But that may going offtopic here. :)
in my country, those DNS-es will slowdown significantly my internet speed because their servers are very far from my ISP :(
the best is to use the ones located in my country
 
Last edited:

Jan Willy

Level 7
Verified
Well-known
Jul 5, 2019
338
in my country, those DNS-es will slowdown significantly my internet speed because their servers are very far from my ISP :(
the best is to use the ones located in my country
That shouldn't be a problem for your security. It's knocking on an open door, but most (perhaps only) important thing is your AV. Let your security not depend on a DNS-provider or - what you already stated in message # 1513 - an adblocker.
 

Moonhorse

Level 32
Verified
Top poster
Content Creator
Well-known
May 29, 2018
2,155
Netcraft versions currently on stores:

Opera: version 1.16.6 Last update Dec. 8, 2020
Firefox & google webstore: 1.16.7 Last update 18 Jul 2021
Edge: 1.16.8 Last update 11.10.2021

First time i see they mention coronavirus on their site:

''The Netcraft Extension is a tool allowing easy lookup of information relating to the sites you visit and providing protection from phishing and malicious JavaScript, including Coronavirus-related cybercrime.''
 

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
Chromium/Chrome is known to be toxic for organisms. Chromium/Chrome can alter genetic material. Maybe Chromium/Chrome has affected the legendary Dacian Dragon-Wolf of Bitdefender to?
or is it just a bug from BD?
malwarebytes extension used to have the exact same bug in the past and they fixed it
 

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
557